#terraform-aws-modules (2021-09)
Terraform Modules
Discussions related to https://github.com/terraform-aws-modules
Archive: https://archive.sweetops.com/terraform-aws-modules/
2021-09-01
2021-09-09
Hey folks, wondered if anyone could give me some advice on the aws_backup module, specifically how do I ensure that the resource tags are copied to my recovery tags, this doesn’t seem well documented at all. Any pointers would me most appreciated.
You should be provisioning those other resources with the tags
So the resources I’m backing up are provisioned with tags, however the Recovery point tags doesn’t give me details of the resource I’m backing up ?
it might help to look at our aws-backup component that uses the aws-backup module
https://github.com/cloudposse/terraform-aws-components/tree/master/modules/aws-backup
in the readme, you can see the inputs that create a special tag
ah ok let me take a look
@RB hmm not sure this is what I’m looking for, the point is I should be able to set a tag or derive a tag that reflects what I’m backing up ? Can this be done ?
if so how ?
and Ideally in the Recovery point tags
if this is set
selection_tags:
- type: "STRINGEQUALS"
key: "aws-backup/resource_schedule"
value: "daily-14day-backup"
then you can set a tag on a resource
like aws-backup/resource_schedule = "daily-14day-backup" and aws-backup will manage it
yes indeed thats not the issue, I’m able to back up based on tags, but how do associate the recovery point tags with what I backup especially when the resource is an EC2 instance.
are you saying you can and want to tag individual recovery points ?
these are the only resources i can find related to aws_backup
there is an inconsistency about the way AWS names its resources, and as such there is no issue with RDS however there is with EC2 instances and their resource IDs.
yes indeed I’m hitting the same brick wall. Perhaps I’m misunderstanding what the recovery point tags are for ?
What I want to do is have a tag in that represents what I actually backed up in the case of an EC2 instance.
I’m unsure if that’s possible
I’m beginning to think it isn’t
well at least not for EC2 instances.
Anyone know how the aws backup module works ?
hello anyone ?
2021-09-14
Hi team! Any help needed to merge this PR? https://github.com/cloudposse/terraform-aws-iam-role/pull/30
2021-09-15
2021-09-16
Hi @RB! One question, I’m using terraform-aws-cloudwatch-logs to create a log-group for Opensearch (formerly Elasticsearch) and I get this error:
│ Error: ValidationException: The Resource Access Policy specified for the CloudWatch Logs log group home-dev-es-search does not grant sufficient permissions for Amazon OpenSearch Service to create a log stream. Please check the Resource Access Policy.
this is my tf file
module "home_dev_es_label" {
source = "cloudposse/label/null"
version = "0.25.0"
namespace = "home"
stage = "dev"
name = "es"
}
module "cloudwatch_search_log" {
source = "cloudposse/cloudwatch-logs/aws"
version = "0.5.0"
attributes = ["search"]
additional_permissions = ["logs:*"]
principals = { "Service" : ["es.amazonaws.com"] }
context = module.home_dev_es_label.context
}
Could you help me with this error?
my guess is this has changed:
principals = { "Service" : ["es.amazonaws.com"] }
[es.amazonaws.com](http://es.amazonaws.com) is probably not right
Thanks @Erik Osterman (Cloud Posse)!
I was wrong about the use of the module. This module cloudposse/cloudwatch-logs/aws is a log group general propose, but not fit the needs for the Opensearch (formerly Elasticsearch) service.
Logs groups for Opensearch needs the component aws_cloudwatch_log_resource_policy and this element is missing in the cloudposse module.
At the end I made an specific log module for Opensearch cloudwatch logs groups using the same standard I saw in Cloudposse
Anyway than a lot for your answer
2021-09-23
2021-09-24
2021-09-27
Hello all! I try to manage AWS API GW resources using Terraform. Today I have faced strange issue - I added some changes to the stage configuration in terraform manifest and applied these changes. But Terraform removed a previous deployment version and created new one. So, my questions are:
- Is it valid behaviour?
- Why does Terraform remove previous deployment version instead of creates new one and just switch configuration of API GW onto this configuration?
- If you use terraform for API GW, do you have deployment history with previous deployed versions?
Deploying api-gw via Terraform without using swagger/openapi spec is more trouble than it is worth. My recommendation is deploy using swagger/api spec and create new deployments whenever the swagger/api is updated.