@ndobbs wrote:
Hi everyone, hoping some of you can provide me with some insight on using a single output definition for multiple modules.
module.cust1-transfer-server
module.cust2-transfer-server
module.cust3-transfer-server
module.custN-transfer-serverIs there a way to loop over each module and output a value in a single output statement, rather than having to explicitly define an output for every module?
Posts: 1
Participants: 1
@JBarna wrote:
Hey all - thought I’d share some learnings and experiences we’ve had getting the Serverless Framework and Terraform to work in sync. Was quite a journey and hope this helps anyone else trying to get started with a serverless application.
Let me know if you have any questions! Happy to help where I can.
Posts: 1
Participants: 1
@prasadnh wrote:
Hi
Trying to create s3 bucket and restrict to vpc based access. I am using 12.12 version
when I create datasource with aws_vpc (with tag name), I can pass the data value, everything works fine but different accounts have different number of vpcs.
data “aws_vpc” “vpcname” {
filter {
name = “tag:Name”
values = [“vpcname”]
}when I use aws_vpcs to
data “aws_vpcs” “allvpcs” {
}Tried diferent ways to list all vpcs in policy
“{tolist(data.aws_vpcs.allvpcs.ids)}" ["{tolist(data.aws_vpcs.allvpcs.ids)}”]
“{data.aws_vpcs.allvpcs.ids}" ["{data.aws_vpcs.allvpcs.ids}”]s3 policy :
…
“Condition”: {
“StringNotEquals”: {
“aws:sourceVpc”: ["${tolist(data.aws_vpcs.allvpcs.ids)}"]
}
}
}Error :
60:
61: “aws:sourceVpc”: ["${tolist(data.aws_vpcs.allvpcs.ids)}"]
62:
63:
64:
65:
66:
67:
|----------------
| data.aws_vpcs.allvpcs.ids is set of string with 2 elementsCannot include the given value in a string template: string required.
Posts: 3
Participants: 2
@mojochao wrote:
I am using environment branches in my infrastructure git repo where each branch has its own remote state file in S3. When I checkout an environment branch, and rerun
terraform initit prompts me if I want to copy state data, to which I always want to answer “no”. I see a--force-copyoption that always answers “yes”.Is there an existing command that always answers “no”? Looking at the docs, it appears
--reconfiguremight be the option I’m looking for, but I wanted to make sure.Thanks in advance for any clarification you can provide.
Posts: 1
Participants: 1
@mizunos wrote:
I need to create multiple gitlab users using Terraform without using the count function.
A user have the following attributes : name, username, email, initial pw. Want to apply that pattern for a list of 20 users.
Posts: 1
Participants: 1
@sai-ns wrote:
Hi, I was previously using for_each for appservice creation with which I was able to retrieve principal_id of all appservices to use in access_policy resource. But when I changed access_policy resource to a conditional resource by using count, I am having trouble retrieving principal_id of identity since I cannot use splat on a map.
I ran out of ideas and wanted to check if anyone has previously successfully retrieved similar values or have any inputs on how I can retrieve principal_Id.resource “azurerm_app_service” “webapp” {
for_each = var.appservice
name = each.value
.
.
identity {
type = “SystemAssigned”
}
}
resource “azurerm_key_vault_access_policy” “azaccesspolicy” {
count = var.keyvault_name != null ? local.appservicecount : 0
#object_id = lookup(each.value.appservice.identity[0],“principal_id”)
object_id =??
secret_permissions = [“get”]
}
My state file looks something like below
{
“name”: “webapp”,
“each”: “map”,
“provider”: “provider.azurerm”,
“instances”: [
{
“identity”: [
{
“identity_ids”: ,
“principal_id”: “011111-8888-4a76-0987-1234567890”,
“type”: “SystemAssigned”
}
],
]
},
Posts: 1
Participants: 1
@mexin wrote:
Im having trouble trying to change my current aws_route53_record that has a web app, Im trying to decouple it and use a s3 static site, I’m trying the following
resource "aws_route53_zone" "site_zone" { name = "${var.site_name}" } resource "aws_route53_record" "site_cname" { zone_id = "${aws_route53_zone.site_zone.zone_id}" name = "${var.site_name}" type = "NS" ttl = "30" records = [ "${aws_route53_zone.site_zone.name_servers.0}", "${aws_route53_zone.site_zone.name_servers.1}", "${aws_route53_zone.site_zone.name_servers.2}", "${aws_route53_zone.site_zone.name_servers.3}" ] }And my current config is
resource "aws_route53_record" "www-prod" { zone_id = aws_route53_zone.primary_route.id name = var.domain type = "A" alias { name = var.ecs-frontend-alb-dns-name zone_id = var.ecs-frontend-alb-dns-zone-id evaluate_target_health = true } }is there anything I missed?
Thanks for the help!
Posts: 1
Participants: 1
@thahirpk wrote:
Error: Error creating VPC: UnauthorizedOperation: You are not authorized to perform this operation.
status code: 403, request id: 48a49856-1b3f-4004-afc7-98c397c9be87on provider.tf line 8, in resource “aws_vpc” “main”:
8: resource “aws_vpc” “main” {
Posts: 2
Participants: 2
@jimen0 wrote:
Hi,
I’m using the official HCL Go module
https://pkg.go.dev/github.com/hashicorp/hcl/v2@v2.3.0/gohclto parse some Terraform files that contain Terraform GitHub Provider configuration. I didn’t find a way to parse attributes as raw strings without being forced to provide the decoder with a Context that knows how to resolve any function or variable referenced.I was wondering if it is possible to use
https://pkg.go.dev/github.com/hashicorp/hcl/v2@v2.3.0/gohcl?tab=doc#DecodeBodywith anilContextand therefore be able to use raw values instead of having to interpret things like${locals.example.[count.index]}.The goal is to be able to rewrite the
.tffiles from a script removing a resource if it matches a given pattern.Sorry for posting it in Terraform subforum, I didn’t find a specific one for HCL questions.
Kind regards!
Posts: 1
Participants: 1
@axios-devops wrote:
Hi,
We have a storage account that was manually created in the azure portal - the virtual network rule was also created manually. Part of our terraform script creates a vnet with a subnet and adds the subnet to the virtual network rules of this storage account, however instead of updating the virtual network rules it wipes the current configuration and just adds the new subnet.
Here is the script I am using:
> resource "azurerm_storage_account_network_rules" "network-rule" { > resource_group_name = "${var.azure_region}-DEFAULT-STOR" > storage_account_name = lower("${var.azure_region}packages") > default_action = "Deny" > virtual_network_subnet_ids = [module.build_vnet_with_subnet.linux-snet-id] > }Terraform version: 0.12.20
azurerm provider: 1.43.0Is it possible to add a new subnet to the existing virtual network rules of a storage account without losing the current configuration?
To Replicate
- Create a storage account that has at least 1 virtual network firewall rule
- Run terraform apply to add the new virtual network
Check the firewall rules and you will just see the new virtual network added
Posts: 2
Participants: 2
@skylerto wrote:
Hello Community!
I’m writing a terraform provider but I’m running into trouble when trying to interact with a generic API.
I know that variables are now able to be defined in generic depth map. There was a GitHub issue open for awhile on this: https://github.com/hashicorp/terraform/issues/2114
Seems like terraform 12 was supposed to solve these too: Returning nested maps from provider
But what I would love to be able to do is have my provider accept this generic depth map as input. Has anyone encountered this and/or found a solution/have any ideas on how I can?
I’ve searched through the code but I can’t seem to find anything that allows this to be supported.
Ref: https://github.com/hashicorp/terraform/issues/2114
Returning nested maps from provider
Posts: 1
Participants: 1
@umairidris wrote:
Hi,
I am looking to make improvements in the Google Provider, specifically the resource google_project (https://github.com/terraform-providers/terraform-provider-google/blob/master/google/resource_google_project.go).
Currently, the google_project resource creates a project and also does some additional functions such as link a billing account and deleting the default network.
The problem occurs when the project itself is created properly, but a later call such as linking billing account fails. The resource becomes ‘tainted’ and forces a delete and recreate on the next run. Since projects have a 30 day recovery period, the re-create fails and thus the user ends up in a limbo.
I am looking to add partial state support here. Essentially what I would like is to partially commit the project to state. If there is a failure with the billing account link then we return an error. On retry, I would like to skip past the project creation and retry billing account link. Once billing account succeeds we add the billing account field to the state, and continue on.
Can partial state help here and do you have any examples for reference (on resource creation, not update).
Thanks!
Posts: 1
Participants: 1
@armankoradia wrote:
Hi,
I am creating S3 buckets with different names provided in the variables list using the below code.
resource "aws_s3_bucket" "mybuckets" { count = length(var.bucket_type) bucket = "${var.appender}-mybucket-${element(var.bucket_type, count.index)}" acl = "private" lifecycle_rule { enabled = true transition { days = 60 storage_class = "STANDARD_IA" } transition { days = 120 storage_class = "GLACIER" } } tags = { Name = "${var.appender}-mybucket-${element(var.bucket_type, count.index)}" } }Now, I want to create IAM Policy that will have access to these created buckets but I’m facing error creating that policy dynamically as I am using “aws_s3_bucket.mybuckets.arn” will be a tuple containing multiple elements i.e. it is list and not string.
I am using below code to generate IAM Policy for the user.resource "aws_iam_user_policy" "bucket_access_policy" { name = "${var.appender}-bucketaccess-policy" user = aws_iam_user.this[0].name #policy = "data.template_file.policy_doc.rendered" policy = <<EOF { "Version":"2012-10-17", "Statement":[ { "Action":[ "s3:ListAllMyBuckets", "s3:GetBucketLocation", "s3:HeadBucket", "s3:GetAccessPoint", "s3:ListJobs", "s3:CreateJob", "ec2:Describe*" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "s3:Get*", "s3:Put*", "s3:Update*", "s3:DeleteObject", "s3:RestoreObject" ], "Effect":"Allow", "Resource":[ "${aws_s3_bucket.mybuckets[*].arn}", "${aws_s3_bucket.mybuckets[*].arn}/*" ] } ] } EOF }I tried multiple ways to achieve this but none worked or may be I’m making some mistake. I tried using rendered template_file and passing vars to it but that also fails with same error. I tried using $split(",", aws_s3_bucket.mybuckets[*].arn) as well. I also tried jsonencode in the policy block.
Also tried using ${concat(aws_s3_bucket.ontarget_buckets[*].arn)} but ends up with error as Cannot include the given value in a string template: string required.
Please suggest how I can achieve this! What change should I make to generate dynamic IAM Policy that will put list of all the buckets in the policy that are being created irrespective of the number of buckets.
Thanks in advance for help.
Terraform v.0.12.20
Posts: 1
Participants: 1
@rajaviswanadhul wrote:
Hi Team,
I am new to terraform ,have been assigned to create modules in terraform for installation of piece of softwares and service restarts , could you please suggest me with this
- Installation of tomcat software on RedHat Linux Operating System which is residing in VMware ESX Cluster
- Instance recycle (Tomcat) restarts
Thanks in Advance
Posts: 1
Participants: 1
@a8ree wrote:
I’m looking for some help with my code that is creating DNS records from a CSV. Currently, I have to specify the DNS zone ID in my CSV - and whilst it works, it isn’t very intuitive.
Here is my code:
locals {
csv_simpledns = file("${path.module}/dns_simple_records.csv")
simpledns_instances = csvdecode(local.csv_simpledns)csv_weighteddns = file("${path.module}/dns_weighted_records.csv")
weighteddns_instances = csvdecode(local.csv_weighteddns)csv_pub_dnszones = file("${path.module}/dns_pub_zones.csv")
dns_pub_zone_instances = csvdecode(local.csv_pub_dnszones)csv_priv_dnszones = file("${path.module}/dns_priv_zones.csv")
dns_priv_zone_instances = csvdecode(local.csv_priv_dnszones)
}This will create our public zones
resource “aws_route53_zone” “public_zones” {
for_each = { for inst in local.dns_pub_zone_instances : inst.key => inst }
name = each.value.name
tags = var.tags
}This will create our private zones
resource “aws_route53_zone” “private_zones” {
for_each = { for inst in local.dns_priv_zone_instances : inst.key => inst }
name = each.value.name
tags = var.tagsvpc {
vpc_id = each.value.vpc_id
}
}This will implement simple DNS routing records through iterating through the CSV
resource “aws_route53_record” “simple” {
for_each = { for inst in local.simpledns_instances : inst.key => inst }
zone_id = each.value.zone_id
name = each.value.name
type = each.value.type
ttl = each.value.ttl
records = split(",", “${each.value.records}”)}
Read in the current DNS Zones
data “aws_route53_zone” “main” {
for_each = { for inst in local.dns_pub_zone_instances : inst.key => inst }
#name = each.value.name
private_zone = false
}This will implement weighted DNS routing records through iterating through the CSV
resource “aws_route53_record” “weighted” {
for_each = { for inst in local.weighteddns_instances : inst.key => inst }zone_id = each.value.zone_id
Commented line above works when providing the zone ID in the CSV file
zone_id = "${lookup(data.aws_route53_zone.main.zone_id, each.value.name, null)}"attempt to lookup the zone_id corresponding to the name
name = each.value.name type = each.value.type ttl = each.value.ttl records = split(",", "${each.value.records}")weighted_routing_policy {
weight = each.value.weight
}
}As you can see in the comments, I’ve tried to use a data lookup to determine the mapping from name to zone_id - but it errors.
Can anyone suggest how to do this?
Thanks
Posts: 1
Participants: 1
@Arconapalus wrote:
The question in point regards to the google_cloud_composer_environment creates an service account. I’m testing if possible, of importing or iam_binding service account to create the configuration without using a default GCP SA. In my pipeline when I do a pull request, cloud build uses it’s default service account to build TF configuration. I’m seeing if possible if I could hard code an alternative service account (SA) to be either imported or bind with custom roles to have least privilege.
Posts: 1
Participants: 1
@prasadnh wrote:
Hi
Can we order the terrform resource execution?
I was trying to create s3 bucket and add vpc based policy to it… most of the time my run fails with below error… but when I apply again, successfully adds policy to bucket.
Error: Error deleting s3 policy: OperationAborted: A conflicting conditional operation is currently in progress against this resource, please try again.
status code: 409, request id:<>, host id:<>My setup is like this
S3 bucket module
Bucket policy module which points to s3 bucket id(from s3 bucket module) as bucket idSince Depends_on is not available for modules, need to figure out to wait for bucket created first before policy apply.
Thanks,
Posts: 1
Participants: 1
@RussellMaycock wrote:
Hi,
I’m trying to create a module for some services, part of that is a app service plan and a web app.
I need the ability to change the app service plan from Standard down to Free when required. However, Although the plan looks good, it changes the alway_on to false and the use_32_bit_worker_process to true it fails to run. Checking the errors, it says{"Code":"Conflict","Message":"Cannot update the site 'Webapp' because it uses x64 worker process which is not allowed in the target compute mode.","Target":null,"Details":[{"Message":"Cannot update the site 'Webapp' because it uses x64 worker process which is not allowed in the target compute mode."},{"Code":"Conflict"},{"ErrorEntity":{"ExtendedCode":"04066","MessageTemplate":"Cannot update the site '{0}' because it uses x64 worker process which is not allowed in the target compute mode.","Parameters":["Webapp"],"Code":"Conflict","Message":"Cannot update the site 'Webapp' because it uses x64 worker process which is not allowed in the target compute mode."}}],"Innererror":null}"Why is it not changing the web app first and then changing the app service plan. If I could put a depends_on, but then I wouldn’t be able to create the app service plan in the first place. Any help would be great
data "azurerm_subscription" "current" {} resource "azurerm_resource_group" "tq_resource_group" { name = var.resource_group_name location = var.location } resource "azurerm_app_service_plan" "tq_app_service_plan" { name = var.app_service_plan location = azurerm_resource_group.tq_resource_group.location resource_group_name = azurerm_resource_group.tq_resource_group.name kind = var.kind reserved = var.kind == "linux" ? true : false sku { tier = var.skutier size = var.skusize capacity = var.capacity } } resource "azurerm_app_service" "tq_webapp" { name = var.name location = azurerm_resource_group.tq_resource_group.location resource_group_name = azurerm_resource_group.tq_resource_group.name app_service_plan_id = azurerm_app_service_plan.tq_app_service_plan.id https_only = true site_config { always_on = local.always_on dotnet_framework_version = local.dotnet_framework_version use_32_bit_worker_process = local.use_32_bit_worker_process http2_enabled = local.http2_enabled } dynamic "connection_string" { for_each = var.connection_strings content { name = connection_string.value.name type = connection_string.value.type value = connection_string.value.value } } app_settings = local.app_settings }### Basic settings - will be used in multiple places variable "location" { type = string description = "Location of the resources" } variable "resource_group_name" { type = string description = "The Resource Group Name of the Service" } ### End of Basic settings ### Used for App Service Plan variable "app_service_plan" { type = string description = "Used to specify the App Service Plan name which the Web App will use." } variable "kind" { type = string default = "app" description = "The kind of App Service Plan to create. The options are as follows -> Windows (also available as App), Linux, elastic (for Premium Consumption) and FunctionApp (for a Consumption Plan). Defaults to Windows. Changing this forces a new resource to be created." } variable "reserved" { type = bool default = false description = "This is required to be set if you are going to linux for the App Serice Plan, It defaults to false " } ### ### used in the Sku block in the App Service Plan variable "skutier" { type = string default = "Free" description = "The required tier - Free, Basic, Standard" } variable "skusize" { type = string default = "F1" description = "The required sku size F1 (Free), B1 (Basic 1), S1 (Standard 1), S2 (Standard 2) for a full list please see the list at ->" } variable "capacity" { type = number default = 0 description = "Number of instances assigned to the App Service." } ### ### end of the sku block in the App Service Plan ### End of the App Serivce Plan ### Start of the Web App variable "name" { type = string description = "The name of the App Service." } variable "app_settings" { type = map(string) default = {} description = "App Settings Go here" } variable "connection_strings" { type = list(object({ name = string type = string value = string })) default =[] } locals { is_shared = contains(["F1", "FREE", "D1", "SHARED"], upper(var.skusize)) always_on = "${local.is_shared == true ? null : true}" use_32_bit_worker_process = "${local.is_shared == true ? null : false}" dotnet_framework_version = "v4.0" http2_enabled = false app_settings = var.app_settings }
Posts: 1
Participants: 1