#terraform-aws-modules (2020-06)
Terraform Modules
Discussions related to https://github.com/terraform-aws-modules
Archive: https://archive.sweetops.com/terraform-aws-modules/
2020-06-01
Hi all. Wondering if it’s “just me” or if others are seeing any changes in AWS beanstalk workings over the last week? We were running older version of cloudposse beanstalk environment (0.13.0) and all of a sudden started seeing the following errors (no changes on our end):
Failed Environment update activity. Reason: Configuration validation exception: Invalid option value: ‘0.0’ (Namespace: ‘awsupdatepolicy:rollingupdate’, OptionName: ‘MinInstancesInService’): You can’t enable rolling updates for a single-instance environment.
I’ve since upgraded our environment and app cloudposse modules to 0.22.0 as I saw a number of changes around the configuration thinking that may be it. But seeing the same thing now, at least this time at deploy time:
Error: ConfigurationValidationException: Configuration validation exception: Invalid option value: ‘0.0’ (Namespace: ‘awsupdatepolicy:rollingupdate’, OptionName: ‘MinInstancesInService’): You can’t enable rolling updates for a single-instance environment.
status code: 400, request id: c0ee72fe-414f-4d4e-b3e3-d40e5f7867a3
I see that the error is clear enough, but quite baffled why it just started all of a sudden. I’ve opened a ticket with AWS on Friday, still no response there - but maybe someone here has an idea?
Hey! I’m having it too, but is not that clear for me, though Just new to all this stuff. Can you give me a hint on the right direction?
But my error is a bit different now i’ve reread yours, also deploy time: Error: ConfigurationValidationException: Configuration validation exception: Invalid option value: ‘’ (Namespace: ‘awsvpc’, OptionName: ‘ELBSubnets’): Specify the subnets for the VPC.
Right now I’m stuck at your same error
@Joshua Hansen any update from AWS on this?
Hi, sorry just saw these notifications. Nothing helpful from AWS. Looking at the Beanstalk Events Log, there was an auto update it seemed and then blammo, I started seeing the error:
Invalid option value: '0.0' (Namespace: 'aws:autoscaling:updatepolicy:rollingupdate', OptionName: 'MinInstancesInService'): You can't enable rolling updates for a single-instance environment.
The issue for us was we can’t get a new environment into that state, so finding a reproducible fix was a bit tedious. We had 20+ instances of this in production - so we took 3 environments and did some controlled tests. Here’s what we found:
In the terraform module (in our case beanstalk-environment version 0.13.0) the rolling update value is hard coded to true.
https://github.com/cloudposse/terraform-aws-elastic-beanstalk-environment/blob/0.13.0/main.tf#L381
So, we upgraded to the latest 0.22.0 and set that flag to false and deployed. Now here is where things got tricky.
If your environment was in an “OK” state, this works fine. If it was not OK, I had to terminate the environment, delete some IAM roles that terraform was managing and then deploy.
@Pijuli @Ben hopefully this helps in some way, happy to try and answer any questions.
thanks so much! will dig around a bit more
Good morning guys I opened a PR adding this param to the documentation. I also fixed it on friday. Sorry, I didn’t remember to reply to this thread. With rolling_update_enabled I could manage to create a SingleInstance environment also. Now I’m having troubles creating a LoadBalanced one. I get a timeout after 18 minutes of deploying. I guess it has something to do with vpc but i can’t figure it out
Regarding https://github.com/cloudposse/terraform-aws-ecs-alb-service-task
i just had a quick question about that. why is icmp ingress enabled on the security group resource ?
2020-06-04
2020-06-05
2020-06-06
2020-06-07
2020-06-10
I’ve added some important features into https://github.com/cloudposse/terraform-aws-codebuild . Can some please review the changes in https://github.com/cloudposse/terraform-aws-codebuild/pull/53 so that these important features are merged asap.
Added support for :
• private repository auth
• git_submodules_config
• vpc_config
• logs_config
• git_clone_depth
• source_version
• Solved : #54
• Added force_detach_policies = true into resource “aws_iam_role” “default”
• Solved: #48
• solve issue #48 mandatory namespace and stage
• added secret manager access
• Solved: #56 Support of Other AWS CodeBuild Containers
• Example: Bitbucket
Review please for repo cloudposse/terraform-aws-ecs-alb-service-task
• https://github.com/cloudposse/terraform-aws-ecs-alb-service-task/pull/55
• https://github.com/cloudposse/terraform-aws-ecs-alb-service-task/pull/56
@Andriy Knysh (Cloud Posse)
2020-06-12
https://github.com/terraform-aws-modules/terraform-aws-eks/blob/master/examples/basic/main.tf#L111
What are the implications of using a single NAT gateway in a multi-AZ EKS VPC?
Here the CF example creates one NAT Gateway per AZ.
If you have resources in multiple Availability Zones and they share one NAT gateway, and if the NAT gateway’s Availability Zone is down, resources in the other Availability Zones lose internet access. To create an Availability Zone-independent architecture, create a NAT gateway in each Availability Zone and configure your routing to ensure that resources use the NAT gateway in the same Availability Zone.
• https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html
I don’t think it is a good idea that the basic example selects it https://github.com/terraform-aws-modules/terraform-aws-eks/blob/7de18cd9cd882f6ad105ca375b13729537df9e68/examples/basic/main.tf#L110
2020-06-15
While using this terraform git https://github.com/cloudposse/terraform-aws-eks-node-group/blob/master/README.md Can we have existing iam roles to be attached in node groups? Because autoscaling describe policies are not attached in the newly created iam role. These policies are need to be attached in node iam role to have autoscaling to work.
Have you tried using existing_workers_role_policy_arns and setting existing_workers_role_policy_arns_count?
Yes, I that worked for me
2020-06-16
hi does any one have msk module that I can use .. I did not see one in the cloudpose repo .. any help would be greatly appreciated … I wanted to build one with all the options parameterized but if I have something readily available that would make my life lot easier .. thanks in advance
Ya, unfortunately we haven’t yet had a customer request it - so no module yet.
thanks Erik
2020-06-17
2020-06-22
Hey, question about the cloudposse module for ec2 instance group. Is this the place to ask a question about the modules from cloudposse here?
Cloudposse provides the modules like this: https://github.com/cloudposse/terraform-aws-multi-az-subnets Creates a subnet with multi AZ setup, real nice. However the https://github.com/cloudposse/terraform-aws-ec2-instance-group module only takes in 1 value in an instance group instead of taking the subnets from the AZ zone setup into account. Should i clone the repo to build in this functionality, build a wrapper module around it… Or is there a way to achieve this directly? I tried to pass multi values to this module, but not really that comfortable with terraform 0.12 syntax yet.
@RogierD You’re trying to deploy your instances across multiple subnets is what you’re saying?
You can fork the module, update to accept multiple subnets instead of one, and PR it back. That is likely your best bet.
k, i forked the repo and im going to make changes. Lets see if i can get it to work. Else i build a wrapper around the module to launch an instance per AZ
@RogierD yes - if you want to update it to suport multipel subnets, that’s cool
2020-06-23
2020-06-24
~noticed that there is a nice module for creating an assumable role that is official terraform-aws-iam/tree/master/modules/iam-assumable-role but there isn’t an var.enabled argument for this and we’re still using tf 0.12 (i know 0.13 beta can disable modules without an enabled arg).~
~without having to fork this and/or contribute to this module, what module if any do you use for creating terraform iam roles at your shops? do any of those have the ~var.enabled or similar argument to turn it on and off ?
thread start
ah nvm, im an idiot. there is a create_role variable lol
heh, this is why we use the ..._enabled convention
Cognito supports the addition of custom attributes in an existing user pool. However, when the changes are made through terraform, the old user pool is destroyed and a new one is created. Based on terraform documentation, this should not happen if the constraints block is used for the custom attributes (https://www.terraform.io/docs/providers/aws/r/cognito_user_pool.html). Did anyone faced similar issue and were able to fix it … any help would be appreciated
following is the block I added to the schema
{
attribute_data_type = "String"
name = "customer_type"
developer_only_attribute = false
mutable = true
required = false
string_attribute_constraints = {
min_value = 0
max_value = 2048
}
}
looks like there is no solution for this issue …. only a messier workaround https://github.com/terraform-providers/terraform-provider-aws/issues/3891