#terraform (2025-01)
Discussions related to Terraform or Terraform Modules
Archive: https://archive.sweetops.com/terraform/
2025-01-01
2025-01-04
trying to set up atmos and slightly new, I am having difficulty understanding how to use this _defaults.yaml
I am trying to work out how I can set up my s3 backend without having to put it in each stack yaml…
@Daniel Booth let’s use atmos
did oyu review this doc https://atmos.tools/quick-start/advanced/configure-terraform-backend
In the previous steps, we’ve configured the vpc-flow-logs-bucket and vpc Terraform components to be provisioned into three AWS accounts
2025-01-07
v1.11.0-alpha20250107 1.11.0-alpha20250107 (January 7, 2025) ENHANCEMENTS:
init: Provider installation will utilise credentials configured in a .netrc file for the download and shasum URLs returned by provider registries. (https://github.com/hashicorp/terraform/pull/35843) New command modules -json: Displays a full list of all installed modules in a working directory, including whether each module is currently referenced by the…
1.11.0-alpha20250107 (January 7, 2025) ENHANCEMENTS:
init: Provider installation will utilise credentials configured in a .netrc file for the download and shasum URLs returned by provider registri…
2025-01-08
v1.10.4 1.10.4 (January 8, 2025) BUG FIXES:
type conversion: Empty map conversions now return correct type information (#36262)
terraform console: Fix crash when printing ephemeral values (<a href=”https://github.com/hashicorp/terraform/issues/36267” data-hovercard-type=”pull_request”…
Update go-cty to include latest type conversion bug fixes.
Fixes #36247 Target Release
1.10.4 Draft CHANGELOG entry
BUG FIXES
type conversion: Fix bug where empty map conversions were returni…
We now check if a value has an ephemeral mark before trying to format it. The check prevents us from passing a marked value to go-cty's AsString function, which leads to a crash.
Fixes #36261…
Has anyone messed around with OpenTofu? What are your thoughts?
I’ve used it. Exactly the same as terraform, with different features
The one win terraform has over it is ephemeral
. Opentofu will get it soon
Opentofus for each on providers is nice
Best thing about opentofu is that it can be used with any cicd due to the open license
Thanks for the insight, I learn something new everyday
2025-01-09
Hi everyone, I don’t know if I should post this here but I’m facing an issue when working with Localstack and trying to create some subnets using the dynamic-subnets module, during plan I can see the tags I’ve added to the module, but affter apply I cannot see the tags. Is this a known issue? or am I doing something wrong with my localstack setup?
hey, which input do you use to specify tags? also, for which resource are they missing?
They’re missing for the subnets I’m adding to the VPC:
paola.gonzalez@XXX 00-base % aws --endpoint-url=<http://localhost:4566> ec2 describe-subnets \
--filters "Name=vpc-id,Values=$(aws --endpoint-url=<http://localhost:4566> ec2 describe-vpcs --filters "Name=tag:Name,Values=ifeel-localstack-base-vpc-home-office" --query 'Vpcs[0].VpcId' --output text)" \
--query 'Subnets[*].[SubnetId,CidrBlock,AvailabilityZone,Tags[*]]' \
--output table
-----------------------------------------------------------------------
| DescribeSubnets |
+---------------------------+-------------------+-------------+-------+
| subnet-60dc36a52c049ce50 | 10.111.0.0/26 | us-east-1a | None |
| subnet-eab4817e855db8035 | 10.111.1.128/26 | us-east-1a | None |
| subnet-3a6faadc5bb1c2103 | 10.111.0.64/26 | us-east-1b | None |
| subnet-5b7bb25e10c543f41 | 10.111.1.192/26 | us-east-1b | None |
+---------------------------+-------------------+-------------+-------+
This is the output from the subnets, and I created them with:
# Module implementation for creating subnets for the home office VPC
module "subnets_home_office" {
source = "cloudposse/dynamic-subnets/aws"
version = "2.4.1"
namespace = local.namespace
environment = var.environment
stage = local.stage
name = "subnet"
attributes = ["home-office"]
availability_zones = local.azs
subnets_per_az_names = local.subnets_per_az_names
vpc_id = module.vpc_home_office.vpc_id
igw_id = [module.vpc_home_office.igw_id]
ipv4_cidr_block = [module.vpc_home_office.vpc_cidr_block]
nat_gateway_enabled = true
nat_instance_enabled = false
# Tags to apply during launch
tags = merge(local.default_tags, {
Resource-Type = "subnet" # Tag to identify the resource type
Security-Level = "high"
Access-Control = "strict"
})
}
Seems some odd behavior from Localstack, but I want to know if there’s some kind of configuration I’m missing because my other configurations relies on this tags
Hmm, mine don’t populate either:
----------------------------------------------------------------------------
| DescribeSubnets |
+-------------------+-----------------+----------------------------+-------+
| AvailabilityZone | CidrBlock | SubnetId | Tags |
+-------------------+-----------------+----------------------------+-------+
| us-east-1a | 172.31.0.0/20 | subnet-ec66b8ed96a309a47 | None |
| us-east-1b | 172.31.16.0/20 | subnet-a064bebd4c760222e | None |
| us-east-1c | 172.31.32.0/20 | subnet-3d16330ceebe12c84 | None |
| us-east-1d | 172.31.48.0/20 | subnet-54539814e1b4abd6e | None |
| us-east-1e | 172.31.64.0/20 | subnet-f5f75179de158b1d4 | None |
| us-east-1f | 172.31.80.0/20 | subnet-3e1fb295838bc26ad | None |
+-------------------+-----------------+----------------------------+-------+
Interesting find!
not sure if others have this particular use case, but would appreciate some support via on the feature request i opened for a new terraform aws resource to manage invoicing configurations for an aws organization… https://github.com/hashicorp/terraform-provider-aws/issues/40844
2025-01-10
Hi everyone, enjoying using Atmos :heart: I just had a quick clarification question regarding setting the remote_state_backend
configuration, reading the backend configuration docs it says
When working with Terraform backends and writing/updating the state, the terraform-backend-read-write role will be used. But when reading the remote state of components, the terraform-backend-read-only role will be used.
Could someone clarify, this refers to using the remote_state terraform module only and not say if I ran
atmos terraform output my_component -s my_stack
or if I referenced an output in a stack via a yaml function such as
!terraform.output my_component my_stack my_output_value
This is the behavior I’m seeing, just wanting to know if I’m not doing something wrong
Atmos supports configuring Terraform Backends to define where Terraform stores its state, and Remote State to get the outputs of a Terraform component, provisioned in the same or a different Atmos stack, and use the outputs as inputs to another Atmos component.
Mind moving this to atmos?
Atmos supports configuring Terraform Backends to define where Terraform stores its state, and Remote State to get the outputs of a Terraform component, provisioned in the same or a different Atmos stack, and use the outputs as inputs to another Atmos component.
2025-01-14
The Hashitalks schedule was just released if anyone is interested: https://events.hashicorp.com/hashitalks2025