#terraform-aws-modules (2019-09)
Terraform Modules
Discussions related to https://github.com/terraform-aws-modules
Archive: https://archive.sweetops.com/terraform-aws-modules/
2019-09-04
Does this s3 bucket module support CORS rules? https://github.com/cloudposse/terraform-aws-s3-bucket/tree/0.3.1
Terraform module that creates an S3 bucket with an optional IAM user for external CI/CD systems - cloudposse/terraform-aws-s3-bucket
Provides a S3 bucket resource.
I see there is a value for “var.policy” but I’m not sure if I can pass cors rules in there
It does not:
Provides a S3 bucket resource.
Terraform module that creates an S3 bucket with an optional IAM user for external CI/CD systems - cloudposse/terraform-aws-s3-bucket
But I am sure that you could put in a PR to make it so that it does.
@cabrinha
You might have to do some count
magic though with two bucket resources in the module since that is a resource block and not a map.
@cabrinha you might prefer our s3 website module if you want to work with websites
The bucket module we have now is more for private buckets
Ah thanks
2019-09-06
Hi guys! Since we are #terraform-aws-modules channel Shameless plug, https://github.com/terraform-aws-modules/terraform-aws-s3-bucket - this module supports ALL (all I can imagine at least) features provided by Terraform AWS provider. See complete example code - https://github.com/terraform-aws-modules/terraform-aws-s3-bucket/blob/master/examples/complete/main.tf
Terraform module which creates S3 bucket resources on AWS - terraform-aws-modules/terraform-aws-s3-bucket
@antonbabenko Excellent module. Is there any way/workaround to have the storage class be non standard by default and/or have a shorter than 30 day transition period?
Yes, I believe so if it is supported by the AWS provider
I need to look into it, but last I checked, I didn’t think that was possible
I think I saw something like 30 days minimum, so you are probably right. It is a limit of AWS, not Terraform.
Does anyone know if the terraform-aws-rds
module supports serverless mode for postgresql?
@rohit what module/repo?
Terraform module which creates RDS Aurora resources on AWS - terraform-aws-modules/terraform-aws-rds-aurora
it should support it I guess since those are just settings
take a look for example at a similar CloudPosse module which was deployed for serverless https://github.com/cloudposse/terraform-root-modules/blob/master/aws/grafana-backing-services/aurora-mysql.tf#L139
Example Terraform service catalog of “root module” blueprints for provisioning reference architectures - cloudposse/terraform-root-modules
@Andriy Knysh (Cloud Posse) thanks
@antonbabenko terraform-aws-rds-aurora
module still requires database instance type when using serverless mode. Am i missing anything ?
I do not see instance type option in RDS console when serverless
mode is selected
@Andriy Knysh (Cloud Posse) any ideas on my above question ?
for serverless
you don’t specify instance type (that’s why it’s serverless
). You specify Capacity settings
correct, but when using the terraform-aws-rds
it does ask for instance type
so i am wondering if it is a bug
instance_class
has to be specified, but it is more like a bug in the module, because it was created before serveless became a thing
PR is welcome
@antonbabenko thanks. I will submit a PR shortly
would the team accept PRs enabling some of these modules workable in AWS govcloud?
specifically around hardcoded arn formats
@Shannon Dunn I think it was your open issue for the EMR module on GitHub
Yes, PRs are welcome
2019-09-07
2019-09-08
2019-09-09
2019-09-12
Hi, https://github.com/cloudposse/terraform-aws-kops-chart-repo/blob/master/main.tf#L24 - is this possible to override this so that this bucket won’t have versioning?
Terraform module to provision an S3 bucket for Helm chart repository, and an IAM role and policy with permissions for Kops nodes to access the bucket - cloudposse/terraform-aws-kops-chart-repo
2019-09-13
@Khun Open a PR
Why would you not want versioning on a thing?
so it’s not possible at the current state
2019-09-14
Anyone know why I’m getting this error trying to add my ASG instances to an ALB target group:
Please ensure all provided Target Groups have target type of instance
Not sure if it’s how I have my ASG configured or what… the terraform-aws-alb
module hard codes the target group type to ip
, but the aws_autoscaling_group
resource doesn’t specify anything about target group type. Assuming I’m doing something wrong because this seems like the modules for ALB/ASG would never interoperate correctly.
Changing target_type
to instance
resolves this error in 0.12
2019-09-16
2019-09-18
Hi all
I’m quite new to terraform for aws
I’m currently trying to clean our existing AWS ressources, and I want to use the terraform-aws-iam-s3-user
I’m trying to add a single iam user, and his access to a bucket, for staging and production env
The problem is that the “aws_iam_user_policy.default[0]” created by the staging user will be replaced by the prod user
What am I doing wrong
?
Terraform will perform the following actions:
# aws_iam_user_policy.default[0] must be replaced
-/+ resource "aws_iam_user_policy" "default" {
~ id = "redacted-staging-bunny-audio:redacted-staging-bunny-audio" -> (known after apply)
~ name = "redacted-staging-bunny-audio" -> "redacted-production-bunny-audio" # forces replacement
I’ve created a tfvars file for each user
Could you share your tf files?
I warn you
It’s a mess
I have this in the main.tf
module "s3_user" {
source = "git::<https://github.com/cloudposse/terraform-aws-iam-system-user.git?ref=tags/0.6.0>"
namespace = var.namespace
stage = var.stage
name = var.name
attributes = var.attributes
tags = var.tags
enabled = var.enabled
force_destroy = var.force_destroy
path = var.path
}
data "aws_iam_policy_document" "default" {
count = var.enabled ? 1 : 0
statement {
actions = var.s3_actions
resources = var.s3_resources
effect = "Allow"
}
}
resource "aws_iam_user_policy" "default" {
count = var.enabled ? 1 : 0
name = module.s3_user.user_name
user = module.s3_user.user_name
policy = join("", data.aws_iam_policy_document.default.*.json)
}
provider "aws" {
region = "eu-west-1"
}
This in the stgbacuket.tf
resource "aws_s3_bucket" "redacted" {
bucket = "redacted"
acl = "private"
tags = {
nature = "audio"
projet = "redacted"
}
}
resource "aws_s3_bucket_public_access_block" "redacted" {
bucket = "${aws_s3_bucket.redacted.id}"
block_public_acls = true
block_public_policy = true
}
this in the stgbucket.tfvars
#region = "eu-west-1"
namespace = "redacted"
stage = "staging"
name = "bunny-audio"
s3_actions = ["s3:GetObject"]
s3_resources = ["arn:aws:s3:::redacted/*"]
And the same for the production one
Are both [main.tf](http://main.tf)
and stgbucket.*
in the same directory?
Yes
When you say “And the same for the production one” are you saying there is an additional stgbucket.tfvars
for production?
There’s a prdbucket.tfvars
Are they both in the directory when you are running terraform plan/apply?
Yes
Did you figure this out. My real job got me distracted. I can’t see everything, but you shouldn’t have both var files in the same directory since terraform will read all of them. I have not had a chance to experiment with this.
2019-09-20
Powershell script to - install nuget server ? did anyone write this script
2019-09-21
@Sharanya $sourceNugetExe = “https://dist.nuget.org/win-x86-commandline/latest/nuget.exe” $targetNugetExe = “$rootPath\nuget.exe” Invoke-WebRequest $sourceNugetExe -OutFile $targetNugetExe Set-Alias nuget $targetNugetExe -Scope Global -Verbose
not sure if that’s what you need specifically but that will installed nuget
If you want to install nuget in powershell as a provider Install-PackageProvider -Name NuGet
2019-09-23
2019-09-24
Can you use terraform_remote_state data source as an input attribute for subnet in the cloudposse aws ec2 module?
oh wait, I apologize this channel is not for cloudposse modules
2019-09-25
Components for secure UI hosting in S3
• S3 — for storing the static site
• CloudFront — for serving the static site over SSL
• AWS Certificate Manager — for generating the SSL certificates Route53 — for routing the domain name to the correct location Did anyone come across any modules for this in terraform ?
2019-09-26
@Andriy Knysh (Cloud Posse) thanks for updating the EC2 autoscaling module
no problem
all EKS modules should be done for TF 0.12 today
The hero we need, but not the hero we deserve.
Big thanks @Andriy Knysh (Cloud Posse)
all EKS modules should be done for TF 0.12 today
2019-09-27
@here I am trying to upgrade from v.11.14 to v.12 and after going through the upgrade steps and fixing some code changes … now I am seeing following issue
Error: Missing resource instance key
on .terraform/modules/public_subnets.public_label/outputs.tf line 29, in output "tags":
29: "Stage", "${null_resource.default.triggers.stage}"
Because null_resource.default has "count" set, its attributes must be accessed
on specific instances.
For example, to correlate with indices of a referring resource, use:
null_resource.default[count.index]
did anyone faced similar issue and was able to fix it
Downloading git::<https://github.com/cloudposse/terraform-aws-vpc.git?ref=0.8.0> for base_vpc...
- base_vpc in .terraform/modules/base_vpc
Downloading git::<https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.14.0> for base_vpc.label...
- base_vpc.label in .terraform/modules/base_vpc.label
Downloading git::<https://github.com/cloudposse/terraform-aws-multi-az-subnets.git?ref=master> for private_subnets...
- private_subnets in .terraform/modules/private_subnets
Downloading git::<https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.3.0> for private_subnets.private_label...
- private_subnets.private_label in .terraform/modules/private_subnets.private_label
Downloading git::<https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.3.0> for private_subnets.public_label...
- private_subnets.public_label in .terraform/modules/private_subnets.public_label
Downloading git::<https://github.com/cloudposse/terraform-aws-multi-az-subnets.git?ref=master> for public_subnets...
- public_subnets in .terraform/modules/public_subnets
Downloading git::<https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.3.0> for public_subnets.private_label...
- public_subnets.private_label in .terraform/modules/public_subnets.private_label
Downloading git::<https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.3.0> for public_subnets.public_label...
- public_subnets.public_label in .terraform/modules/public_subnets.public_label
Did you do what the error said? It is correct
2019-09-29
hi i’m using the terraform iam role module
while init the module with release 0.4.0, i got this error
Error: Invalid argument name
on .terraform/modules/role.aggregated_policy/main.tf line 24, in data "aws_iam_policy_document" "zero":
24: "statement" = []
Argument names must not be quoted.
Can you please share the link of module you are using?
Looks like this module git://github.com/cloudposse/terraform-aws-iam-policy-document-aggregator.git?ref=tags/0.1.2> can be used with terraform version 0.11v.
Terraform module to aggregate multiple IAM policy documents into single policy document. - cloudposse/terraform-aws-iam-policy-document-aggregator
you can refer this commit from this fork: https://github.com/techfishio/terraform-aws-iam-policy-document-aggregator/commit/ca820699baca5a1345f5e4a0d73762f8ce212982
omit version in module
and pass source = "[github.com/techfishio/terraform-aws-iam-policy-document-aggregator.git?ref=ca820699baca5a1345f5e4a0d73762f8ce212982](http://github.com/techfishio/terraform-aws-iam-policy-document-aggregator.git?ref=ca820699baca5a1345f5e4a0d73762f8ce212982)"
ofc. i’m not responsible for any consequences of using someone’s fork, as well as losing eyesight from reading this message
- Fix empty policies * Fix empty policies * Fix formatting * Fix formatting
thanks, let me check
anyone know how to fix this ?
thanks
i’m using terraform 0.12.9
2019-09-30
“statement” ==> statement – remove the quotes
@Alex Co