#terraform-aws-modules (2024-07)
Terraform Modules
Discussions related to https://github.com/terraform-aws-modules
Archive: https://archive.sweetops.com/terraform-aws-modules/
2024-07-01
Hey everyone, we’ve hit a weird issue while updating eks/karpenter component from 1.416 to 1.468 ( ). It seems, the new version of the component wants to create an IAM policy for both legacy v1alpha and new v1 entities.
And the resulting policy is larger than the limit… And there’s no way to disable old policy (except by creating an overrides file, which we did).
Error: creating IAM Policy (nsp-core-apse2-auto-karpenter-karpenter@kube-system): operation error IAM: CreatePolicy, https response error StatusCode: 409, RequestID: 714c38d8-30e6-4019-8ffc-071c236443a6, LimitExceeded: Cannot exceed quota for PolicySize: 6144
@Marat Bakeev Sorry, that’s a known issue that we have fixed but have not yet cleaned up for publication. I had hoped to have it published by now, but more urgent issues required my attention.
For now, you can modify main.tf , commenting out the local.controller_policy_v1alpha_json
from the iam_source_policy_documents
list. Or you can wait for the fix, which should be published in the next day or two.
As mentioned in the comments, the reason we include the v1alpha policy is so that, when upgrading from v1alpha to v1beta, the controller can clean up v1alpha resources. It is not relevant if you are not upgrading, and I think the old policy was insufficient anyway, so it should not be a big deal to comment it out. If you are upgrading, then just check the Karpenter controller logs for errors trying to delete things like instance profiles and delete them manually.
iam_source_policy_documents = [local.controller_policy_v1alpha_json, local.controller_policy_json]
Got it, no worries. Thanks
2024-07-03
2024-07-08
2024-07-22
2024-07-29
I’ve been looking for an terraform module(s) that will let me set up a website using cloudfront, backed by an s3 origin AND use api gateway with lambda as one single site. Anyone know of a module or have an example thats puts all of these together? I see modules around that do bits of this, but not one working together.
@Yonatan Koren @Dan Miller (Cloud Posse) @Andriy Knysh (Cloud Posse)
You may be hard-pressed to find a module that does it all. Our philosophy has been to create modules that do 1 thing and do 1 thing well, rather than attempting to support specific use cases
For example, you can deploy cloudfront backed by with an s3 origin with a cloudfront-s3-cdn module, deploy api gateway with an api-gateway module, and then deploy the lambda with a lambda module
you can also create a root module (we call it a component) that uses all of these modules to provision all the resources that you need