#terraform-aws-modules (2024-03)
Terraform Modules
Discussions related to https://github.com/terraform-aws-modules
Archive: https://archive.sweetops.com/terraform-aws-modules/
2024-03-01
Greetings everyone. I’m using the cloudposse/vpn-connection/aws module and I’m facing some issues that I really don’t understand..
My module code is as follows
module "vpn_connection" {
source = "cloudposse/vpn-connection/aws"
version = "1.0.0"
namespace = var.namespace
stage = var.env
name = var.vpn_connection_name
vpc_id = var.vpc_id
vpn_gateway_amazon_side_asn = var.amazon_asn
customer_gateway_bgp_asn = var.customer_asn
customer_gateway_ip_address = var.customer_gateway_ip_address
route_table_ids = var.route_table_ids
vpn_connection_static_routes_only = true
vpn_connection_static_routes_destinations = [var.vpn_connection_static_routes_destinations]
vpn_connection_local_ipv4_network_cidr = var.vpn_connection_static_routes_destinations
vpn_connection_remote_ipv4_network_cidr = var.vpc_cidr
}
route_table_ids should contain a single element found using https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route_tables and vpn_connection_static_routes_destinations is a simple ipv4 cidr coming in as a string
The ‘calling’ of the module
module "vpn-connection" {
source = "../../modules/vpn-connection"
namespace = var.namespace
env = var.environment
vpn_connection_name = var.vpn_connection_name
vpc_id = module.staging-vpc.vpc_id
amazon_asn = var.amazon_asn
customer_asn = var.customer_asn
customer_gateway_ip_address = var.customer_gateway_ip_address
route_table_ids = data.aws_route_tables.route_tables_for_vpn_connection_to_public_subnets.ids
vpn_connection_static_routes_destinations = var.vpn_connection_static_routes_destinations
vpc_cidr = var.vpc_cidr
}
Should I not in the route tables inside route_table_ids see a non-propagated / aka static route to the contents of var.vpn_connection_static_routes_destinations
I see Route propagation set to No under the Route table which is also what I want..
But where’s my static route?
The VPN connection has the IPv4 cidr listed under Static routes
Also it has: Routing: Static
I had hoped to see a route from my AWS resources going via the vgw?
I had made an error in the filter of the data.aws_route_tables resource
By using terraform console and output I was able to confirm that I had messed up the filter..
Now the correct route tables has Propagation set to Yes, but still no routes via the vgw..
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# module.vpn-connection.module.vpn_connection.aws_vpn_gateway_route_propagation.default[0] will be created
+ resource "aws_vpn_gateway_route_propagation" "default" {
+ id = (known after apply)
+ route_table_id = "rtb-0fae0f6417e87d686"
+ vpn_gateway_id = "vgw-021dbceb8be839911"
}
# module.vpn-connection.module.vpn_connection.aws_vpn_gateway_route_propagation.default[1] will be created
+ resource "aws_vpn_gateway_route_propagation" "default" {
+ id = (known after apply)
+ route_table_id = "rtb-007080840322aad57"
+ vpn_gateway_id = "vgw-021dbceb8be839911"
}
# module.vpn-connection.module.vpn_connection.aws_vpn_gateway_route_propagation.default[2] will be created
+ resource "aws_vpn_gateway_route_propagation" "default" {
+ id = (known after apply)
+ route_table_id = "rtb-09158b5ccf370c9e5"
+ vpn_gateway_id = "vgw-021dbceb8be839911"
}
Plan: 3 to add, 0 to change, 0 to destroy.
Found the answer
https://docs.aws.amazon.com/vpn/latest/s2svpn/SetUpVPNConnections.html#vpn-configure-routing<i class="em em-~"</i>text=For%20static%20routing%2C%20the%20static%20IP%20prefixes%20that%20you%20specify%20for%20your%20VPN%20configuration%20are%20propagated%20to%20the%20route%20table%20when%20the%20status%20of%20the%20VPN%20connection%20is%20UP>.
@Andriy Knysh (Cloud Posse) FYI
2024-03-03
2024-03-04
2024-03-05
2024-03-06
Found a bit of a weird situation with the recent updates to the Spacelift components as of 1.400.0. Was the addition of space_name_pattern intended to be a breaking change? Using it is a hard requirement of the new release
https://github.com/cloudposse/terraform-aws-components/issues/996
was having the issue as well and notified @Andriy Knysh (Cloud Posse) and @Erik Osterman (Cloud Posse). Currently pinned my version on pre 400 and also awaiting a fix for this (I’m not in a hurry yet and involved with some other prs)
we have a fix, but have not upstreamed it yet. You can pin the component to pre 400, or just add space_name_pattern: “” to the component config. It’s set to null now by default, and the null breaks other code
2024-03-07
2024-03-10
Trying to get default_route_enabled working with the tgw/spoke module. Currently stuck at
│ Error: creating Route in Route Table (rtb-0b999f9d3ccb0f9c7) with destination (10.14.4.0/23): InvalidTransitGatewayID.NotFound: The transitGateway ID 'tgw-019c1d8199bc68916' does not exist.
│ status code: 400, request id: 53725870-12b1-4ae8-b5f6-61bc927222ae
│
│ with aws_route.back_route[0],
│ on main.tf line 71, in resource "aws_route" "back_route":
│ 71: resource "aws_route" "back_route" {
The mentioned TGW does exist (it’s a shared resource). Currently not spotting the obvious of why its not working. Anybody has this working?
could it be a race condition? I’ve seen that before when referencing a shared resource, since it may not have been fully available in AWS yet
The resource is there, and a long time. As soon as I use the other parts of the module (which also refers to this tgw) it works without issues.
2024-03-11
2024-03-12
I have a question about the aws_ecr module. I’ve been using it for a while now, but just recently, the scenario came up where I need to update the prefix for the tag used for retention. Updating the value for the input variable for the prefix does not seem to trigger any changes from terraforms perspective when calling the existing module? Any thoughts?
Originally I was using a data call for the jsonencoded policy rules
@Ben Smith (Cloud Posse) @Dan Miller (Cloud Posse)
Do you have a link to the variable that doesn’t appear to be changing anything?
Im sure its related to my use of a data call, but im trying to switch over to passing in a locals block outside of the module, to the input variable to “update” it
2024-03-15
hiya folks, any chance of a review + merge on this: https://github.com/cloudposse/terraform-aws-rds-cluster/pull/186
2024-03-20
Hey people,
I’m not sure if this is the right channel for this question. My apologies if it’s not.
I have an EC2 instance that was created using a terraform module. I am creating an autoscaling group for it so that there is no downtime when there is a change to the instance. I have already written the code for the ASG, but terraform docs do not mention how to attach the existing instance to the ASG. AWS docs show that it is possible to do this using aws autoscaling attach-instances
Is this something that can be done using terraform and if it is, kindly show an example of how to go about it.
Thanks!
@Dan Miller (Cloud Posse)
If you already have the ASG in AWS, then you can import that ASG into Terraform
I didn’t have the ASG, but I figured out what to do - create the ASG and then manually attach the instance (having removed it from state), the remove the instance tf code and kill the instance after verifying that the ASG is spinning up instances correct
Hello @Erik Osterman (Cloud Posse), I saw this repo has been created ; https://github.com/cloudposse/terraform-aws-batch
Is the CloudPosse team working on it, or do you need help getting started?
I’m very interested in a Terraform module for AWS batch
@Ben Smith (Cloud Posse)
Hey @Quentin BERTRAND I have some work towards this, I’ll need to upstream it. My one concern with the module, is it needs to handle environments, job definitions, and queues individually, my thought was to have these as separate submodules, as I do not want them tightly coupled. Do you have thoughts on this? The use case we had for this we ended up switching to just scheduled ECS tasks.
Hello @Ben Smith (Cloud Posse),
Sorry for this late response.
my thought was to have these as separate submodules
Like with endpoints in the “global-accelerator” module?
Do you have thoughts on this? The use case we had for this we ended up switching to just scheduled ECS tasks.
We are currently considering whether AWS Batch can meet our needs. It is possible that ECS tasks will suffice.
I will come back in a few weeks, hopefully with some feedback on the subject.
Hello! I’m working on AWS Batch modules. Like you thought, I’ve split into several submodules ;
• compute_environment
• job_definition
• job_queue
• scheduling_policy I will try it in local, then I will open a PR on the repository to push all the code
2024-03-22
2024-03-27
2024-03-28
I’m trying to deploy an elasticache memcached cluster using the https://github.com/cloudposse/terraform-aws-elasticache-memcached
I’ve got it mostly working, but now I’m attempting to spin a 10 node cluster in a VPC where I have 3 availability zones available and am getting an error:
│ Error: length of preferred_availability_zones (3) must match num_cache_nodes (10)
│
│ with module.app_cache_memcached.aws_elasticache_cluster.default[0],
│ on .terraform/modules/app_cache_memcached/main.tf line 101, in resource "aws_elasticache_cluster" "default":
│ 101: resource "aws_elasticache_cluster" "default" {
Am I correct in understanding that I simply always have to pass in a list of availability zones, and just ensure the number of elements in that list matches the number of cache nodes being requested?
ah nm I seem to have found a workaround. I was not relying on passing a list of availability zones in from variables, but rather finding specific availability zones with a data source. Once I’m absolutely happy with how I have it working I’ll post something here
Since I was relying on a data source (instead of variables) to discover my private subnets/AZs, I just ended up doing something like this
data "aws_subnets" "private" {
filter {
name = "tag:Attributes"
values = ["private"]
}
}
data "aws_subnet" "selected" {
for_each = toset(data.aws_subnets.private.ids)
id = each.value
}
module "app_cache_memcached" {
source = "cloudposse/elasticache-memcached/aws"
version = "0.19.1"
availability_zones = [for i in range(var.app_cache_node_count) : values(data.aws_subnet.selected)[i % length(data.aws_subnet.selected)].availability_zone]
az_mode = "cross-az"
vpc_id = values(data.aws_subnet.selected)[0].vpc_id
subnets = [for s in data.aws_subnet.selected : s.id]
cluster_size = var.app_cache_node_count
instance_type = var.app_cache_instance_type
engine_version = var.app_cache_engine_version
apply_immediately = true
elasticache_parameter_group_family = var.app_cache_parameter_group_family
max_item_size = var.app_cache_max_item_size
context = module.app_cache.context
}
This…probably isn’t ideal since I literally just repeat the list of availability_zone id’s until that = the number of cache nodes being requested, however it seems to work just fine