#terraform-aws-modules (2024-07)

terraform Terraform Modules

Discussions related to https://github.com/terraform-aws-modules

Archive: https://archive.sweetops.com/terraform-aws-modules/

2024-07-01

Marat Bakeev avatar
Marat Bakeev
12:14:33 AM

Hey everyone, we’ve hit a weird issue while updating eks/karpenter component from 1.416 to 1.468 ( ). It seems, the new version of the component wants to create an IAM policy for both legacy v1alpha and new v1 entities.

And the resulting policy is larger than the limit… And there’s no way to disable old policy (except by creating an overrides file, which we did).
Error: creating IAM Policy (nsp-core-apse2-auto-karpenter-karpenter@kube-system): operation error IAM: CreatePolicy, https response error StatusCode: 409, RequestID: 714c38d8-30e6-4019-8ffc-071c236443a6, LimitExceeded: Cannot exceed quota for PolicySize: 6144

1
Marat Bakeev avatar
Marat Bakeev
12:19:36 AM
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
12:36:42 AM

@Jeremy G (Cloud Posse)

1
Jeremy G (Cloud Posse) avatar
Jeremy G (Cloud Posse)
08:50:47 AM

@Marat Bakeev Sorry, that’s a known issue that we have fixed but have not yet cleaned up for publication. I had hoped to have it published by now, but more urgent issues required my attention.

For now, you can modify main.tf , commenting out the local.controller_policy_v1alpha_json from the iam_source_policy_documents list. Or you can wait for the fix, which should be published in the next day or two.

As mentioned in the comments, the reason we include the v1alpha policy is so that, when upgrading from v1alpha to v1beta, the controller can clean up v1alpha resources. It is not relevant if you are not upgrading, and I think the old policy was insufficient anyway, so it should not be a big deal to comment it out. If you are upgrading, then just check the Karpenter controller logs for errors trying to delete things like instance profiles and delete them manually.

  iam_source_policy_documents = [local.controller_policy_v1alpha_json, local.controller_policy_json]
1
Marat Bakeev avatar
Marat Bakeev
09:12:56 AM

Got it, no worries. Thanks

Jeremy G (Cloud Posse) avatar
Jeremy G (Cloud Posse)
04:10:13 PM

@Marat Bakeev This has been fixed in Components v1.470.0.

1

2024-07-03

2024-07-08

2024-07-22

2024-07-29

awl avatar
awl
05:18:06 PM

I’ve been looking for an terraform module(s) that will let me set up a website using cloudfront, backed by an s3 origin AND use api gateway with lambda as one single site. Anyone know of a module or have an example thats puts all of these together? I see modules around that do bits of this, but not one working together.

Gabriela Campana (Cloud Posse) avatar
Gabriela Campana (Cloud Posse)
07:38:02 PM

@Yonatan Koren @Dan Miller (Cloud Posse) @Andriy Knysh (Cloud Posse)

Dan Miller (Cloud Posse) avatar
Dan Miller (Cloud Posse)
08:52:53 PM

You may be hard-pressed to find a module that does it all. Our philosophy has been to create modules that do 1 thing and do 1 thing well, rather than attempting to support specific use cases

For example, you can deploy cloudfront backed by with an s3 origin with a cloudfront-s3-cdn module, deploy api gateway with an api-gateway module, and then deploy the lambda with a lambda module

3
Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)
08:59:20 PM

you can also create a root module (we call it a component) that uses all of these modules to provision all the resources that you need

this2

2024-07-30

    keyboard_arrow_up