#terraform-aws-modules (2020-06)

terraform Terraform Modules

Discussions related to https://github.com/terraform-aws-modules Archive: https://archive.sweetops.com/terraform-aws-modules/

2020-06-26

2020-06-24

RB avatar

noticed that there is a nice module for creating an assumable role that is official terraform-aws-iam/tree/master/modules/iam-assumable-role but there isn’t an var.enabled argument for this and we’re still using tf 0.12 (i know 0.13 beta can disable modules without an enabled arg). without having to fork this and/or contribute to this module, what module if any do you use for creating terraform iam roles at your shops? do any of those have the var.enabled or similar argument to turn it on and off ?

terraform-aws-modules/terraform-aws-iam

Terraform module which creates IAM resources on AWS - terraform-aws-modules/terraform-aws-iam

RB avatar

thread start

terraform-aws-modules/terraform-aws-iam

Terraform module which creates IAM resources on AWS - terraform-aws-modules/terraform-aws-iam

RB avatar

ah nvm, im an idiot. there is a create_role variable lol

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

heh, this is why we use the ..._enabled convention

Rajesh Babu Gangula avatar
Rajesh Babu Gangula

Cognito supports the addition of custom attributes in an existing user pool. However, when the changes are made through terraform, the old user pool is destroyed and a new one is created. Based on terraform documentation, this should not happen if the constraints block is used for the custom attributes (https://www.terraform.io/docs/providers/aws/r/cognito_user_pool.html). Did anyone faced similar issue and were able to fix it … any help would be appreciated

AWS: aws_cognito_user_pool - Terraform by HashiCorp

Provides a Cognito User Pool resource.

Rajesh Babu Gangula avatar
Rajesh Babu Gangula

following is the block I added to the schema

    {
      attribute_data_type      = "String"
      name                     = "customer_type"
      developer_only_attribute = false
      mutable                  = true
      required                 = false
      string_attribute_constraints = {
        min_value = 0
        max_value = 2048
      }
    }
AWS: aws_cognito_user_pool - Terraform by HashiCorp

Provides a Cognito User Pool resource.

Rajesh Babu Gangula avatar
Rajesh Babu Gangula

looks like there is no solution for this issue …. only a messier workaround https://github.com/terraform-providers/terraform-provider-aws/issues/3891

Adding custom cognito user pool attribute forces new resource · Issue #3891 · terraform-providers/terraform-provider-aws

Adding new custom attributes should not force re-creation of the cognito user pool. Terraform Version $ terraform -v Terraform v0.11.4 + provider.aws v1.11.0 Affected Resource(s) aws_cognito_user_p…

2020-06-23

RB avatar
RB
03:43:12 PM

for this module https://github.com/cloudposse/terraform-aws-ecs-alb-service-task

it creates a aws_iam_role.ecs_service task role but we already have the AWSServiceRoleForECS

aws iam list-roles --path-prefix /aws-service-role/ecs.amazonaws.com/

2020-06-22

RogierD avatar
RogierD

Hey, question about the cloudposse module for ec2 instance group. Is this the place to ask a question about the modules from cloudposse here?

RogierD avatar
RogierD

Cloudposse provides the modules like this: https://github.com/cloudposse/terraform-aws-multi-az-subnets Creates a subnet with multi AZ setup, real nice. However the https://github.com/cloudposse/terraform-aws-ec2-instance-group module only takes in 1 value in an instance group instead of taking the subnets from the AZ zone setup into account. Should i clone the repo to build in this functionality, build a wrapper module around it… Or is there a way to achieve this directly? I tried to pass multi values to this module, but not really that comfortable with terraform 0.12 syntax yet.

cloudposse/terraform-aws-multi-az-subnets

Terraform module for multi-AZ public and private subnets provisioning - cloudposse/terraform-aws-multi-az-subnets

cloudposse/terraform-aws-ec2-instance-group

Terraform Module for provisioning multiple general purpose EC2 hosts for stateful applications. - cloudposse/terraform-aws-ec2-instance-group

Matt Gowie avatar
Matt Gowie

@ You’re trying to deploy your instances across multiple subnets is what you’re saying?

You can fork the module, update to accept multiple subnets instead of one, and PR it back. That is likely your best bet.

cloudposse/terraform-aws-multi-az-subnets

Terraform module for multi-AZ public and private subnets provisioning - cloudposse/terraform-aws-multi-az-subnets

cloudposse/terraform-aws-ec2-instance-group

Terraform Module for provisioning multiple general purpose EC2 hosts for stateful applications. - cloudposse/terraform-aws-ec2-instance-group

RogierD avatar
RogierD

k, i forked the repo and im going to make changes. Lets see if i can get it to work. Else i build a wrapper around the module to launch an instance per AZ

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@ yes - if you want to update it to suport multipel subnets, that’s cool

2020-06-17

2020-06-16

Rajesh Babu Gangula avatar
Rajesh Babu Gangula

hi does any one have msk module that I can use .. I did not see one in the cloudpose repo .. any help would be greatly appreciated … I wanted to build one with all the options parameterized but if I have something readily available that would make my life lot easier .. thanks in advance

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Ya, unfortunately we haven’t yet had a customer request it - so no module yet.

Rajesh Babu Gangula avatar
Rajesh Babu Gangula

thanks Erik

2020-06-15

rahulm4444 avatar
rahulm4444

While using this terraform git https://github.com/cloudposse/terraform-aws-eks-node-group/blob/master/README.md Can we have existing iam roles to be attached in node groups? Because autoscaling describe policies are not attached in the newly created iam role. These policies are need to be attached in node iam role to have autoscaling to work.

cloudposse/terraform-aws-eks-node-group

Terraform module to provision an EKS Node Group. Contribute to cloudposse/terraform-aws-eks-node-group development by creating an account on GitHub.

bazbremner avatar
bazbremner

Have you tried using existing_workers_role_policy_arns and setting existing_workers_role_policy_arns_count?

cloudposse/terraform-aws-eks-node-group

Terraform module to provision an EKS Node Group. Contribute to cloudposse/terraform-aws-eks-node-group development by creating an account on GitHub.

rahulm4444 avatar
rahulm4444

Yes, I that worked for me

rahulm4444 avatar
rahulm4444

2020-06-12

Karoline Pauls avatar
Karoline Pauls

https://github.com/terraform-aws-modules/terraform-aws-eks/blob/master/examples/basic/main.tf#L111

What are the implications of using a single NAT gateway in a multi-AZ EKS VPC?

terraform-aws-modules/terraform-aws-eks

Terraform module to create an Elastic Kubernetes (EKS) cluster and associated worker instances on AWS - terraform-aws-modules/terraform-aws-eks

Karoline Pauls avatar
Karoline Pauls
terraform-aws-modules/terraform-aws-eks

Terraform module to create an Elastic Kubernetes (EKS) cluster and associated worker instances on AWS - terraform-aws-modules/terraform-aws-eks

Karoline Pauls avatar
Karoline Pauls


If you have resources in multiple Availability Zones and they share one NAT gateway, and if the NAT gateway’s Availability Zone is down, resources in the other Availability Zones lose internet access. To create an Availability Zone-independent architecture, create a NAT gateway in each Availability Zone and configure your routing to ensure that resources use the NAT gateway in the same Availability Zone.

https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html

NAT gateways - Amazon Virtual Private Cloud

Use a NAT gateway in a public VPC subnet to enable outbound internet traffic from instances in a private subnet.

Karoline Pauls avatar
Karoline Pauls
terraform-aws-modules/terraform-aws-eks

Terraform module to create an Elastic Kubernetes (EKS) cluster and associated worker instances on AWS - terraform-aws-modules/terraform-aws-eks

2020-06-10

Bircan Bilici avatar
Bircan Bilici

I’ve added some important features into https://github.com/cloudposse/terraform-aws-codebuild . Can some please review the changes in https://github.com/cloudposse/terraform-aws-codebuild/pull/53 so that these important features are merged asap.

Added support for :

• private repository auth

• git_submodules_config

• vpc_config

• logs_config

• git_clone_depth

• source_version

• Solved : #54

• Added force_detach_policies = true into resource “aws_iam_role” “default”

• Solved: #48

• [solve issue> #48 <https://github.com/cloudposse/terraform-aws-codebuild/pull/53/commits/3885195c10e8c2e3991a2756bf66158a6b958f96 mandatory namespace and stage](https://github.com/cloudposse/terraform-aws-codebuild/issues/48)

added secret manager access

Solved: #56 Support of Other AWS CodeBuild Containers

Example: Bitbucket

cloudposse/terraform-aws-codebuild

Terraform Module to easily leverage AWS CodeBuild for Continuous Integration - cloudposse/terraform-aws-codebuild

Added Authentication Support for Private Repositories (Bitbucket, Github) by brcnblc · Pull Request #53 · cloudposse/terraform-aws-codebuild

what Added support for : private repository auth git_submodules_config vpc_config logs_config git_clone_depth source_version Solved : #54 Added force_detach_policies = true into resou…

Problem destroying IAM Role while destroying resources. · Issue #54 · cloudposse/terraform-aws-codebuild

Describe the Bug Following error occurs while destroy. Error deleting IAM Role (<role-id>): DeleteConflict: Cannot delete entity, must detach all policies first. Expected Behavior A clean des…

namespace and stage variables are mandatory · Issue #48 · cloudposse/terraform-aws-codebuild

I am using Terraform 0.12. If I don&#39;t specify the namespace and stage variables, I get the following error: Error: Error creating CodeBuild project: InvalidParameter: 2 validation error(s) foun…

RB avatar
RB avatar

@Andriy Knysh (Cloud Posse)

2020-06-07

2020-06-06

2020-06-05

2020-06-04

2020-06-01

Joshua Hansen avatar
Joshua Hansen

Hi all. Wondering if it’s “just me” or if others are seeing any changes in AWS beanstalk workings over the last week? We were running older version of cloudposse beanstalk environment (0.13.0) and all of a sudden started seeing the following errors (no changes on our end):
Failed Environment update activity. Reason: Configuration validation exception: Invalid option value: ‘0.0’ (Namespace: ‘awsupdatepolicy:rollingupdate’, OptionName: ‘MinInstancesInService’): You can’t enable rolling updates for a single-instance environment.
I’ve since upgraded our environment and app cloudposse modules to 0.22.0 as I saw a number of changes around the configuration thinking that may be it. But seeing the same thing now, at least this time at deploy time:
Error: ConfigurationValidationException: Configuration validation exception: Invalid option value: ‘0.0’ (Namespace: ‘awsupdatepolicy:rollingupdate’, OptionName: ‘MinInstancesInService’): You can’t enable rolling updates for a single-instance environment.
status code: 400, request id: c0ee72fe-414f-4d4e-b3e3-d40e5f7867a3
I see that the error is clear enough, but quite baffled why it just started all of a sudden. I’ve opened a ticket with AWS on Friday, still no response there - but maybe someone here has an idea?

Pijuli avatar
Pijuli

Hey! I’m having it too, but is not that clear for me, though Just new to all this stuff. Can you give me a hint on the right direction?

Pijuli avatar
Pijuli

But my error is a bit different now i’ve reread yours, also deploy time: Error: ConfigurationValidationException: Configuration validation exception: Invalid option value: ‘’ (Namespace: ‘aws:ec2:vpc’, OptionName: ‘ELBSubnets’): Specify the subnets for the VPC.

Pijuli avatar
Pijuli

Right now I’m stuck at your same error

Ben avatar

@Joshua Hansen any update from AWS on this?

Joshua Hansen avatar
Joshua Hansen

Hi, sorry just saw these notifications. Nothing helpful from AWS. Looking at the Beanstalk Events Log, there was an auto update it seemed and then blammo, I started seeing the error:

Invalid option value: '0.0' (Namespace: 'aws:autoscaling:updatepolicy:rollingupdate', OptionName: 'MinInstancesInService'): You can't enable rolling updates for a single-instance environment.
Joshua Hansen avatar
Joshua Hansen

The issue for us was we can’t get a new environment into that state, so finding a reproducible fix was a bit tedious. We had 20+ instances of this in production - so we took 3 environments and did some controlled tests. Here’s what we found:

Joshua Hansen avatar
Joshua Hansen

In the terraform module (in our case beanstalk-environment version 0.13.0) the rolling update value is hard coded to true.

https://github.com/cloudposse/terraform-aws-elastic-beanstalk-environment/blob/0.13.0/main.tf#L381

Joshua Hansen avatar
Joshua Hansen

So, we upgraded to the latest 0.22.0 and set that flag to false and deployed. Now here is where things got tricky.

If your environment was in an “OK” state, this works fine. If it was not OK, I had to terminate the environment, delete some IAM roles that terraform was managing and then deploy.

Joshua Hansen avatar
Joshua Hansen

@ @ hopefully this helps in some way, happy to try and answer any questions.

Ben avatar

thanks so much! will dig around a bit more

Pijuli avatar
Pijuli

Good morning guys I opened a PR adding this param to the documentation. I also fixed it on friday. Sorry, I didn’t remember to reply to this thread. With rolling_update_enabled I could manage to create a SingleInstance environment also. Now I’m having troubles creating a LoadBalanced one. I get a timeout after 18 minutes of deploying. I guess it has something to do with vpc but i can’t figure it out

RB avatar

Regarding https://github.com/cloudposse/terraform-aws-ecs-alb-service-task

i just had a quick question about that. why is icmp ingress enabled on the security group resource ?

cloudposse/terraform-aws-ecs-alb-service-task

Terraform module which implements an ECS service which exposes a web service via ALB. - cloudposse/terraform-aws-ecs-alb-service-task

    keyboard_arrow_up