-
Terraform: retrieve AWS information
2 min read
When running terraform on an AWS account we might need to have some context information such as it's account ID or the region we are in. Instead of having to set them as variables we can use the aws_caller_identity, aws_partition and aws_region datasources to retrieve this information
19/01/2022
Read more... -
How to set a variable on terraform using environment variables
2 min read
To set a value for a variable on terraform we have several ways of doing it:
- Using the -var command line option.
- In variable definitions (.tfvars) files. The files named terraform.tfvars, terraform.tfvars.json or any files with names ending in .auto.tfvars or .auto.tfvars.json will be loaded automatically, but they can also be loaded using the -var-file option.
- As environment variables.
03/01/2022
Read more... -
IRSA: How to create an IAM role for a specific ServiceAccount
2 min read
On AWS EKS you can associate an IAM role with a Kubernetes service account. The assume role policy is going to look like this:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "", "Effect": "Allow", "Principal": { "Federated": "arn:aws:iam::123456789123:oidc-provider/oidc.eks.us-west-2.amazonaws.com/id/A3E2AFA46A6F0C9B37B3F4A479A00C20" }, "Action": "sts:AssumeRoleWithWebIdentity", "Condition": { "StringEquals": { "oidc.eks.us-west-2.amazonaws.com/id/A3E2AFA46A6F0C9B37B3F4A479A00C20:sub": "system:serviceaccount:demons:demosa" } } } ] }Let's take a look on how to create this role using Terraform
24/11/2021
Read more... -
Create a comma separated list of quoted strings on terraform
2 min read
Some times we need to generate a quoted comma separated list of strings out of a variable that is list of strings, for example, to generate an IAM policy like this one:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "secretsmanager:GetResourcePolicy", "secretsmanager:GetSecretValue", "secretsmanager:DescribeSecret", "secretsmanager:ListSecretVersionIds" ], "Resource": [ "arn:aws:secretsmanager:...", "arn:aws:secretsmanager:.." ] } ] }03/11/2021
Read more... -
How to use less with colored output
2 min read
If we try to use less on an application with colored output it will get messy like this:
$ terraform plan | less (...) Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: ESC[33m~ESC[0m update in-place ESC[0m Terraform will perform the following actions: ESC[1m # module.spinnaker.kubernetes_default_service_account.default_saESC[0m will be updated in-placeESC[0mESC[0m ESC[0m ESC[33m~ESC[0mESC[0m resource "kubernetes_default_service_account" "default_sa" { ESC[1mESC[0midESC[0mESC[0m = "spinnaker-green/default" ESC[90m# (2 unchanged attributes hidden)ESC[0mESC[0m ESC[31m-ESC[0m ESC[0msecret { ESC[31m-ESC[0m ESC[0mESC[1mESC[0mnameESC[0mESC[0m = "default-token-m2z4q" ESC[90m->ESC[0m ESC[0mESC[90mnullESC[0mESC[0m } ESC[90m# (1 unchanged block hidden)ESC[0mESC[0m } ESC[0mESC[1mPlan:ESC[0m 0 to add, 1 to change, 0 to destroy. ESC[0mESC[90m (...)22/10/2021
Read more...
Terraform:
Infrastructure as Code