#terraform-aws-modules (2023-08)
Terraform Modules
Discussions related to https://github.com/terraform-aws-modules
Archive: https://archive.sweetops.com/terraform-aws-modules/
2023-08-07
~@Dan Miller (Cloud Posse) We are going to want to reverse this PR. The problem is the “short” name for the account includes the tenant, e.g. “core-auto”, whereas the stage name is just “auto”. Sorry, Brian, but thank you anyway.~
@Brian I’m sorry that account-map is so confusing. It is a complicated adapter supporting several different iterations of the Cloud Posse reference architecture. It even confused me, and I am the lead maintainer. @Dan Miller (Cloud Posse) Brian was right and I was wrong, the inputs are supposed to be the short names, not the stage names.
@Brian Can you please explain this use case? Your solution only handles the name tag, but you would have the same problem if you included other tags where the keys were distinct under case-sensitive matches but identical under case-insensitive matches. So unless we have a comprehensive solution, I’m inclined to leave it to users to clean up their inputs.
Yes. Whenever label_key_case is set to lower in the global stack file, then both name and Name will exists in the situations this issue resolves.
I also realize sometimes Name is intentional even if all other tags are normalized to lowercase because the AWS web console will the value of Name as the name if it exists.
2023-08-08
@Brian dang!! you’re on a roll
cc @Dan Miller (Cloud Posse) @Ben Smith (Cloud Posse) @Jeremy G (Cloud Posse) @Jeremy White (Cloud Posse) @Andriy Knysh (Cloud Posse)
@Gabriela Campana (Cloud Posse) can you help us get them reviewed
2023-08-09
2023-08-17
https://github.com/cloudposse/terraform-aws-components/tree/main/modules/eks/karpenter-provisioner
How do you pass user data for nodes?
@Dan Miller (Cloud Posse)
This component defines the AWSNodeTemplate manifest here. That manifest uses the options given by Terraform, but at this time does not include user data. However, user data is supported by karpenter! So in order to pass user data to the nodes, add a new spec to Terraform to pass user data. Something like this:
resource "kubernetes_manifest" "provider" {
...
manifest = {
...
spec = merge({
...
userData = each.value.user_data
}
}
and then add user_data to the provisioners var
2023-08-22
Hello again!
https://github.com/cloudposse/terraform-aws-ec2-bastion-server - All the tags since Jun 11, 2021 are classed as pre-release.
Is this intended?
Yes because the sg module was refactored and it was never upgraded in this module. The most recent non pre release version is from this year may and it’s version is
https://github.com/cloudposse/terraform-aws-ec2-bastion-server/releases/tag/0.27.1
Thanks @RB
2023-08-25
2023-08-28
2023-08-30
Hi to all, there is the possibility to insert a scopedown statement of managed rules in waf module?
@Andriy Knysh (Cloud Posse)
please specify 1) what WAF module (Terraform resource or CloudPosse waf)? 2) what is a scopedown statement? (please provide an example of that)
Hi Andriy, we use this module https://github.com/cloudposse/terraform-aws-waf
aws permit in managed rule groups the scope down to filter the rule (https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-scope-down-statements.htmlhttps://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-scope-down-statements.html)
the terraform aws provider (https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/wafv2_web_acl) can optionally use the scope down statment of a rule
scope_down_statement
In this topic https://github.com/cloudposse/terraform-aws-waf/issues/33, there’s a work around only for rate_based_statement rule.
scope_down_statement is not currently supported by the module
can be added to managed_rule_group_statement and rate_based_statement
can you open a PR and we’ll review it?
yes thanls
thanks