#terraform-aws-modules (2019-09)

terraform Terraform Modules

Discussions related to https://github.com/terraform-aws-modules Archive: https://archive.sweetops.com/terraform-aws-modules/

2019-09-30

Rajesh Babu Gangula avatar
Rajesh Babu Gangula

“statement” ==> statement – remove the quotes

Rajesh Babu Gangula avatar
Rajesh Babu Gangula

@Alex Co

2019-09-29

Alex Co avatar
Alex Co

hi i’m using the terraform iam role module

Alex Co avatar
Alex Co

while init the module with release 0.4.0, i got this error

Alex Co avatar
Alex Co
Error: Invalid argument name

  on .terraform/modules/role.aggregated_policy/main.tf line 24, in data "aws_iam_policy_document" "zero":
  24:   "statement"   = []

Argument names must not be quoted.
Vidhi Virmani avatar
Vidhi Virmani

Can you please share the link of module you are using?

Vidhi Virmani avatar
Vidhi Virmani

Looks like this module git://github.com/cloudposse/terraform-aws-iam-policy-document-aggregator.git?ref=tags/0.1.2> can be used with terraform version 0.11v.

cloudposse/terraform-aws-iam-policy-document-aggregator

Terraform module to aggregate multiple IAM policy documents into single policy document. - cloudposse/terraform-aws-iam-policy-document-aggregator

Karoline Pauls avatar
Karoline Pauls

you can refer this commit from this fork: https://github.com/techfishio/terraform-aws-iam-policy-document-aggregator/commit/ca820699baca5a1345f5e4a0d73762f8ce212982

omit version in module and pass source = "[github.com/techfishio/terraform-aws-iam-policy-document-aggregator.git?ref=ca820699baca5a1345f5e4a0d73762f8ce212982](http://github\.com/techfishio/terraform\-aws\-iam\-policy\-document\-aggregator\.git\?ref=ca820699baca5a1345f5e4a0d73762f8ce212982)"

ofc. i’m not responsible for any consequences of using someone’s fork, as well as losing eyesight from reading this message

Fix empty policy (#7) · techfishio/[email protected]
  • Fix empty policies * Fix empty policies * Fix formatting * Fix formatting
Alex Co avatar
Alex Co

thanks, let me check

Alex Co avatar
Alex Co

anyone know how to fix this ?

Alex Co avatar
Alex Co

thanks

Alex Co avatar
Alex Co

i’m using terraform 0.12.9

2019-09-27

Rajesh Babu Gangula avatar
Rajesh Babu Gangula

@here I am trying to upgrade from v.11.14 to v.12 and after going through the upgrade steps and fixing some code changes … now I am seeing following issue

Error: Missing resource instance key

  on .terraform/modules/public_subnets.public_label/outputs.tf line 29, in output "tags":
  29:         "Stage", "${null_resource.default.triggers.stage}"

Because null_resource.default has "count" set, its attributes must be accessed
on specific instances.

For example, to correlate with indices of a referring resource, use:
    null_resource.default[count.index]

did anyone faced similar issue and was able to fix it

Rajesh Babu Gangula avatar
Rajesh Babu Gangula
Downloading git::<https://github.com/cloudposse/terraform-aws-vpc.git?ref=0.8.0> for base_vpc...
- base_vpc in .terraform/modules/base_vpc
Downloading git::<https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.14.0> for base_vpc.label...
- base_vpc.label in .terraform/modules/base_vpc.label
Downloading git::<https://github.com/cloudposse/terraform-aws-multi-az-subnets.git?ref=master> for private_subnets...
- private_subnets in .terraform/modules/private_subnets
Downloading git::<https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.3.0> for private_subnets.private_label...
- private_subnets.private_label in .terraform/modules/private_subnets.private_label
Downloading git::<https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.3.0> for private_subnets.public_label...
- private_subnets.public_label in .terraform/modules/private_subnets.public_label
Downloading git::<https://github.com/cloudposse/terraform-aws-multi-az-subnets.git?ref=master> for public_subnets...
- public_subnets in .terraform/modules/public_subnets
Downloading git::<https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.3.0> for public_subnets.private_label...
- public_subnets.private_label in .terraform/modules/public_subnets.private_label
Downloading git::<https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.3.0> for public_subnets.public_label...
- public_subnets.public_label in .terraform/modules/public_subnets.public_label
oscar avatar
oscar

Did you do what the error said? It is correct

2019-09-26

guigo2k avatar
guigo2k

@Andriy Knysh (Cloud Posse) thanks for updating the EC2 autoscaling module

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

no problem

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

all EKS modules should be done for TF 0.12 today

oscar avatar
oscar
03:55:26 PM

The hero we need, but not the hero we deserve.

Big thanks @Andriy Knysh (Cloud Posse)

all EKS modules should be done for TF 0.12 today

2
cool-doge2
1

2019-09-25

Sharanya avatar
Sharanya

Components for secure UI hosting in S3

• S3 — for storing the static site

• CloudFront — for serving the static site over SSL

• AWS Certificate Manager — for generating the SSL certificates Route53 — for routing the domain name to the correct location Did anyone come across any modules for this in terraform ?

2019-09-24

leonawood avatar
leonawood

Can you use terraform_remote_state data source as an input attribute for subnet in the cloudposse aws ec2 module?

leonawood avatar
leonawood

oh wait, I apologize this channel is not for cloudposse modules

2019-09-23

Sharanya avatar
Sharanya

@jetstreamin Thank you so much

1

2019-09-21

jetstreamin avatar
jetstreamin

@Sharanya $sourceNugetExe = “https://dist.nuget.org/win-x86-commandline/latest/nuget.exe” $targetNugetExe = “$rootPath\nuget.exe” Invoke-WebRequest $sourceNugetExe -OutFile $targetNugetExe Set-Alias nuget $targetNugetExe -Scope Global -Verbose

jetstreamin avatar
jetstreamin

not sure if that’s what you need specifically but that will installed nuget

jetstreamin avatar
jetstreamin

If you want to install nuget in powershell as a provider Install-PackageProvider -Name NuGet

:--1:1

2019-09-20

Sharanya avatar
Sharanya

Powershell script to - install nuget server ? did anyone write this script

2019-09-18

Alain Deleglise avatar
Alain Deleglise

Hi all

Alain Deleglise avatar
Alain Deleglise

I’m quite new to terraform for aws

Alain Deleglise avatar
Alain Deleglise

I’m currently trying to clean our existing AWS ressources, and I want to use the terraform-aws-iam-s3-user

Alain Deleglise avatar
Alain Deleglise

I’m trying to add a single iam user, and his access to a bucket, for staging and production env

Alain Deleglise avatar
Alain Deleglise

The problem is that the “aws_iam_user_policy.default[0]” created by the staging user will be replaced by the prod user

Alain Deleglise avatar
Alain Deleglise

What am I doing wrong

Alain Deleglise avatar
Alain Deleglise

?

Alain Deleglise avatar
Alain Deleglise
Terraform will perform the following actions:

  # aws_iam_user_policy.default[0] must be replaced
-/+ resource "aws_iam_user_policy" "default" {
      ~ id     = "redacted-staging-bunny-audio:redacted-staging-bunny-audio" -> (known after apply)
      ~ name   = "redacted-staging-bunny-audio" -> "redacted-production-bunny-audio" # forces replacement
Alain Deleglise avatar
Alain Deleglise

I’ve created a tfvars file for each user

Van Johnson avatar
Van Johnson

Could you share your tf files?

Alain Deleglise avatar
Alain Deleglise

I warn you

Alain Deleglise avatar
Alain Deleglise

It’s a mess

Alain Deleglise avatar
Alain Deleglise

I have this in the main.tf

Alain Deleglise avatar
Alain Deleglise
module "s3_user" {
  source        = "git::<https://github.com/cloudposse/terraform-aws-iam-system-user.git?ref=tags/0.6.0>"
  namespace     = var.namespace
  stage         = var.stage
  name          = var.name
  attributes    = var.attributes
  tags          = var.tags
  enabled       = var.enabled
  force_destroy = var.force_destroy
  path          = var.path
}

data "aws_iam_policy_document" "default" {
  count = var.enabled ? 1 : 0

  statement {
    actions   = var.s3_actions
    resources = var.s3_resources
    effect    = "Allow"
  }
}

resource "aws_iam_user_policy" "default" {
  count  = var.enabled ? 1 : 0
  name   = module.s3_user.user_name
  user   = module.s3_user.user_name
  policy = join("", data.aws_iam_policy_document.default.*.json)
}

provider "aws" {
	region = "eu-west-1"
}
Alain Deleglise avatar
Alain Deleglise

This in the stgbacuket.tf

Alain Deleglise avatar
Alain Deleglise
resource "aws_s3_bucket" "redacted" {
    bucket = "redacted"
    acl    = "private"
    tags   = {
        nature = "audio"
        projet = "redacted"
    }
}

resource "aws_s3_bucket_public_access_block" "redacted" {
  bucket = "${aws_s3_bucket.redacted.id}"

  block_public_acls   = true
  block_public_policy = true
}
Alain Deleglise avatar
Alain Deleglise

this in the stgbucket.tfvars

Alain Deleglise avatar
Alain Deleglise

\#region = "eu-west-1"
namespace = "redacted"
stage = "staging"
name = "bunny-audio"
s3_actions = ["s3:GetObject"]
s3_resources = ["arn:aws:s3:::redacted/*"]
Alain Deleglise avatar
Alain Deleglise

And the same for the production one

Van Johnson avatar
Van Johnson

Are both [main.tf](http://main\.tf) and stgbucket.* in the same directory?

Alain Deleglise avatar
Alain Deleglise

Yes

Van Johnson avatar
Van Johnson

When you say “And the same for the production one” are you saying there is an additional stgbucket.tfvars for production?

Alain Deleglise avatar
Alain Deleglise

There’s a prdbucket.tfvars

Van Johnson avatar
Van Johnson

Are they both in the directory when you are running terraform plan/apply?

Alain Deleglise avatar
Alain Deleglise

Yes

Van Johnson avatar
Van Johnson

Did you figure this out. My real job got me distracted. I can’t see everything, but you shouldn’t have both var files in the same directory since terraform will read all of them. I have not had a chance to experiment with this.

2019-09-16

2019-09-14

Ryan avatar

Anyone know why I’m getting this error trying to add my ASG instances to an ALB target group:
Please ensure all provided Target Groups have target type of instance

Not sure if it’s how I have my ASG configured or what… the terraform-aws-alb module hard codes the target group type to ip, but the aws_autoscaling_group resource doesn’t specify anything about target group type. Assuming I’m doing something wrong because this seems like the modules for ALB/ASG would never interoperate correctly.

Ryan avatar

Changing target_type to instance resolves this error in 0.12

2019-09-13

joshmyers avatar
joshmyers

@Khun Open a PR

joshmyers avatar
joshmyers

Why would you not want versioning on a thing?

Khun avatar

so it’s not possible at the current state

2019-09-12

Khun avatar

Hi, https://github.com/cloudposse/terraform-aws-kops-chart-repo/blob/master/main.tf#L24 - is this possible to override this so that this bucket won’t have versioning?

cloudposse/terraform-aws-kops-chart-repo

Terraform module to provision an S3 bucket for Helm chart repository, and an IAM role and policy with permissions for Kops nodes to access the bucket - cloudposse/terraform-aws-kops-chart-repo

2019-09-09

2019-09-08

2019-09-07

2019-09-06

antonbabenko avatar
antonbabenko

Hi guys! Since we are #terraform-aws-modules channel Shameless plug, https://github.com/terraform-aws-modules/terraform-aws-s3-bucket - this module supports ALL (all I can imagine at least) features provided by Terraform AWS provider. See complete example code - https://github.com/terraform-aws-modules/terraform-aws-s3-bucket/blob/master/examples/complete/main.tf

terraform-aws-modules/terraform-aws-s3-bucket

Terraform module which creates S3 bucket resources on AWS - terraform-aws-modules/terraform-aws-s3-bucket

:--1:1
imiltchman avatar
imiltchman

@antonbabenko Excellent module. Is there any way/workaround to have the storage class be non standard by default and/or have a shorter than 30 day transition period?

antonbabenko avatar
antonbabenko

Yes, I believe so if it is supported by the AWS provider

imiltchman avatar
imiltchman

I need to look into it, but last I checked, I didn’t think that was possible

antonbabenko avatar
antonbabenko

I think I saw something like 30 days minimum, so you are probably right. It is a limit of AWS, not Terraform.

:--1:1
rohit avatar
rohit

Does anyone know if the terraform-aws-rds module supports serverless mode for postgresql?

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

@rohit what module/repo?

rohit avatar
rohit
terraform-aws-modules/terraform-aws-rds-aurora

Terraform module which creates RDS Aurora resources on AWS - terraform-aws-modules/terraform-aws-rds-aurora

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

it should support it I guess since those are just settings

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

take a look for example at a similar CloudPosse module which was deployed for serverless https://github.com/cloudposse/terraform-root-modules/blob/master/aws/grafana-backing-services/aurora-mysql.tf#L139

cloudposse/terraform-root-modules

Example Terraform service catalog of “root module” blueprints for provisioning reference architectures - cloudposse/terraform-root-modules

rohit avatar
rohit

@Andriy Knysh (Cloud Posse) thanks

rohit avatar
rohit

@antonbabenko terraform-aws-rds-aurora module still requires database instance type when using serverless mode. Am i missing anything ?

rohit avatar
rohit

I do not see instance type option in RDS console when serverless mode is selected

rohit avatar
rohit

@Andriy Knysh (Cloud Posse) any ideas on my above question ?

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

for serverless you don’t specify instance type (that’s why it’s serverless). You specify Capacity settings

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)
rohit avatar
rohit

correct, but when using the terraform-aws-rds it does ask for instance type

rohit avatar
rohit

so i am wondering if it is a bug

antonbabenko avatar
antonbabenko

instance_class has to be specified, but it is more like a bug in the module, because it was created before serveless became a thing

antonbabenko avatar
antonbabenko

PR is welcome

rohit avatar
rohit

@antonbabenko thanks. I will submit a PR shortly

Shannon Dunn avatar
Shannon Dunn

would the team accept PRs enabling some of these modules workable in AWS govcloud?

Shannon Dunn avatar
Shannon Dunn

specifically around hardcoded arn formats

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

@Shannon Dunn I think it was your open issue for the EMR module on GitHub

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

Yes, PRs are welcome

2019-09-04

cabrinha avatar
cabrinha

Does this s3 bucket module support CORS rules? https://github.com/cloudposse/terraform-aws-s3-bucket/tree/0.3.1

cloudposse/terraform-aws-s3-bucket

Terraform module that creates an S3 bucket with an optional IAM user for external CI/CD systems - cloudposse/terraform-aws-s3-bucket

cabrinha avatar
cabrinha

I see there is a value for “var.policy” but I’m not sure if I can pass cors rules in there

Robert avatar
Robert

It does not:

Robert avatar
Robert
cloudposse/terraform-aws-s3-bucket

Terraform module that creates an S3 bucket with an optional IAM user for external CI/CD systems - cloudposse/terraform-aws-s3-bucket

Robert avatar
Robert

But I am sure that you could put in a PR to make it so that it does.

Robert avatar
Robert

@cabrinha

Robert avatar
Robert

You might have to do some count magic though with two bucket resources in the module since that is a resource block and not a map.

Robert avatar
Robert

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@cabrinha you might prefer our s3 website module if you want to work with websites

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

The bucket module we have now is more for private buckets

cabrinha avatar
cabrinha

Ah thanks

    keyboard_arrow_up