terraform-provider-aws | Terraform AWS provider | Infrastructure Automation library
kandi X-RAY | terraform-provider-aws Summary
kandi X-RAY | terraform-provider-aws Summary
Terraform AWS provider
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of terraform-provider-aws
terraform-provider-aws Key Features
terraform-provider-aws Examples and Code Snippets
Community Discussions
Trending Discussions on terraform-provider-aws
QUESTION
I tried to use newer_noncurrent_versions in S3 Lifecycle.
In Terraform 4.3.0, lifecycle was released.
However, when applying on Terraform cloud, an error saying to use Lifecycle V2 occurred.
Is my code the problem? Is it a terraform provider problem?
Terraform CLI and Terraform AWS Provider Version ...ANSWER
Answered 2022-Mar-07 at 06:06Your are missing filter in the rule:
QUESTION
I am trying to create Lambda function using Terraform. There is no permission issue.
...ANSWER
Answered 2022-Feb-22 at 21:17I was able to successfully create the lambda function and IAM role resources;
QUESTION
I had issue
...ANSWER
Answered 2022-Feb-14 at 17:24The hashicorp/aws provider must send requests to the AWS API that are signed using the AWS Signature Version 4 algorithm.
One of the goals of the AWS signing scheme is to minimize the time window that a compromised signature couuld be reused by an attacker. To achieve that, the signature scheme includes a timestamp when the signature was created and the remote system requires that the timestamp be within 15 minutes of the request time as understood by the remote system.
The official documentation describes this as follows, at the time I'm writing this:
- Protect against reuse of the signed portions of the request – The signed portions (using AWS Signatures) of requests are valid within 15 minutes of the timestamp in the request. An unauthorized party who has access to a signed request can modify the unsigned portions of the request without affecting the request's validity in the 15 minute window. Because of this, we recommend that you maximize protection by signing request headers and body, making HTTPS requests to Amazon S3, and by using the s3:x-amz-content-sha256 condition key (see Amazon S3 Signature Version 4 Authentication Specific Policy Keys) in AWS policies to require users to sign Amazon S3 request bodies.
If your local system has an incorrect system time or if your system believes its local time to be in a different timezone than you are actually working in then the AWS SDK (which the Terraform AWS provider is built with) will generate a timestamp outside of the allowed 15 minute window, and so your request will fail. This would be true of any request to AWS APIs using this standard signature scheme, whether made by Terraform's AWS provider or by any other AWS-integrated tool.
In order for requests to succeed your system must be able to generate a correct UTC-referenced timestamp. In order for that to be true, it must have both a correct time and – if you are using an operating system like Windows where the system time is stored in local time rather than UTC – a correct configuration of your system time's offset from UTC so that the SDK can convert to a UTC timestamp as the AWS API requires.
QUESTION
I am getting the following error while trying to create an ECS cluster, at the capacity provider creation phase.
...ANSWER
Answered 2022-Jan-06 at 21:49I fixed this by creating the cluster without capacity provider first then modifying it to have one.
QUESTION
I am trying to deploy ECS using Terraform and it's throwing the above error while I am Provisioning the ECR this is happening. It tried removing the double quotes, then enabled trace for troubleshooting. I tried updating to the latest version of terraform as well (v 1.1.2)
Here is the code chunk from main.tf file
...ANSWER
Answered 2022-Jan-04 at 23:34Updated:
A ${ ... } sequence is an interpolation in Terraform's configuration language, which evaluates the expression given between the markers. Unix shells typically use $..
As per the official documentation, the command is evaluated in a shell, and can use environment variables or Terraform variables. So, basically, what you are trying to achieve should work fundamentally.
I did a quick test and I was able to successfully apply that locally:
with double quotes
QUESTION
I'm using terraform with aws:
- Terraform
v0.14.8 - provider
registry.terraform.io/hashicorp/archivev2.2.0 - provider
registry.terraform.io/hashicorp/awsv3.55.0
Current behavior:
- On my local machine it works fine.
- On local docker, that is used by Jenkins it's working fine
- On Jenkins with same docker on US-WEST-2 working fine but,
- On Jenkins with same docker on EU-CENTRAL-1 get stuck. In debug mode, I get:
2021-08-24T20:16:08.901Z [INFO] plugin.terraform-provider-aws_v3.55.0_x5: 2021/08/24 20:16:08 [DEBUG] [aws-sdk-go] DEBUG: Send Request lambda/GetLayerVersion failed, attempt 25/25, error RequestError: send request failed caused by: Get "https://lambda.eu-central-1.amazonaws.com/2018-10-31/layers/awswrangler/versions/2": dial tcp 3.121.178.128:443: i/o timeout: timestamp=2021-08-24T20:16:08.901Z 2021/08/24 20:16:08 [TRACE] vertex "module.key_rotation.aws_lambda_layer_version.lambda_layer": visit complete 2021/08/24 20:16:08 [TRACE] vertex "module.key_rotation.aws_lambda_layer_version.lambda_layer": dynamic subgraph encountered errors 2021/08/24 20:16:08 [TRACE] vertex "module.key_rotation.aws_lambda_layer_version.lambda_layer": visit complete 2021/08/24 20:16:08 [TRACE] vertex "module.key_rotation.aws_lambda_layer_version.lambda_layer (expand)": dynamic subgraph encountered errors 2021/08/24 20:16:08 [TRACE] vertex "module.key_rotation.aws_lambda_layer_version.lambda_layer (expand)": visit complete 2021/08/24 20:16:08 [TRACE] dag/walk: upstream of "module.key_rotation.aws_lambda_function.sync_apps_db_lambda_function (expand)" errored, so skipping 2021/08/24 20:16:08 [TRACE] dag/walk: upstream of "module.key_rotation.aws_lambda_function.cleanup_lambda_function (expand)" errored, so skipping 2021/08/24 20:16:08 [TRACE] dag/walk: upstream of "module.key_rotation.aws_lambda_function.check_application_keys_lambda_function (expand)" errored, so skipping 2021/08/24 20:16:08 [TRACE] dag/walk: upstream of "module.key_rotation.aws_cloudwatch_event_target.event_target_lambda (expand)" errored, so skipping 2021/08/24 20:16:08 [TRACE] dag/walk: upstream of "module.key_rotation.aws_lambda_permission.allow_cloudwatch_to_call_cleaner_lambda (expand)" errored, so skipping 2021/08/24 20:16:08 [TRACE] dag/walk: upstream of "module.key_rotation.aws_lambda_permission.allow_cloudwatch_to_call_lambda (expand)" errored, so skipping 2021/08/24 20:16:08 [TRACE] dag/walk: upstream of "module.key_rotation.aws_cloudwatch_event_target.event_target_cleaner_lambda (expand)" errored, so skipping 2021/08/24 20:16:08 [TRACE] dag/walk: upstream of "module.key_rotation (close)" errored, so skipping 2021/08/24 20:16:08 [TRACE] dag/walk: upstream of "provider["registry.terraform.io/hashicorp/aws"] (close)" errored, so skipping 2021/08/24 20:16:08 [TRACE] dag/walk: upstream of "meta.count-boundary (EachMode fixup)" errored, so skipping 2021/08/24 20:16:08 [TRACE] dag/walk: upstream of "root" errored, so skipping
Seems like it's related to lambda upload.
I tryied:
- update terraform to latest
- destroy everithing
- removing all the states also from S3
same result.
...ANSWER
Answered 2021-Aug-26 at 22:36I think the root cause of your issue is this:
Get "https://lambda.eu-central-1.amazonaws.com/2018-10-31/layers/awswrangler/versions/2": dial tcp 3.121.178.128:443: i/o timeout
Why the terraform binary can't connect to the eu-central-1 endpoint of the Lambda service is impossible to say based on the information you provided.
You don't say where or how Jenkins is deployed. I assume in some container on AWS?
It could be a temporary network glitch or for some reason connectivity to eu-central-1 is blocked from your Jenkins deployment.
Have you retried after a few hours?
Are you able to reproduce this behaviour consistenly?
QUESTION
I am facing an issue trying to get the account id of an aws provider that is not the provider where the resource will be deployed. This is my scenario:
main.tf (root directory)
...ANSWER
Answered 2021-Nov-19 at 23:09Following Hashicorp documentation, the main.tf file of the child (asdf) module should be:
QUESTION
I have created a aws infrastructure with network acls, security group, subnets, etc [code attached at the bottom]. in the free tier. I have also established ssh connection with my ec2 instance and I can also download manually packages when logged to the instance.
However, since I want to fully utilize Terraform, I would like to pre-install some stuff while Terraform creates the instance.
The commands I want to execute are quite simple (install jdk, python, docker),
...ANSWER
Answered 2021-Oct-01 at 09:02I run your code in my sandbox env, and the remote-exec works. I had to make some changes for it to work and even to run your code (region, ami, security groups, ...). So you can have a look at the modified code and take it from there. But the code below works for me without any issues.
QUESTION
I found this article about testing tf import in acceptance tests:
ANSWER
Answered 2021-Sep-01 at 08:22Your setup for testing import is correct. Adding steps with ImportState and ImportStateVerify should be enough.
Testing import is implemented in terraform-provider-sdk testStepNewImportState function. How it works:
- Previous step applies terraform config using testcase workdir and state.
- If next step sets
ImportStateto true, useResourceNameto grab resourceidfrom testcase state (or useImportStateIdFuncorImportStateIdif they are set for this step). - Create empty workdir, initialize new empty state, and import resource given resource name and id from previous step. There would be no conflicts since this is a separate empty state.
- If
ImportStateVerifyis true, compare resource states from previous step and import step, they should be identical. - If
ImportStateCheckfunction is set, use this function for custom state validation. This can be used in case if direct state comparison will be not valid. - Discard temporary workdir.
QUESTION
I want to deploy my infrastructure in different AWS environments (dev, prod, qa).
That deployment creates a few EC2 instances from a custom AMI. When deployed, instances are in the "running" state. I understand this seems to be related to some constraint in the EC2 API. However, I don't necessarily want my instances started, depending on context. Sometimes, I just want the instances to be created, and they will be started later on. I guess this is a quite common scenario.
Reading the few related issues/requests on Hashicorp's github, makes me think so:
- Terraform aws instance state change
- Stop instances
- aws_instance should allow to specify the instance state
There must be some TerraForm based solution which doesn't require to rely on AWS CLI / CDK or lambda, right? Something in the TerraForm script that, for example, would stop the instance right after its creation.
My google foo didn't help me much here. Any help / suggestion for dealing with that scenario is welcome.
...ANSWER
Answered 2021-Jul-10 at 12:53Provisioning a new instance automatically puts it in a 'started' state.
As Marcin suggested, you can use user data scripts, here's some psuedo user data script. For you to figure out the actual implementation ;)
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install terraform-provider-aws
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page
