#terraform-aws-modules (2019-08)

i’m using v0.6.1. of the ecr module and get the following error aws_ecr_repository_policy.default: InvalidParameterException: Invalid parameter at 'PolicyText' failed to satisfy constraint: 'Invalid repository policy provided' i did some searching and it looks like there was a condition where the IAM policy state wasn’t consistent but I thought that was fixed in the terraform aws provider.

@mmarseglia cloudposse module or https://github.com/terraform-aws-modules/ module?

@Erik Osterman (Cloud Posse) cloudposse module. trying https://github.com/cloudposse/terraform-aws-ecr.git?ref=0.6.1 with a basic configuration

module "ecr" {
  source = "git::<https://github.com/cloudposse/terraform-aws-ecr.git?ref=0.6.1>"

  name                   = "${var.app_name}"
  namespace              = "${var.app_name}"
  stage                  = "prod"
}

but it keeps coming up with that policy error. i thought the policy was optional from the module description?

@mmarseglia let’s move to #terraform

sure!

set the channel topic: https://github.com/terraform-aws-modules/ (not cloudposse modules)

Hello! I want to share with you resource:for_each and dynamicfor_each construction for terraform 12.6 and AWS S3. Hope this helps you work with large arrays of resources. https://github.com/devops-best-practices/terraform-best-practice/blob/master/s3.tf

Hey people, looking for terraform template on vpc peering ( syntax 0.12) any help plz

Does anyone else find it strange that https://registry.terraform.io/ rarely work without having to debug intermediate files? I never have them work the first time and sometimes find examples that could have never run at all.

(AWS and GCP, that is. I have not worked with the other platforms.)

Kudos to this guy for at least thinking about testing: https://github.com/npalm/terraform-aws-gitlab-runner/issues/81

@antonbabenko’s stuff is a notable exception also. Why can’t more people be like him?

@Blaise Pabon we at CloudPosse are trying to be like him as well

for each module we convert to TF 0.12, we are adding tests with bats and terratests

and we actually deploy it to the test AWS account on each PR using Codefresh pipelines

https://github.com/cloudposse/terraform-aws-cloudtrail-s3-bucket/releases/tag/0.4.0

https://github.com/cloudposse/terraform-aws-cloudtrail-s3-bucket/blob/master/codefresh/test.yml

Yes, I wasn’t trying to fault the community as much as expect that Hashi could do something to have a quality gate of some sort.

https://github.com/cloudposse/terraform-aws-cloudtrail-s3-bucket/tree/master/examples/complete

and I know from talking to @Erik Osterman (Cloud Posse) that you guys try to use bats and terratest where possible.

in all modules

https://github.com/cloudposse/terraform-aws-rds-cluster/blob/master/codefresh/test.yml

deploying the examples to real account https://github.com/cloudposse/terraform-aws-rds-cluster/tree/master/examples/complete

https://github.com/cloudposse/terraform-aws-rds-cluster/tree/master/test

OK. well, I think we can all agree that the Cloud Posse is Awesome … I was just wondering why does Hashicorp registry code quality control suck so badly? when they have sooo much money and they own most of the stack. It’s not like they are hosting legacy NetBSD drivers….

The hashicorp registry is a free for all. Anyone can publish modules there working or not. =/

However, the registry has been awesome at bringing awareness to modules!

we attribute a lot of our growth to this.

I have an existing aws ecs cluster (made by hand) and would like to update it by using terraform. Is there any documentation for updating existing aws services (alb, ecr, ecs)?

There’s an import option, but I think that also depends on the resource https://www.terraform.io/docs/import/ .

The variable “lambda_settings” is required, so Terraform cannot proceed without a defined value for it.

[10:50 PM] anyone came across this issues

hi, i want to create an aws_iam_role and aws_iam_policy resources and link them with an aws_iam_role_policy_attachment, which module would be best suited for this? does terraform-aws-iam-role do the job, looks like the policies are defined as json docs using data, does this create the aws_iam_policy? or does it achieve the same result?

sorry, just looked at [main.tf](http://main.tf) yes

Using the terraform-aws-named-subnets (tag 0.3.4) module, I get errors with Terraform 0.12. Anyone know off the top if this is a bug or if it’s a 0.12 incompatibility? I’m creating private subnets for resources that don’t need a public subnet or NAT’ing.

Error: Missing resource instance key

  on .terraform/modules/data_private_subnets_us_west-2b.public_label/outputs.tf line 29, in output "tags":
  29:         "Stage", "${null_resource.default.triggers.stage}"

Because null_resource.default has "count" set, its attributes must be accessed
on specific instances.

For example, to correlate with indices of a referring resource, use:
    null_resource.default[count.index]

the module is not converted to 0.12 yet, but 0.12 is very complaining about accessing resources with count as a single value

try this

Thanks Aknysh. I’ll fork it and play around, see if I can resolve it and open a PR. Completely new to Terraform so the interpolation mechanics + 0.11/0.12 changes are pretty much Greek to me

Ah, realized the issue was the source for terraform-null-label needed to be updated. I’m not sure if CP is planning to maintain backwards compatibility with 0.11 but I upgraded the module to 0.12 and opened a PR. If backwards compatibility is needed, feel free to point out (or to a reference upgrade) how that might be accomplished and I’d be happy to revise the PR. I am implementing a green field project so I’m starting with 0.12.

https://github.com/cloudposse/terraform-aws-named-subnets/pull/15

Did anyone Come across NPM memory Issues ?

@Robert has joined the channel