terraform

So I have gotten pretty good at basically making pop up environments using terraform (create X amount of linux servers from a template I made, ip assignment, hostname additional drives etc). The only issue I am having is that I basically had to write an ansible script to go in after creation and add my DNS. It isn’t a big issue, but every tutorial I have looked at for adding DNS fails. Anyone have a just straight up DNS1 = 1.1.1.1 DNS2= x.X.X.X?

Hi Guys,

I’m a noob with IaaS. I have tried googling this, but I don’t know what should I ask Google!

So I’m a application developer – MERN stack. Recently started with Google cloud, mostly using managed services – but also a few compute engine instances that I’ve manually created from the UI (for my Apache and Express servers).

I have a web app up and running – and I didn’t really understand why would I need IaaS.

For dynamic workloads, wouldn’t it be ideal to have some sort of elastic managed service? Like managed compute instances on auto scaling or maybe app engine?

Can someone help me with, or point to some real world use cases of Terraform (specially articles that can highlight how inefficient the setup would’ve been without Terraform).

Most of you probably use Terraform at work – what are the usecases? Is it just provisioning infrastructure…then how is it different from using the web, or for automation – using the CLI or the provided APIs?

I understand this is probably an embarrassing post – but with an application development background, I’m struggling with wrapping my head around the infrastructure bits.

Thanks and I appreciate your time.

Hey y’all

Been trying out azure DevOps automating TF deployments

I have a script to create the resource group, storage account and container and grab the access key

I then use PowerShell to replace the key value in the backend file

Package it all up and run an init

Prior to me replacing the value and just having the key in the file it would work

TF complains about an illegal character in the backend file and I’m assuming this happens when I replace the value… Has anyone done this or know a way I can do this? Or does anyone know how to successfully format an output for terraform using PowerShell …. Happy to use python to replace the value in the file but I have very basic knowledge

Ideally if I can replace the value using PowerShell I’m onto a win

We’re investigating using Terragrunt to autocreate (s3) backend files for TF code instead of having to resort to symlinks or manually copying them over and changing the s3 state keys (the horror).. The ‘generate” functionality also allows us to create other .tf files in the relevant folders/modules, eg with standard data sources and standard locals.

Now i kinda like the options TG offers, but i’m a bit reluctant to start relying on 3rd party wrappers on top of TF.

Is anyone else doing this too? Or are you using other awesome ways to handle this?

Hi everyone! Hope you’re having a great day.

Recently I’ve been assigned to Google Cloud project which utilizes Terraform as IaC tool. I am now struggling because my old setup (PyCharm + Terraform plugin) isn’t working how it’s supposed to, basically I have no autocomplete features. The same IDE has been working brilliantly for AWS resources. Can anyone suggest some other tool/plugin I can use for this purpose?

Today’s an exciting day for us as we officially launch Cloudrail – a second generation security analysis tool for Terraform: http://indeni.com/cloudrail/

Basically, we looked at the good work done by the guys at checkov, tfsec and others, and decided to take it one step further. Cloudrail takes the TF plan, merges it in memory with a snapshot of the cloud account, and then runs context-aware rules on it. A few things that allows us to do:

1. When we look at an S3 bucket’s ACLs, we know if the account has public access block set or not. This allows us to ignore “public-acl” type settings if the account blocks it anyway.
2. When we look at an IAM role/user/group, we can tell what policies are attached to it, even outside the TF code (in the cloud).
3. When an RDS database is defined without specific VPC information, we can calculate what the default VPC looks like (if there is one), what its default security group and whether that will cause a problem.

And a bunch more examples… Basically Cloudrail was built to be used in the CI pipeline from day one, so it’s meant to be very dev/devops friendly.

As a token of appreciation for this amazing subreddit, we will be giving access to Cloudrail for free until the end of June to any member of this subreddit. Just DM me for access after you’ve signed up to Cloudrail. (after June, it will be 30-evaluations/month for free, though that is also expanded to unlimited if you’re part of an open source project)

I know Artifactory isn’t advised(since it doesn’t store the lock), but it’s an easy alternative for our exact use case without having to use up extra resources. Having said that, it seems like the default configuration example in the user docs advises overwriting the same state. This is not allowed by our Artifactory admins. Is there any way to version this?

Has anyone used driftctl before specifically the ‘scan’ option? Does it really just scan? My worry is that it may do something to my infrastructure since the AWS_PROFILE that I am using is a powerful profile.

so is it better do do

resource "aws_instance" "my_example" { ... 

or better to do

resource "aws_instance" "my-example" { ... 

I’ve encountered competing styles at work so as a standard for say a module, I want to hit it off with the majority view if there is one.

I’m brand new to Terraform and working my way through the first tutorial. I *think* I’ve followed it to the letter. It tells you to modify main.tf – which is a bit confusing because I have multiple main TFs (and this is a clean download from git)

​

https://preview.redd.it/l4mowjw9tfj61.png?width=240&format=png&auto=webp&s=8e270df2ec667a1910f25421e509a67b6992f20f

The last step I performed was to modify main.tf – I picked the one under coffee because it matched the description at initialize workspace. Mine now looks like:

terraform {
required_providers {
hashicups = {
version = "~> 0.3.1"
source = "hashicorp.com/edu/hashicups"
}
}
}

variable "coffee_name" {
type = string
default = "Vagrante espresso"
}

data "hashicups_coffees" "all" {}

# Returns all coffees
output "all_coffees" {
value = data.hashicups_coffees.all.coffees
}

# Only returns packer spiced latte
output "coffee" {
value = {
for coffee in data.hashicups_coffees.all.coffees :
coffee.id => coffee
if coffee.name == var.coffee_name
}
}

Running init however gets me:

..\..\terraform.exe init

​

Initializing the backend...

​

Initializing provider plugins...

- Finding hashicorp.com/edu/hashicups versions matching "~> 0.3.1"...

​

Error: Invalid provider registry host

​

The host "hashicorp.com" given in in provider source address

"hashicorp.com/edu/hashicups" does not offer a Terraform provider registry.

Am I doing something wrong? I can’t tell if I’ve missed part of the instructions. Terraform version is 0.14.7.