Questions tagged [terraform]
Terraform is a tool for building, changing, and combining infrastructure safely and efficiently.
431
questions
0
votes
0
answers
65k
views
Terraform error: importing EC2 Key Pair (XXXX): InvalidKeyPair.Duplicate: The keypair already exists
Terraform newbie here. I am trying to add an additional node group to existing terraform stack that has already been deployed in AWS region by someone else in my organization. I have run through ...
0
votes
1
answer
33
views
ECS Dynamic Port Mapping: "port should be set when target type is instance"
I've set the following via Terraform:
Task-definition level:
network_mode = "bridge"
Container level:
portMappings = [
{
hostPort = 0,
containerPort = 8080
}
]
Terraform ...
0
votes
1
answer
41
views
Is it possible to limit changes to a GCP Organization IAM Policy?
We've experienced an incident where a user was using Terraform against GCP to edit the organization policy (https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/...
1
vote
1
answer
108
views
Terraform suddenly, regularly fails while pushing state to S3
As of a few months ago, Terraform will fail 10% of the time while, apparently, pushing state to the backend (which is in S3). I'll have to cleanup the cruft left behind, run it again, and it'll pass. ...
1
vote
2
answers
58
views
How to display all the resources present in aws using terraform command?
Terraform show command will show all the resources in the state file.
But we need to display all the resources present in AWS (or region specific), not just the one in the state file.
How to do that ...
0
votes
0
answers
37
views
How to add tags automatically to AWS Volumes with Terraform
I have the following Terraform script to deploy an EKS cluster (tags left empty to hide values)
EKS.tf
provider "aws" {
region = var.region
profile = var.profile
default_tags {
...
0
votes
0
answers
20
views
Secrets management for Azure DevOps IAC
I have an Azure Devops Infrastructure As Code (IAC) allowing users to deploy virtual machines using terraform pipelines and to access them using SSH or RDP.
For the moment, the process is the ...
0
votes
0
answers
34
views
Kubernetes is no accepting traffic from my Load Balancer when I deploy it in Terraform in DigitalOcean
When I deploy my ingress controller I get an error from digital ocean dashboard
0/1
Kubernetes nodes accepting traffic
--
First I create my kubernetes cluster named avatares_cluster
# main.tf
...
0
votes
0
answers
42
views
Using PAT to authenticate against AzureDevops Git in AzApi Terraform Provider
I am trying to use the AzApi Terraform Provider to install fluxcd on a k8s cluster running on Azure Cloud.
Fluxcd should then look for changes in a AzureDevops Git Repo.
In the AzApi Terraform Flux ...
0
votes
0
answers
24
views
How to pass output variables to new instance?
My goal is to create an HTTP balancer from 2 nodes using terraform, the problem appears when I want to add the received public IP addresses of the balancer and application server to the balancer ...
0
votes
1
answer
126
views
Can I tell Terraform to delete resource A before creating resource B?
I'm migrating some stuff in a terraform repo and replacing Resource A with Resource B, of different types. If the details are important, A is a CloudFormation stack, B is a native terraform resource ...
0
votes
1
answer
113
views
Best practices on managing Terraform project repositories
As part of a new job role, I have started learning Terraform recently. Before, my main orchestration/provisioning tool was Ansible, and the best practice at my previous place was to hold the state for ...
0
votes
0
answers
55
views
Terraform: Render special characters from typical query string (like '=', '&') in a variable assignment
It seems that Terraform is either rendering the intended query string value "... = ..", with =, which messes up the URL call.
I tried to escape the \= in the string assignment, and ...
0
votes
0
answers
44
views
Updating csi-driver without stopping
I'm now facing this.
# module.eks_volume_provisioning.aws_eks_addon.csi_driver will be updated in-place
~ resource "aws_eks_addon" "csi_driver" {
~ addon_version ...
0
votes
0
answers
38
views
Deploy TBMQ into Kubernetes via terraform not by Helm
I want to deploy a TBMQ MQTT broker into a kubernetes cluster.
I succeded for minikube, but can't do this via terraform to my remote cluster.
TBMQ does not provide Helm chart package.
What approach ...
0
votes
0
answers
110
views
Terraform, EKS and cluster-autoscaler
I'm trying to deploy cluster-autoscaler to an existing EKS cluster. here's my terraform code:
resource "aws_iam_policy" "cluster_autoscaler" {
name = "...
1
vote
1
answer
233
views
'aws s3 ls' command was hanging until setting default region
I created setup show in the image in region Oregon (us-west-2) ,and I was sure that everything was in place correctly , then I tried to do aws s3 ls from the ec2 in the private subnet , it was ...
0
votes
0
answers
48
views
How to assign Digital Ocean floating ips/reserved ips to openstack?
so for an app that is based partly on openstack, I am evaluating the deployment on Digital Ocean as a testbed. The openstack deployment using kolla-ansible also bascially worked. However, while the ...
1
vote
1
answer
120
views
Terraform resources not getting destryoed from terminal
I wanted to destroy the DEV environment from my Kubernetes hosted on AWS EKS. There are two parts to the resources; the infrastructure part and the application part. I use Terraform/Terragrunt to ...
0
votes
0
answers
61
views
Seeking Expert Advice on Terraform Deployment Cleanup
I've been successfully using Terraform for various deployments, managing to create multiple environments for different clients using a single Jenkins job. However, I've hit a roadblock when it comes ...
0
votes
2
answers
68
views
S2S VPN on AWS EC2 - routing issue for VPC
I'm trying to prepare VPN setup from scratch. I used Terraform + AWS + Strongswan. Basic diagram is attached here:
AWS diagram, S2S VPN
So I have VPC_left: 172.32.0.0/16 with subnet_left: 172.32....
1
vote
0
answers
171
views
Running Initialization Script After Setting Up Aurora Serverless Cluster v2 Using Terraform
We have successfully created an Aurora Serverless Cluster v2 using the terraform-aws-rds-aurora Terraform module. Now, we want to run an initialization script after the cluster setup to create ...
0
votes
1
answer
55
views
Local terraform repository, remote ec2 with assumed role
My current setup is:
My local machine (actually one for each developper)
A git repository containing my terraform configuration
An EC2 instance which assumes an IAM role which grants it permissions ...
0
votes
0
answers
72
views
How to set a pre-exiting password for an aws_db_instance resource, from a secure SSoT container while keeping it out of the state file?
I'm trying to find a solution for setting the master user password of an aws_db_instance from a pre-existing secret (which is currently in an existing Secrets Manager resource).
If I use password = ...
0
votes
0
answers
368
views
Terraform - error while configuring s3 backend, with instance profile
First up, we use ADFS and do not have individual IAM user profiles. We use the instance profiles as per the roles/permissions we need, and do not use individual access keys etc.,
This issue came up ...
0
votes
0
answers
26
views
Setting Up Proper Routing for SQL Instance in Different GCP VPCs without Public Exposure or Gateway VM
I'm facing a networking challenge with Google Cloud VPCs and peering, and I'm hoping to get some guidance on how to resolve it. Here's my setup:
I have two VPCs in Google Cloud:
VPC "bastion"...
1
vote
1
answer
840
views
InvalidConfigurationRequest: A load balancer cannot be attached to multiple subnets in the same Availability Zone
I copy-paste the part of my main.tf file:
resource "aws_security_group" "servers" {
name = "allowservers"
description = "Allow TCP:8080 inbound traffic to ...
0
votes
0
answers
121
views
How to use separated load balancers for frontend and backend in ECS?
I have the following terraform configuration for a load balancer running in ECS AWS for my django app container deployed in ECS:
resource "aws_lb" "api" {
name = &...
0
votes
1
answer
240
views
Terraform - for directive in JSON
I am trying to get loop over string values in an IAM policy resources block to allow rds IAM authentication. My resource definition is:
resource "aws_iam_policy" "...
2
votes
0
answers
743
views
Terraform Helm set tolerations
I'm trying to set tolerations values in Terraform Helm for the occm chart in the following way:
set {
name = "tolerations"
value = yamlencode([
{
key = "node.kubernetes....
0
votes
0
answers
185
views
Ansible provider for Terraform roles support
I have an Ansible playbook with roles that I want to execute from Terraform.
site.yaml
---
- hosts: cluster
gather_facts: yes
become: yes
roles:
- role: prereq
roles/prereq/tasks/main.yml ...
0
votes
1
answer
669
views
How To Terraform Datadog Monitors with Dynamic Thresholds
I'm attempting to create a number of resources from the DataDog provider. I'm hoping to have to define as little as possible for each resource. For many properties there is some sensible default. I am ...
0
votes
1
answer
262
views
AWS instance connect decrypt password is giving error as invalid private key, how to fix it?
I have cretaed an instance using terraform code and also its key pair for windows.
To get the admin password I clicked on the below decrypt button and getting as invalid decrypt key.
Please suggest ...
0
votes
1
answer
2k
views
Terraform init error: Failed to download module (local changes would be overwritten)
I have a brand-new local Terraform project that I have just cloned from gitlab. I have not made any changes to the code, but when I run terraform init I get the following error, repeated for every ...
0
votes
0
answers
120
views
Modification timestamp of Terraform state/files disagrees significantly with application timestamp
So, I have a constellation of Terraform projects. I just built an image of a specific application, which ultimately ends-up updating the tags in the auto-vars file of the corresponding project in the ...
0
votes
1
answer
49
views
How to import an aws_spot_instance_request into Terraform?
I'm looking for a way to import an aws_spot_instance_request into Terraform.
I already made a Spot Request on AWS console, now I would like to put this request on my code. How can I do that?
In the ...
0
votes
0
answers
453
views
SSH Keys not propagating correctly from instance metadata to authorized_keys: missing keys, user discrepancy, and duplicate key
I want to add eight public keys via instance metadata to avoid adding them manually (i.e.: ssh to VMs, pasting the keys to .ssh/authorized_keys, etc.).
I added the keys in Terraform (four distinct ...
0
votes
1
answer
172
views
Upgrade azure VM basic SKU to standard using terraform
I am performing the same task, upgrading the azure VM public ip SKU
from basic to standard but using terraform code. My plan is
Disassociate nic from UI
Include SKU = "Standard" in my ...
1
vote
1
answer
843
views
Provisionning a GKE cluster stuck at Deploying step
I am provisionning a simple GKE cluster thank to terraform with the more basic config and it is stuck at "Deploying"
"64% - Cluster is being deployed..."
And in my terminal
...
0
votes
1
answer
658
views
How to set a default account for multiple aws providers in terraform?
I need to create resources for multiple accounts in my terraform code.
So, I have created multiple providers in aws and using the same for individual modules.
Other than above, if I create any ...
0
votes
1
answer
799
views
Restoring Terraform state from backend
My Terraform Git repository ended-up having some unreconciliable data error and I couldn't push a recent change. I exported my commit to a patch, recloned, applied the patch, and then realized I just ...
0
votes
1
answer
999
views
How to correctly pass firewall rules to the google-terraform-network module?
I want to create a network using the google-terraform-network module. Additionally, I want to pass the firewall rules I made as a parameter to the module so that the created network contains these two ...
2
votes
0
answers
835
views
Why can't my ECS Fargate cluster write to my mounted EFS volume, all deployed with Terraform?
I've got a Terraform deployment that deploys a Docker image into ECS Fargate. It attaches an EFS volume to the container. When I SSH into the container, I see the volume mounted, but I am unable to ...
0
votes
1
answer
669
views
How do I get rid of the deprecation warnings on my aws_route_table definitions?
All of my route table definitions throw a deprecation warning during the plan/apply stages. I can't figure out how I should be defining my routes so that I stop getting these warnings.
Here's an ...
0
votes
0
answers
335
views
How to escape {{ in AWS SSM?
We're using Atlantis & Terraform to set SSM values. One of the parameters contains raw {{ ... }} in the same syntax used by SSM for dynamic parameters.
AWS SSM refuses the value with:
Error: ...
0
votes
0
answers
129
views
alarm for direct connect is showing insufficient data with terraform, how to fix that?
I tried creating alarm for direct connect using this link.
But it is showing insufficient data, so I tried creating manually from aws console and it is working.
So, did a side by side comparison and ...
0
votes
1
answer
1k
views
Is there a way to render the output of a data resource before run terraform apply?
I would like to be able to see the JSON of a data resource (like a policy document) on the plan. Currently these type of resources only "renders" during the apply.
I want to know if there is ...
0
votes
0
answers
4k
views
invalid configuration: no configuration has been provided, try setting KUBERNETES_MASTER environment variable
enter image description here
Error: Kubernetes cluster unreachable: invalid configuration: no configuration has been provided, try setting KUBERNETES_MASTER environment variable
Error: Get "http:...
3
votes
1
answer
771
views
Why does Terraform want to fully delete aws_iam_policy_document?
I don't understand why Terraform wants to remove the json policy. In other cases, when the data will be read during the apply, the plan shows the json policy being removed and added in the same plan, ...
1
vote
0
answers
141
views
GitLab CI Runners faild InvalidParameterCombination: Cannot find upgrade path from 5.7.38 to 5.6 , Terraform
GitLab CI Runners faild the jbo with the following error message
│ Error: Error modifying DB Instance legacy-dms: InvalidParameterCombination: Cannot find upgrade path from 5.7.38 to 5.6.
│ status ...