#terraform-aws-modules (2019-04)

terraform Terraform Modules

Discussions related to https://github.com/terraform-aws-modules Archive: https://archive.sweetops.com/terraform-aws-modules/

2019-04-24

Roger Gomez avatar
Roger Gomez

Hi, is there any option on terraform-aws-cloudtrail to configure a trail for an organization?

Roger Gomez avatar
Roger Gomez

For all member accounts of that organization, the option is_organization_trail on the aws_cloudtrail

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

@Roger Gomez https://github.com/cloudposse/terraform-aws-cloudtrail was created before AWS added CloudTrail for organizations

cloudposse/terraform-aws-cloudtrail

Terraform module to provision an AWS CloudTrail and an encrypted S3 bucket with versioning to store CloudTrail logs - cloudposse/terraform-aws-cloudtrail

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

you can open a PR to add is_organization_trail

Roger Gomez avatar
Roger Gomez

ok, I will do that, thanks, working on it now

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

let’s move to #terraform , this channel is for https://github.com/terraform-aws-modules/

Terraform AWS modules

Collection of Terraform AWS modules supported by the community - Terraform AWS modules

2019-04-10

cabrinha avatar
cabrinha

BUT

cabrinha avatar
cabrinha

I still would like complete control over the DNS name that gets created. Why not offer that to users of the module and if nothing is set, it’ll use the defaults currently in place?

cabrinha avatar
cabrinha

I feel like there should just be simple way to override the naming of these things.

cabrinha avatar
cabrinha

From looking at the code, it’s kind of hard to tell how the DNS CNAME is going to come out the other end.

cabrinha avatar
cabrinha

@Erik Osterman (Cloud Posse) @Andriy Knysh (Cloud Posse) what do you think? https://github.com/cloudposse/terraform-aws-efs/pull/25

add dns_name variable to allow control of CNAME by cabrinha · Pull Request #25 · cloudposse/terraform-aws-efs

The creation of the EFS volume's CNAME is currently out of user's control. This change proposes the option to allow users to set their own DNS name for the volume. If no name is set, fallba…

cabrinha avatar
cabrinha

If you guys want me to update the docs and stuff like that just lmk if we can move this forward.

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

@cabrinha thanks, reviewed the PR

cabrinha avatar
cabrinha

Updated

1
cabrinha avatar
cabrinha

SO nice to be able to get an option added to this module within the cours of a couple hours!

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

next time, let’s do it in #terraform

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)
Terraform AWS modules

Collection of Terraform AWS modules supported by the community - Terraform AWS modules

cabrinha avatar
cabrinha

will do

2019-04-09

cabrinha avatar
cabrinha

I feel like we should be able to override certain tags/names

cabrinha avatar
cabrinha

like namespace – this means nothing to me or my org

cabrinha avatar
cabrinha

but it turns out the name of the DNS record created is affected by this and I have no control over that DNS name

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

in the end, the cloudposse modules are designed to be internally consistent

:100:1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

due to limitations of the HCL language, we cannot easily accommodate the differences in naming conventions

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

(for example, environment vs stage)

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

this is quite opinionated, but is the only way we’ve been able to manage writing 140+ terraform modules that work relatively well together

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

why not use the established convention namespace-stage-name? what’s wrong with using `namespace? It could be your org name or abbreviation, or just something else specific to your use-case

cabrinha avatar
cabrinha

i feel like it could be easy to override the tags or leave them out

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

(nothing is easy when the change means percolating it out to 140 repositories = 140+ pull requests)

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

so the main reason of doing that is to have consistent and globally unique names for ALL AWS resources

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

especially for global resources like S3 buckets

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

where you can easily have naming conflicts

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

so by using everything consistently, we usually eliminate the possibilities of conflicts (on global resources as well)

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

when you automate everything, naming global AWS resources is difficult

cabrinha avatar
cabrinha

cabrinha avatar
cabrinha

thats fine and makes sense

cabrinha avatar
cabrinha

i guess i can still add my own additional tags

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

so why not use the same patterns to name ALL resources? it’s easy to automate w/o thinking about it

cabrinha avatar
cabrinha

i just dont like that this EFS module created a DNS record prefixed with eg-

cabrinha avatar
cabrinha

eg-$my_env-$my_name-efs.$my_domain

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

so that’s a great name however, a CNAME to your service discovery domain would be even nicer

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

the e.g. is for “Example given”

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

we default to that ugly prefix so users change it

cabrinha avatar
cabrinha

i’d love to have service discovery here, we’re working on that

cabrinha avatar
cabrinha

yeah so … changing it…

cabrinha avatar
cabrinha

why can i change but not omit?

cabrinha avatar
cabrinha

i just want $my_env-$my_name-efs.$my_domain as the cname

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

I think in current versions of terraform-null-label we don’t enforce the namespace, however, it’s not been percolated out

cabrinha avatar
cabrinha

perhaps i could open a PR

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

that said, from a consistency perspective, i don’t like it since it leads to inconsistency and while that works in smaller infrastructures it falls apart at scale.

cabrinha avatar
cabrinha

a naming convention is a naming convention … as long as it’s consistent, it can be xyz-efs.$my_domain – users should be able to create their own conventions

cabrinha avatar
cabrinha
cloudposse/terraform-null-label

Terraform Module to define a consistent naming convention by (namespace, stage, name, [attributes]) - cloudposse/terraform-null-label

cabrinha avatar
cabrinha

not sure if this is where i’m supposed to be looking

cabrinha avatar
cabrinha
Update terraform-null-label module to latest by cabrinha · Pull Request #24 · cloudposse/terraform-aws-efs

I’d like to update the terraform-null-label version in order to be able to omit the “namespace” parameter.

cabrinha avatar
cabrinha

I’m not sure I’m understanding how all these modules are chained together, but I think it’s understood what I’m trying to do.

cabrinha avatar
cabrinha

actually, by setting namespace to an empty string, it works!

2019-04-08

cabrinha avatar
cabrinha

anyone ever use this module? https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/v2.16.0

in the readme example, they’re passing in a VPC ID as a CIDR block for a security group rule

module "db_computed_merged_sg" {
  # omitted for brevity

  computed_ingress_cidr_blocks = ["10.10.0.0/16", "${data.aws_security_group.default.id}", "${module.vpc.vpc_id}"]
  number_of_computed_ingress_cidr_blocks = 3
}

but I’m having some issue doing the same

terraform-aws-modules/terraform-aws-security-group

Terraform module which creates EC2-VPC security groups on AWS - terraform-aws-modules/terraform-aws-security-group

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

@cabrinha just briefly looking at the code above (I did not use the module), looks like both "${data.aws_security_group.default.id}", "${module.vpc.vpc_id}" do not return CIDR blocks - they return IDs

cabrinha avatar
cabrinha

exactly, so im wondering if its supposed to be possible to pass in a VPC ID into the module

cabrinha avatar
cabrinha

maybe i should just open an issue asking that question

Noah Kernis avatar
Noah Kernis

Hi all, I have a question about this module (let me know if I am asking in the wrong channel!) https://github.com/cloudposse/terraform-aws-ecs-web-app?ref=tags/0.5.0 . Is there a way to create a task definition with multiple images defined? It seems possible via this module - https://github.com/cloudposse/terraform-aws-ecs-container-definition/blob/master/examples/multiple_definitions/main.tf - but this is being used by the terraform-aws-ecs-web-app and I believe I can’t pass directly to it. Thank you for any and all help?

cloudposse/terraform-aws-ecs-web-app

Terraform module that implements a web app on ECS and supports autoscaling, CI/CD, monitoring, ALB integration, and much more. - cloudposse/terraform-aws-ecs-web-app

cloudposse/terraform-aws-ecs-container-definition

Terraform module to generate well-formed JSON documents (container definitions) that are passed to the aws_ecs_task_definition Terraform resource - cloudposse/terraform-aws-ecs-container-definition

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

hi @Noah Kernis let’s move to #terraform

Noah Kernis avatar
Noah Kernis

@Andriy Knysh (Cloud Posse) moving there

2019-04-07

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Hey @Edd this channel is for https://github.com/terraform-aws-modules/

Terraform AWS modules

Collection of Terraform AWS modules supported by the community - Terraform AWS modules

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

maybe try #terraform

2019-04-04

Edd avatar

Hey folks, I’m trying to use this module - https://registry.terraform.io/modules/cloudposse/cloudfront-s3-cdn/aws/0.7.0 - and am encountering a CORS error when Terraform is setting up the S3 bucket

Edd avatar
* module.cloudfront-s3-cdn.aws_s3_bucket.origin: 1 error(s) occurred:

* aws_s3_bucket.origin: Error putting S3 CORS: MalformedXML: The XML you provided was not well-formed or did not validate against our published schema
        status code: 400, request id: B49313C1B360E967, host id: 9CNDQqYA3/F0FAXlsFPIYVhAAJZoYiYQrBo/sZ1K8ZohYGgSNNJVYL3FOCDUB0fCs+wq4JftevE=

2019-04-03

imiltchman avatar
imiltchman

@antonbabenko Is there a way to add custom providers to terraform-aws-atlantis without making a new atlantis image?

antonbabenko avatar
antonbabenko

Do you mean terraform providers which you can use in your terraform configs?

imiltchman avatar
imiltchman

Yes

antonbabenko avatar
antonbabenko

You can call custom command/script (https://www.runatlantis.io/docs/custom-workflows.html#custom-init-plan-apply-commands) which will download providers before running terraform plan

Custom Workflows | Atlantis

Atlantis: Terraform Pull Request Automation

antonbabenko avatar
antonbabenko

but I think embedding them into an image is good option if you are not going to change them very often.

imiltchman avatar
imiltchman

I thought of that, but concluded it’s too hacky.. haha

antonbabenko avatar
antonbabenko

agree

imiltchman avatar
imiltchman

Thank you

:--1:1

2019-04-02

antonbabenko avatar
antonbabenko

Open an issue in that repo and maybe someone will be able to help with EKS module.

1
Pablo Costa avatar
Pablo Costa

Try to update the aws provider: “terraform init -upgrade” because endpoint private access is a recent feature

:--1:2

2019-04-01

Mike Nock avatar
Mike Nock

Morning all. Sorry if this is the wrong channel but: Would anyone happen to know if this module can be used to dynamically create 255 /24 subnets? https://github.com/cloudposse/terraform-aws-dynamic-subnets/

cloudposse/terraform-aws-dynamic-subnets

Terraform module for public and private subnets provisioning in existing VPC - cloudposse/terraform-aws-dynamic-subnets

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

better to use #terraform since this channel is for https://github.com/terraform-aws-modules/

Terraform AWS modules

Collection of Terraform AWS modules supported by the community - Terraform AWS modules

Mike Nock avatar
Mike Nock

Ah, gotcha. Thanks Erik!

Vidhi Virmani avatar
Vidhi Virmani

Hello terraformers, I am using this eks module https://github.com/terraform-aws-modules/terraform-aws-vpc and recieving this error

Error: module.eks_cluster.aws_eks_cluster.this: vpc_config.0: invalid or unknown key: endpoint_private_access
terraform-aws-modules/terraform-aws-vpc

Terraform module which creates VPC resources on AWS - terraform-aws-modules/terraform-aws-vpc

Vidhi Virmani avatar
Vidhi Virmani

Can anyone help?

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

@Vidhi Virmani i think you are using https://github.com/terraform-aws-modules/terraform-aws-eks, ping @antonbabenko for help with the module

terraform-aws-modules/terraform-aws-eks

A Terraform module to create an Elastic Kubernetes (EKS) cluster and associated worker instances on AWS. - terraform-aws-modules/terraform-aws-eks

Vidhi Virmani avatar
Vidhi Virmani

Thanks @Andriy Knysh (Cloud Posse). I have messaged him.

    keyboard_arrow_up