Questions tagged [terraform]
Terraform is a tool for building, changing, and combining infrastructure safely and efficiently.
431
questions
71
votes
2
answers
99k
views
What does "Error: Cycle". means in Terraform?
The Terraform docs for some weird reason do not explain what "Error: Cycle" means. I've looked everywhere but there is no mention of it on the official docs. (Turns out it is well-known term,...
27
votes
6
answers
43k
views
Terraform - Use nested loops with count
I am trying to use a nested loop in terraform. I have two list variables list_of_allowed_accounts and list_of_images, and looking to iterate over list list_of_images and then iterate over list ...
17
votes
3
answers
29k
views
How can I find the version of all Terraform providers in a workspace?
I can't find the canonical way to report the version of a specific terraform Provider, in this case the AWS provider. I can find a binary that seems be named with version information:
$ ls .terraform/...
17
votes
4
answers
133k
views
How to fix "NoCredentialProviders: no valid providers in chain. Deprecated."?
Here is a terraform script I lifted from this repo
provider "aws" {
region = "${var.aws_region}"
profile = "${var.aws_profile}"
}
##----------------------------
# Get VPC Variables
##-------...
12
votes
4
answers
20k
views
Terraform: Choosing credentials for a remote state file
I have existing infrastructure in Terraform and have been using it for a while. Recently I had swapped the AWS credentials of my local laptop (the creds stored in ~/.aws/credentials) and it stopped ...
8
votes
1
answer
4k
views
What is the meaning of `private` attribute in `tfstate` (for a DynamoDB instance)?
I’m bootstrapping my terraform remote state by storing the tfstate of creating an S3 bucket and a DynamoDB lock table and storing it in git. My organisation scanned the repository using Yelp/detect-...
8
votes
1
answer
8k
views
Worker Group VS Node Group EKS
I am trying to use https://registry.terraform.io/modules/terraform-aws-modules/eks/aws/12.2.0(Terraform AWS EKS provider)
What is the difference between worker nodes and node group?
7
votes
1
answer
4k
views
How to configure cross region VPC peering on AWS with Terraform
I'm trying to create a terraform configuration to spin up multiple VPCs in different regions and create VPC peer connections between them.
This is my module for the VPC
# Required Variables
...
7
votes
1
answer
335
views
Terraform wants to rebuild my entire AWS deployment
I have an AWS environment that was built 100% with Terraform. I haven't touched it in a few days, but today when I went to make what I thought was a fairly trivial change, Terraform has decided that ...
6
votes
2
answers
15k
views
Deploying to multiple accounts with Terraform?
I've been looking for a Terraform way to be able to deploy to multiple AWS accounts simultaneously in Terraform and coming up dry. AWS has the concept of doing this with Stacks but I'm not sure if ...
6
votes
1
answer
5k
views
Storage account name already exists
When I attempt to run the code at the bottom I get the following error (no matter what I name the storage account) currently its named "functions" but I could call it "bannanas" and it would output ...
6
votes
3
answers
7k
views
Why is terraform erring with 'SignatureDoesNotMatch: Signature expired'?
I started getting the following when running terraform commands:
$ terraform refresh
Error refreshing state: 1 error(s) occurred:
* SignatureDoesNotMatch: Signature expired: 20170226T035111Z is now ...
6
votes
2
answers
3k
views
How to use terraform.io to change the image of a stateful server without downtime or data loss?
Say I have application servers, database servers, and a few dns-round-robin load balancers. All this powered by images created with Packer with deployment managed with Terraform. How do I change the ...
6
votes
1
answer
14k
views
Terraform accessing list elements from module output
Let's say I have a module, which generates some ids:
module.tf:
resource "random_id" "etcdapiserver-id" {
byte_length = 4
count = "${var.etcd_apiserver_count}"
}
...
6
votes
3
answers
8k
views
How to add lifecycle rule to an existing AWS S3 bucket with Terraform
I have an existing S3 bucket and I wish to add "folders" and lifecycle_rules to it.
(I say "folders" because that is how they are represented at the client end, as they are accessed via a Storage ...
6
votes
2
answers
1k
views
Terraform: How to prevent ASG ec2 instance coming up before NAT Gateway is created
I'm using 2 modules. One is a custom VPC module and the other is a module to bring up a jenkins ec2 instance.
You can't use depends_on with modules but the Jenkins module does rely on certain outputs ...
6
votes
2
answers
3k
views
AWS with Terraform - Filtering public/private subnets (without relying on tags)
Request:
I would like to spin an AWS ALB - For that I need at least two subnets in two different Availability Zones.
(Terraform shows a very explicit error in case we forget - see Error #1 Below).
...
5
votes
2
answers
3k
views
AWS Nat Gateway - Using a non Elastic IP address
I'm building an AWS VPC network lab via Terraform.
I want to add a NAT Gateway in order that my private network instances could access the internet for software updates.
From the Terraform spec you ...
5
votes
2
answers
18k
views
Terraform: How to dynamically generate a block of a JSON policy?
I have the following resource:
resource "aws_iam_user_policy" "ses_send_policy" {
count = var.enabled ? 1 : 0
name_prefix = var.user_policy_name_prefix
user = ...
5
votes
1
answer
1k
views
Changing variable used for sensitive value in Terraform without rebuilding the resource
I have a Terraform module that sets the administrator password based on a variable
admin_password = "${var.local_admin_password}"
However, var.local_admin_password is no longer the only place that ...
4
votes
2
answers
18k
views
run a script via cloud-init
I know cloud-init allows to run commands as part of the cloud-init yml
runcmd:
- [ pwd ]
but I am looking for a way to execute a full shell script.
Some people just pipe the output of a curl into a ...
4
votes
2
answers
3k
views
Does Terraform Deal with “known_hosts” upon changing infrastructure? If so, how?
I'm very new to terraform so maybe this is not a great question. But I'm running through [this Amazon EC2 example] and at one point it tries to SSH to the machine, I assume to install nginx. This is ...
4
votes
3
answers
2k
views
Terraform destroy failing because Google SQL user owns databases
I'm using Terraform to provision a Google Cloud SQL PostgreSQL database using a google_sql_database_instance resource. I also create a user with a google_sql_user resource.
After applying, I deploy ...
4
votes
2
answers
3k
views
With Terraform, how does one go about recycling root EC2 instance volumes?
I'm wondering if anyone has tackled making an EC2 root volume persistent, so that one may taint the instance resource and re-apply and the instance will use that volume instead of the ami's?
My ...
4
votes
1
answer
7k
views
Why is my AWS instance's private IP outside of the subnet's range?
I'm trying to launch an instance with the private IP address 172.31.32.101 using Terraform in my default VPC (CIDR 172.31.0.0/16), in the eu-west-1a subnet that has the CIDR 172.31.32.0/20. I can ...
4
votes
1
answer
3k
views
How to Terraform ElastiCache Redis cluster provisioning properly?
I am currently writing Terraform script to provision ElastiCache Redis Cluster. I have the following concern. In the script, I use a snapshot name to restore database from ElastiCache single Redis ...
4
votes
1
answer
5k
views
Parameter parsing when using AWS SSM send-command from Terraform
I am using AWS SSM send-command to run a PowerShell script on an AWS instance.
The following commanad works fine in a command shell but when called in Terraform gets an error.
aws ssm send-command ...
3
votes
2
answers
7k
views
How to untaint a terraform resource after network issue during application of a terraform plan?
I had applied a terraform to create a redis cluster.
Half way through, the application process failed with this error message:
Error: Error waiting for elasticache replication group (my-project) to ...
3
votes
2
answers
47k
views
Use a proxy with Terraform
I am unable to use our corporate proxy with Terraform. I configured the following environment variables (I'm under Windows 7):
set HTTP_PROXY=http://proxy.company.local:8080
set HTTP_USER=userID
set ...
3
votes
2
answers
4k
views
Terraform returns "Unsupported service namespace, resource type or scalable dimension" when I attach an auto-scaling group to an ECS service
In my terraform code, I am trying to attach an auto-scaling group to my ECS Service using aws_autoscaling_target.
resource "aws_appautoscaling_target" "service_app_asg_target" {
resource_id = "${...
3
votes
4
answers
14k
views
How to create database user and assign role to it with terraform
I have created sql server and database with terraform now I have to create database user and assign role to it.
How I can do it. Please suggest me.
3
votes
1
answer
4k
views
Terraform, getting "The module root has no resources" error on taint
Getting a The module root has no resources error on taint. I'm trying to taint a couple of null_resources. Here's the code block for null_resource.provision_first:
resource "null_resource" "...
3
votes
2
answers
4k
views
Google Cloud Compute Engine persistent disk snapshot schedule not working
i created a VM with terraform on GCP and also a persistent disk separately with the google_compute_disk , google_compute_resource_policy, google_compute_disk_resource_policy_attachment resources to ...
3
votes
4
answers
8k
views
How to provide the Terraform Cloud API token using an environment variable?
In my CI environment (Bitbucket pipelines) I'm trying to use the new Terraform Cloud remote state management. The announcement video clearly states you can use environment variables instead of the ....
3
votes
1
answer
2k
views
Terraform: Use module instance's name inside module
I am using a Terraform module to deploy resources, using separate instances to deploy sets of those resources. I would like to be able to name those resources according to the instance's name. For ...
3
votes
2
answers
14k
views
GCP Service Account can't access IAM operations with permissions
I'm using Terraform to automate a lot of my GCP management because clicking is bad. I've got a "shared services" project that I'm trying to use to manage other projects. I'm trying to setup a new ...
3
votes
1
answer
4k
views
Terraform - how to use multiple modules to create temporary ressources
I have created two Terraform modules, each creating a simple AWS instance and then provisioning some software
on it with an Ansible playbook. Each module works correctly when running terraform apply ...
3
votes
1
answer
6k
views
Problems creating AutoScaling Group with a Network Load Balancer (NLB) on AWS using Terraform
I'm trying to create na NLB using Terraform v0.11.0 (my application doesn't use HTTP, so I cannot use an ALB). Looking in the Hashcorp documentation, I could create the following code:
resource "...
3
votes
1
answer
6k
views
How can I set up AWS Glue Using Terraform?
How can I set up AWS Glue using Terraform (specifically I want it to be able to spider my S3 buckets and look at table structures). A quick Google search came up dry for that particular service. The ...
3
votes
1
answer
5k
views
Terraform upgrade to 0.15, getting "Invalid legacy provider address" for provider we don't use
Note: this is a self-answered question, to help anyone in a similar situation.
While upgrading Terraform to 0.15, we got the following error messsage (along with similar messages for the aws and ...
3
votes
1
answer
5k
views
How to make terraform assume a different STS role for a single resource change on another account?
I have AWS subaccounts for development, QA and production under a main account that controls all of our route53 zones. I manage everything with Terraform. I use STSAssumeRole Cross account roles from ...
3
votes
3
answers
12k
views
terraform execute bash script into instance
What is the way of execute a sh script into ec2 instance when terraform is building resources?
I created an ami with some files in directory for execute, if i enter via ssh i can execute file as ...
3
votes
3
answers
8k
views
TERRAFORM how do i have 1 ecs cluster with 2 or more ecs service/task definitions?
Using Terraform, I have tried the hardest to find out how to create 1 ECS cluster and have multiple services running under it. SO basically i have 2 different containers i want to run with this 1 ECS ...
3
votes
1
answer
3k
views
How do I determine the Container ID so that Terraform can attach it to an ALB target group?
I've used Terraform to create a VPC, subnets, ECS instances, routing and a task definition which I am able to run via the AWS console. That gives me a few instances of my small web app running in ...
3
votes
1
answer
2k
views
Terraform, ecs service creation fails when using a configured IAM policy
Using Terraform, ecs service creation fails when using a configured IAM policy.
Error applying plan:
1 error(s) occurred:
* aws_ecs_service.beatthemarket_service: InvalidParameterException: Unable ...
3
votes
1
answer
764
views
Why does Terraform want to fully delete aws_iam_policy_document?
I don't understand why Terraform wants to remove the json policy. In other cases, when the data will be read during the apply, the plan shows the json policy being removed and added in the same plan, ...
3
votes
1
answer
2k
views
How do I connect Cloudfront to a private s3 bucket with terraform?
So I'm 90 percent there, but it appears that cloudfront is getting 500 errors from s3? I'm sure I'm just doing something wrong. I've read the various amazon documentation, but to me it seems so vague ...
3
votes
1
answer
518
views
Terraform: using exportCustomRoutes when setting peering connection
I am trying to set-up a peering connection between 2 VPC networks.
One network (the transit one) configures static routes, and I would like to have those propagated to the peered network.
Here's an ...
3
votes
1
answer
288
views
Terraform: Leave something alone
I'm using Terraform with AWS. Currently in my setup, I have an Auto Scaling Group used in conjunction with Code Deploy. When I deploy into Code Deploy, it copies the initial ASG, and deletes it. ...
3
votes
2
answers
2k
views
Terraform Upload Azure File Share
As part of an Azure ACI definition Terraform script, I'm creating an azurerm_storage_share which I want to then upload some files to, before mounting to my container.
As far as I can tell, the right ...