#terraform-aws-modules (2019-08)

terraform Terraform Modules

Discussions related to https://github.com/terraform-aws-modules

Archive: https://archive.sweetops.com/terraform-aws-modules/

2019-08-01

2019-08-02

mmarseglia avatar
mmarseglia

i’m using v0.6.1. of the ecr module and get the following error aws_ecr_repository_policy.default: InvalidParameterException: Invalid parameter at 'PolicyText' failed to satisfy constraint: 'Invalid repository policy provided' i did some searching and it looks like there was a condition where the IAM policy state wasn’t consistent but I thought that was fixed in the terraform aws provider.

2019-08-05

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@mmarseglia cloudposse module or https://github.com/terraform-aws-modules/ module?

Terraform AWS modules

Collection of Terraform AWS modules supported by the community - Terraform AWS modules

2019-08-06

mmarseglia avatar
mmarseglia

@Erik Osterman (Cloud Posse) cloudposse module. trying https://github.com/cloudposse/terraform-aws-ecr.git?ref=0.6.1 with a basic configuration

module "ecr" {
  source = "git::<https://github.com/cloudposse/terraform-aws-ecr.git?ref=0.6.1>"

  name                   = "${var.app_name}"
  namespace              = "${var.app_name}"
  stage                  = "prod"
}

but it keeps coming up with that policy error. i thought the policy was optional from the module description?

cloudposse/terraform-aws-ecr

Terraform Module to manage Docker Container Registries on AWS ECR - cloudposse/terraform-aws-ecr

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

@mmarseglia let’s move to #terraform

mmarseglia avatar
mmarseglia

sure!

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
01:23:30 AM

set the channel topic: terraform https://github.com/terraform-aws-modules/ (not cloudposse modules)

2019-08-12

Vitaliy Lobachev avatar
Vitaliy Lobachev

Hello! I want to share with you resource:for_each and dynamicfor_each construction for terraform 12.6 and AWS S3. Hope this helps you work with large arrays of resources. https://github.com/devops-best-practices/terraform-best-practice/blob/master/s3.tf

devops-best-practices/terraform-best-practice

Contribute to devops-best-practices/terraform-best-practice development by creating an account on GitHub.

Sharanya avatar
Sharanya

Hey people, looking for terraform template on vpc peering ( syntax 0.12) any help plz

2019-08-13

Blaise Pabon avatar
Blaise Pabon

Does anyone else find it strange that https://registry.terraform.io/ rarely work without having to debug intermediate files? I never have them work the first time and sometimes find examples that could have never run at all.

Blaise Pabon avatar
Blaise Pabon

(AWS and GCP, that is. I have not worked with the other platforms.)

Blaise Pabon avatar
Blaise Pabon

Kudos to this guy for at least thinking about testing: https://github.com/npalm/terraform-aws-gitlab-runner/issues/81

Creating tests to verify deployment · Issue #81 · npalm/terraform-aws-gitlab-runner

Create a test set for example with Terraform Kitchen sink / terratest to verify a deployment

Blaise Pabon avatar
Blaise Pabon

@antonbabenko’s stuff is a notable exception also. Why can’t more people be like him?

wave1
Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

@Blaise Pabon we at CloudPosse are trying to be like him as well

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

for each module we convert to TF 0.12, we are adding tests with bats and terratests

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

and we actually deploy it to the test AWS account on each PR using Codefresh pipelines

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)
cloudposse/terraform-aws-cloudtrail-s3-bucket

S3 bucket with built in IAM policy to allow CloudTrail logs - cloudposse/terraform-aws-cloudtrail-s3-bucket

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)
cloudposse/terraform-aws-cloudtrail-s3-bucket

S3 bucket with built in IAM policy to allow CloudTrail logs - cloudposse/terraform-aws-cloudtrail-s3-bucket

Blaise Pabon avatar
Blaise Pabon

Yes, I wasn’t trying to fault the community as much as expect that Hashi could do something to have a quality gate of some sort.

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)
cloudposse/terraform-aws-cloudtrail-s3-bucket

S3 bucket with built in IAM policy to allow CloudTrail logs - cloudposse/terraform-aws-cloudtrail-s3-bucket

Blaise Pabon avatar
Blaise Pabon

and I know from talking to @Erik Osterman (Cloud Posse) that you guys try to use bats and terratest where possible.

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

in all modules

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)
cloudposse/terraform-aws-rds-cluster

Terraform module to provision an RDS Aurora cluster for MySQL or Postgres - cloudposse/terraform-aws-rds-cluster

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)
cloudposse/terraform-aws-rds-cluster

Terraform module to provision an RDS Aurora cluster for MySQL or Postgres - cloudposse/terraform-aws-rds-cluster

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)
cloudposse/terraform-aws-rds-cluster

Terraform module to provision an RDS Aurora cluster for MySQL or Postgres - cloudposse/terraform-aws-rds-cluster

Blaise Pabon avatar
Blaise Pabon

OK. well, I think we can all agree that the Cloud Posse is Awesome … I was just wondering why does Hashicorp registry code quality control suck so badly? when they have sooo much money and they own most of the stack. It’s not like they are hosting legacy NetBSD drivers….

2019-08-14

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

The hashicorp registry is a free for all. Anyone can publish modules there working or not. =/

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

However, the registry has been awesome at bringing awareness to modules!

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

we attribute a lot of our growth to this.

2019-08-15

igeorgopoulos avatar
igeorgopoulos

I have an existing aws ecs cluster (made by hand) and would like to update it by using terraform. Is there any documentation for updating existing aws services (alb, ecr, ecs)?

2019-08-16

github140 avatar
github140

There’s an import option, but I think that also depends on the resource https://www.terraform.io/docs/import/ .

Import - Terraform by HashiCorp

Terraform is able to import existing infrastructure. This allows you take resources you’ve created by some other means and bring it under Terraform management.

2019-08-23

Sharanya avatar
Sharanya

The variable “lambda_settings” is required, so Terraform cannot proceed without a defined value for it.

[10:50 PM] anyone came across this issues

2019-08-27

Bertie avatar

hi, i want to create an aws_iam_role and aws_iam_policy resources and link them with an aws_iam_role_policy_attachment, which module would be best suited for this? does terraform-aws-iam-role do the job, looks like the policies are defined as json docs using data, does this create the aws_iam_policy? or does it achieve the same result?

Bertie avatar

sorry, just looked at [main.tf](http://main.tf) yes

Ryan avatar

Using the terraform-aws-named-subnets (tag 0.3.4) module, I get errors with Terraform 0.12. Anyone know off the top if this is a bug or if it’s a 0.12 incompatibility? I’m creating private subnets for resources that don’t need a public subnet or NAT’ing.

Error: Missing resource instance key

  on .terraform/modules/data_private_subnets_us_west-2b.public_label/outputs.tf line 29, in output "tags":
  29:         "Stage", "${null_resource.default.triggers.stage}"

Because null_resource.default has "count" set, its attributes must be accessed
on specific instances.

For example, to correlate with indices of a referring resource, use:
    null_resource.default[count.index]
Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

the module is not converted to 0.12 yet, but 0.12 is very complaining about accessing resources with count as a single value

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

try this

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)
"Stage", "${join("", null_resource.default.triggers.*.stage)}"
Ryan avatar

Thanks Aknysh. I’ll fork it and play around, see if I can resolve it and open a PR. Completely new to Terraform so the interpolation mechanics + 0.11/0.12 changes are pretty much Greek to me

2019-08-28

Ryan avatar

Ah, realized the issue was the source for terraform-null-label needed to be updated. I’m not sure if CP is planning to maintain backwards compatibility with 0.11 but I upgraded the module to 0.12 and opened a PR. If backwards compatibility is needed, feel free to point out (or to a reference upgrade) how that might be accomplished and I’d be happy to revise the PR. I am implementing a green field project so I’m starting with 0.12.

https://github.com/cloudposse/terraform-aws-named-subnets/pull/15

Sharanya avatar
Sharanya

Did anyone Come across NPM memory Issues ?

2019-08-29

Robert avatar
Robert
07:19:31 PM

@Robert has joined the channel

    keyboard_arrow_up