Error creating "tags" on a aws_iam_policy resource only on Ubuntu. Why?

So this is an issue that just started happening suddenly. I was doing a terraform refresh operation on one of our Ubuntu servers and started getting the following error:

“` Error: Unsupported argument on .terraform/modules/iam_group_sqs_users/modules/iam-group-with-policies/main.tf line 52, in resource “aws_iam_policy” “iam_self_management”: 52: tags = var.tags

An argument named “tags” is not expected here.

Error: Unsupported argument on .terraform/modules/iam_group_sqs_users/modules/iam-group-with-policies/main.tf line 62, in resource “aws_iam_policy” “custom”: 62: tags = var.tags

An argument named “tags” is not expected here. “`

The error itself is pretty clear; it looks like it doesn’t support the use of tags as a field of the aws_iam_policy resource. However, according to the documentation, tags is a valid Argument.

After that I looked up the source on GitHub for the iam-group-with-policies module and I saw that tags was added only 13 days ago. https://github.com/terraform-aws-modules/terraform-aws-iam/blame/master/modules/iam-group-with-policies/main.tf

The last time I had a successful build on this server for this Terraform code was older than 13 days ago, so I guess that’s my culprit.

But here’s something strange: I was able to run this code on my Mac using the same version of the terraform executable for Mac and it did NOT give me this error. I only get it on the Ubuntu server.

Version Information Terraform v0.12.31 + provider.aws v2.70.0 + provider.null v3.0.0

To reiterate, both my Mac and my Ubuntu server use the same version of terraform and the same provider versions as well.

Is there a way to use an older version of this iam-group-with-policies module to avoid this error?

submitted by /u/PompeiWasAnInsideJob
[link] [comments]

Terraform data structures

maybe a really stupid question here and I’m guessing this is actually nothing like as complicated as I’m finding it. However, after spending hours and hours reading and trying, while I’ve learnt a lot about Terraform, I’m really no closer…

Terraform build ansible intentory

Hey all,

I’ve been fiddling with this for a while.. trying to set up the building of an inventory using either templatefile in a local_file resource or through template_file. I am able to extract the IP’s and load them in a single fashion, but if I want to add resources for scalability I cannot get it to count or loop through and output the IP’s. Curious if someone had this mocked up and could help out.

I feel the content is restricted by the unique resource name but could never find the purpose for the asterisk in the variable unless its just to abide json structure.

As an example, I want to be able to extend my topology and ensure my inventory.tf will loop through appropriate IP’s for that host type. I am definitely missing something that allows me to interconnect all of the resources into an array and then bind them to the variable.

My blocks:

// inventory.tf resource "local_file" "hosts_cfg" { content = templatefile("hosts.tpl", { main = azurerm_linux_virtual_machine.main.*.public_ip_address core = azurerm_linux_virtual_machine.core.*.public_ip_address worker = azurerm_linux_virtual_machine.worker.*.public_ip_address } ) filename = "../../common/stage/inventory/hosts.cfg" } 

// hosts.tpl [ansible] %{ for ip in main ~} ${ip} %{ endfor ~} [core] %{ for ip in core ~} ${ip} %{ endfor ~} [worker] %{ for ip in worker ~} ${ip} %{ endfor ~} 

submitted by /u/ninewb
[link] [comments]

Managing IP’s when redeploying in Terraform

My infrastructure consists of various service nodes (proxies, LDAP server, Grafana/Prometheus monitoring, etc), a “login” node, and various “worker” nodes that comprise an HPC cluster. I build my images using Packer, then redeploy the instance with terraform apply. However, for post-deployment configuration, I use cloud-config templates that get populated on deployment, and when I make changes to these templates, Terraform doesn’t pick that up as a “change” to the infrastructure, so terraform apply says there is nothing to update.

If this happens, I need to manually destroy the instances I want to recreate in OpenStack and then run the deployment, but this leads to a new local IP getting assigned, which is annoying as I need to update my SSH config (I use proxyJump to go through an external-facing node in order to get on the local network which I can then access the node via local IP).

There is another issue in that I have a floating IP assigned to the login node which is associated with the domain name, but if I have to destroy and recreate the instance, the floating IP may change to another from the pool – again, not a huge deal as I can go manually change it in the OpenStack admin panel.

Here is an example of the template work-flow for reference:

The terraform resource:

worker.tf resource "openstack_compute_instance_v2" "workers" { ... user_data = each.value.template }

That user_data is a rendered here (some fields cut to make the issue explicit):

shared-data.tf locals { ... worker-template = templatefile("${path.module}/templates/worker.yml", { proxy1_IP = openstack_compute_instance_v2.proxy-v2[0].network[0].fixed_ip_v4 proxy2_IP = openstack_compute_instance_v2.proxy-v2[1].network[0].fixed_ip_v4 openLDAP_IP = openstack_compute_instance_v2.openLDAP-v2.network[0].fixed_ip_v4 LDAP_admin_pass = var.ldap_admin_pass }) }

And that template looks like (some fields removed):

worker.yml “`


runcmd: # Set up CVMFS with the proxy IPs – sudo sed -i ‘s/example1/${proxy1_IP}/’ /home/ubuntu/default.local – sudo sed -i ‘s/example2/${proxy2_IP}/’ /home/ubuntu/default.local – sudo mv /home/ubuntu/default.local /etc/cvmfs/default.local – sudo systemctl restart autofs – sudo cvmfs_config probe # Set up LDAP with openLDAP IP – sudo sed -i ‘s/ldap_ip/${openLDAP_IP}/’ /etc/ldap.conf – echo ${LDAP_admin_pass} | sudo tee /etc/ldap.secret > /dev/null – sudo sed -i ‘s/ldap_ip/${openLDAP_IP}/’ /etc/ldap/ldap.conf – sudo systemctl restart nscd

# Reboot node power_state: mode: reboot message: ‘cloud-init finished; now rebooting…’ delay: now “`

Any thoughts on how I can solve this or make this setup more dynamic? I’m still learning how to do things “correctly” in Terraform so let me know if there are any glaring issues or how I can resolve this issue. Thank you!

submitted by /u/ejams1
[link] [comments]

Issue when testing/running terraform locally

Hi everyone, i was able to test at least terraform init and plan locally for a long time but now facing issues. Maybe someone has an idea? It works totally fine when pushing it to gitlab and running it through my gitlab runner. Just wondering if my mac…

Trouble using for-each when creating users in TF

I’d like to automate a task using TF. The idea is simple:

From a .csv file, get the users, groups, and passwords to be created in AWS as IAM users.

I’ve managed to create users and adding them to groups.

However, when I try to set their passwords, I’m receiving the following error:

“` Error: Unsupported attribute

on main.tf line 32, in resource “aws_iam_user_login_profile” “add-pass”: 32: user = each.value.usuarios #PROBLEM HERE! IT GENERATES A TUPLE BUT I ONLY WANT 1 USER PER LOOP!! |—————- | each.value is a tuple with 4 elements

This value does not have any attributes. “`

The code is:

“` terraform { required_providers { aws = { source = “hashicorp/aws” version = “~> 3.27” } }

required_version = “>= 0.14.9” }

provider “aws” { profile = “default” region = “us-east-2” }

Lê csv e transforma em map para ser consumido

locals { csv_data = file(“${path.module}/usuarios2.csv”) users = csvdecode(local.csv_data) }

Cria os usuários, atribui senhas e os adiciona em seus respectivos grupos

resource “aws_iam_user” “usuarios” { for_each = { for usuario in local.users : usuario.usuarios => usuario } name = each.value.usuarios }

resource “aws_iam_user_login_profile” “add-pass” { for_each = { for newPass in local.users : newPass.senha => newPass… } user = each.value.usuarios #PROBLEM HERE! IT GENERATES A TUPLE BUT I ONLY WANT 1 USER PER LOOP!! pgp_key = “keybase:$user”

output “password” {

value = aws_iam_user_login_profile.example.encrypted_password



resource “aws_iam_user_group_membership” “add-group” { for_each = { for newGroup in local.users : newGroup.grupo => newGroup }

user = each.value.usuarios groups = [ each.value.grupo, ]

} “`

I’m aware of what the problem is, but I not being able to fix it.

Could anyone give me a hand here?


submitted by /u/criptonauta
[link] [comments]

New to TF, trying to figure out how to modify a coworkers code to use for_each (I think I need to figure out how to load variables into a list)

At work we recently sharded a database and my coworker wrote the script for it. I recently checked it out and found out he manually wrote the module setup for all databases. This feels annoying to maintain in the future so I wanted to setup a way to just for_each to setup the modules.

I think I have almost everything setup, I have my .tfvars loading into my variables.tf but I’m not sure how to setup the variables from variables.tf to either load into a list or a map so I can just for_each a map of objects. I’m sure this is a super basic question but I genuinely am unable to find the answer from googling it.

example code trying to show what I’m aiming for:

variable "shard-1-snapshot" {} variable "shard-2-snapshot" {} variable "shard-1-max-cap" {} variable "shard-2-max-cap" {} variable "shard-1-min-cap" {} variable "shard-2-min-cap" {} //below is pseudocode map "shards" { shard-1 { snapshot = shard-1-snapshot max-cap = shard-1-max-cap min-cap = shard-1-min-cap } shard-2 { } } //and get that into provider.tf 

Hope that makes things clearer

submitted by /u/tremblinggigan
[link] [comments]

Beginner questions

Hi there! I’m making the transition from mech engineering to development full time. Currently working on infra as code project and was wondering if this is the place to be for community conversations (or if there is a discord or slack?)! Also, I’m wond…

Ignore configuration

Hey everyone

Hope you are all doing good surviving all tech related woes

I have a bit of a strange issue but hear me out

We have an AKS cluster with 8 nodes and require our outbound load balancer to have 6400 allocated ports

Setting this via the azure portal is absolutely fine however when doing so via terraform this fails…

Now before we made the jump to 6400 we didn’t define this in terraform and I believe the configuration never appeared as a value in the plan… However we had set this to 3200 via the portal then updated the terraform code and ran the terraform apply and worked beautifully

(Note we did this backwards as we were reacting to an issue)

Speaking with colleagues and reading online apparently the reason setting this to 6400 fails is due to the azure API not being able to calculate correctly the number of nodes as it takes burst nodes into consideration for scaling etc..

I have tried to resolve this by adding ignore changes inside the resource block such as

lifecycle { ignore_changes = [ network_profile[0].load_balancer_profile ]

However the value returns to 0 each time… Is this incorrect?

I have thought that perhaps I could run terraform with the outbound port allocation config removed so it returns the value to ‘default’ and then terraform would ignore the configuration the next time on apply… I did this and then I changed the value in the portal to 6400 and ran another apply. The plan said 0 for the value but said It was not changing this.. so I thought happy days it should ignore this.. but nope set this to 0.. I thought this would work as previously before we never defined the value and I’m sure it never appeared in the plan

Am I stuck having to set it to a workable value and have to bump it each time in the portal? Or is there something I can do?

Apologies if this is a confusing mess I appreciate you atleast reading 🙂

And if my code block doesn’t work I’m sorry I’m on mobile and have no idea how to do this on the app

submitted by /u/kiddj1
[link] [comments]

Random Subnet for EC2 Instance Within Loop

After doing a lot of searching and testing on my own, I wanted to see if there was a way to loop through an EC2 module while assigning a random subnet ID from a predetermined pool for each loop. I was wanting to achieve this with a for_each loop as opposed to count. I know I can do something like random shuffle here:

resource "random_shuffle" "subnet" { input = ["subnet1", "subnet2", "subnet3"] result_count = 1 } resource "aws_instance" "example" { for_each = var.example subnet_id = random_shuffle.subnet.result } 

This will return just 1 subnet as expected, but I keep running into a syntax issue where it says it requires a string for the subnet ID. From my understanding this will return a list with 1 subnet in it. Is there an easy way to convert this to the proper type that I need? If there is another way to go about this I’m open to ideas.

submitted by /u/UrbanHamburger
[link] [comments]

Never miss destructive changes again

Y’all know how painful it is to miss a destructive change. We released a feature to help you know exactly what will happen when you approve a Terraform plan by highlighting destructive changes, adding search, and improving layout. Here’s how it looks l…