• Terraform: aws_security_groups empty list of SecurityGroups

    2 min read

    terraform provider AWS aws_security_groups

    Update 10/02/2020: The new version 4.0 of the AWS provider have been released. At this point, all AWS provider plural data sources (like the aws_security_groups) that return an array of results will now return an empty list if zero results are found.

    Prior to that, if when trying to use the aws_security_groups data source if the tags did not match any SecurityGroup, terraform would have returned an error instead of an empty list:

    data "aws_security_groups" "eks-pod" {
  tags = {
     "NotAnActualTag" = "WontMatchAnything"
  }
}

    21/10/2021

    Read more...

  • How to override a provider with a local version

    2 min read

    terraform provider development

    If we are modifying a provider, to be able to properly test it we might want to run a terraform plan or apply using this provider. To be able to override a given provider using this method (dev_overrides) we will need to use terraform v0.14 or later

    14/10/2021

    Read more...

  • Terrafrom: Ignore changes on some of the managed resources

    2 min read

    Some of the resources we create using terraform might be externally changed, for example an AutoScalingGroup desired_capacity can be changed externally (not modifying terraform's state) in order to handle more traffic. That's the case for the worker's ASG on an EKS cluster, which will be usually modified by the cluster autoscaler

    (...)

Note: Objects have changed outside of Terraform

Terraform detected the following changes made outside of Terraform since the last "terraform apply":

  # module.eks.aws_autoscaling_group.workers["pet2cattle_eu-west-1a"] has been changed
  ~ resource "aws_autoscaling_group" "workers" {
      ~ desired_capacity          = 7 -> 6
        id                        = "pet2cattle_eu-west-1a2021082509502468370000000a"
        name                      = "pet2cattle_eu-west-1a2021082509502468370000000a"
        # (22 unchanged attributes hidden)


        # (16 unchanged blocks hidden)
    }

Unless you have made equivalent changes to your configuration, or ignored the relevant attributes using ignore_changes, the following plan may include actions to undo or respond to these changes.

(...)

    13/10/2021

    Read more...

  • How to use terraform's nonsensitive() function

    2 min read

    terraform sensitive

    Starting terraform 0.15 variables can be marked as sensitive, so it won't appear in plain text as a terraform output unless we explicitly request them. But we can also make the variable as non sensitive using the nonsensitive() function

    07/10/2021

    Read more...

  • Merging resources from several terraform states

    2 min read

    terraform state merge

    If you have several terraform projects for handling the deployment of a part of the application and you want to consolidate it into a single project, you can create a new terraform state and import all the resources using terraform import or you can use tfstate-merge to copy resources to the new state to consolidate it

    06/10/2021

    Read more...

More recent...

Older content...

Terraform:
Infrastructure as Code
terraform
Categories
tags related to this category
AWS IaC HCL root_block_device block_device_mappings Lambda python ELB NLB ALB ASG init lookup backend state Secret datasource AMI coalesce sops provider kubernetes_manifest moved plan apply aws_caller_identity aws_partition aws_region Environment IRSA ServiceAccount jsonencode less aws_security_groups data lifecycle ignore_changes sensitive merge debug mixed_instances_policy spot instances aws_launch_configuration aws_launch_template Pod securityGroup external csvdecode for_each try resource time_sleep depends_on tuple setproduct S3 MinIO validate dynamic blocks one function taint replace fmt import refactor output state show dynamodb_table upgrade helm_release terraform_remote_state null_resource local-exec count tfenv json show