January 16, 2019 by snowcrash

aws_autoscaling_group – diffs didn’t match during apply. This is a bug with Terraform

happens when you have code like this:

resource "aws_autoscaling_group" "my_asg" {
  name                 = "my_asg"
  launch_configuration = "${aws_launch_configuration.my_launch_config.name}"
  min_size             = 1
  max_size             = 1
  availability_zones = "${var.availability_zones}"

  vpc_zone_identifier = ["${aws_subnet.public-subnet.id}"]

resource "aws_autoscaling_group" "my_asg" {

name = "my_asg"

launch_configuration = "${aws_launch_configuration.my_launch_config.name}"

min_size = 1

max_size = 1

availability_zones = "${var.availability_zones}"

vpc_zone_identifier = ["${aws_subnet.public-subnet.id}"]

Seems you can’t mix availability_zones and vpc_zone_identifier.

https://github.com/terraform-providers/terraform-provider-aws/issues/4801

January 16, 2019 by snowcrash

Terraform: Error creating launch configuration: AlreadyExists: Launch Configuration by this name already exists

If you’re creating an ASG using an AWS Launch Configuration, you cannot use a name for the Launch Configuration.

The solution? Simply omit name from your launch configuration.

https://github.com/hashicorp/terraform/issues/3665

Launch Configurations cannot be updated after creation with the Amazon Web Service API.

https://www.terraform.io/docs/providers/aws/r/launch_configuration.html#using-with-autoscaling-groups

January 3, 2019 by snowcrash

Terraform Interpolation Syntax

Conditionals

Interpolations can contain conditionals. E.g.

<span class="n">resource</span> <span class="s2">"aws_instance"</span> <span class="s2">"web"</span> <span class="p">{</span>
  <span class="n">subnet</span> <span class="o">=</span> <span class="s2">"${var.env == "</span><span class="n">production</span><span class="s2">" ? var.prod_subnet : var.dev_subnet}"</span>
<span class="p">}</span>

resource "aws_instance" "web" {

subnet = "${var.env == "production" ? var.prod_subnet : var.dev_subnet}"

}

using ternary operation:

Ruby
CONDITION ? TRUEVAL : FALSEVAL

				1
2

						CONDITION ? TRUEVAL : FALSEVAL

i.e. if var.env == "production"

then subnet = var.prod_subnet

else subnet = var.dev_subnet

https://www.terraform.io/docs/configuration/interpolation.html#conditionals

December 11, 2018 by snowcrash

Terraform 0.12

HCL2

HCL2 combines HCL (Hashicorp Language) and HIL (Hashicorp Interpolation Language).

The end to "${ ... }".

Improved Error messages

Error messages that actually mean something!

Remote Plan and Apply

November 21, 2018 by snowcrash

AWS: add ssh key, check fingerprint and add to Terraform

1. Generate key

ssh-keygen -t rsa -b 4096 -C "<email address>"

File name: /home/dir/.ssh/file-name_id_rsa

2. Upload

AWS Dashboard > EC2 > Key Pairs > Upload

You can check the fingerprint with:

openssl rsa -in path_to_private_key -pubout -outform DER | openssl md5 -c

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html#verify-key-pair-fingerprints

It’s important to use the correct openssl command. There are 2 separate commands – one for an AWS generated key and the second for a key you upload.

3. add the key_name to Terraform

e.g. a launch configuration:

https://www.terraform.io/docs/providers/aws/r/launch_configuration.html

4. ssh in with

ssh -i ~/.ssh/<new-key> ec2-user@<public ip>

If you’re unable to connect make sure you’ve got port 22 open on the EC2 instance Security Group.

E.g. Inbound rule:

SSH
TCP
22
82.71.9.144/32
SSH from laptop

SSH

TCP

82.71.9.144/32

SSH from laptop

e.g.

November 20, 2018 by snowcrash

AWS EKS: An error occurred (ResourceNotFoundException) when calling the DescribeCluster operation: No cluster found for name

Following along to https://github.com/terraform-providers/terraform-provider-aws/tree/master/examples/eks-getting-started

I deployed and then ran:

aws eks update-kubeconfig --name terraform-eks-demo

to get:

An error occurred (ResourceNotFoundException) when calling the DescribeCluster operation: No cluster found for name: terraform-eks-demo.

I can see the cluster so why is this happening?

Let’s try listing the clusters.

aws eks list-clusters

{
    "clusters": []
}

{

"clusters": []

}

Docs say:

Lists the Amazon EKS clusters in your AWS account in the specified Region.

so let’s specify the Region:

aws eks list-clusters --region 'us-west-2'
{
    "clusters": [
        "terraform-eks-demo"
    ]
}

aws eks list-clusters --region 'us-west-2'

{

"clusters": [

"terraform-eks-demo"

]

}

so perhaps it’s our default region that’s the issue however that says:

[default]
region = us-west-2

1 2	[default] region = us-west-2

but our ~/.aws/credentials says:

[default]
aws_access_key_id = <key id>
aws_secret_access_key = <secret access key>
region=eu-west-1

[default]

aws_access_key_id = <key id>

aws_secret_access_key = <secret access key>

region=eu-west-1

Odd that there was a region in the credentials file. It’s usually seen in the config.

Deleting it fixed the issue so the credentials file must have overridden the config file.

https://docs.aws.amazon.com/cli/latest/userguide/cli-config-files.html

https://docs.aws.amazon.com/cli/latest/reference/eks/list-clusters.html

November 20, 2018 by snowcrash

Terraform Automation

Auto-approve

To avoid manual approval, use:

terraform apply -input=false -auto-approve

https://www.terraform.io/guides/running-terraform-in-automation.html#terraform-apply-input-false-auto-approve

November 20, 2018 by snowcrash

Terraform: EKS cluster – aws_eks_cluster.demo: error creating EKS Cluster: InvalidParameterException: Error in role params

The code I used:

https://github.com/terraform-providers/terraform-provider-aws/tree/master/examples/eks-getting-started

The first few times were fine. Then, on the third terraform apply, I got:

aws_security_group_rule.demo-node-ingress-self: Creation complete after 3s (ID: sgrule-3180869992)

Error: Error applying plan:

1 error(s) occurred:

* aws_eks_cluster.demo: 1 error(s) occurred:

* aws_eks_cluster.demo: error creating EKS Cluster (my-cluster): InvalidParameterException: Error in role params
status code: 400, request id: d063ca1b-ecb0-11e8-acff-5347eb3dd87f

aws_security_group_rule.demo-node-ingress-self: Creation complete after 3s (ID: sgrule-3180869992)

Error: Error applying plan:

1 error(s) occurred:

* aws_eks_cluster.demo: 1 error(s) occurred:

* aws_eks_cluster.demo: error creating EKS Cluster (my-cluster): InvalidParameterException: Error in role params

status code: 400, request id: d063ca1b-ecb0-11e8-acff-5347eb3dd87f

No idea what the issue was but deleting .terraform fixed the problem.

October 24, 2018 by snowcrash

AWS: reliable? It ain’t!

Let me caveat that.

There’s some idea that stuff is bulletproof once on AWS. It’s not.

AWS has internal issues as do any provider. E.g. network problems (remember that S3 EOF bug?), disk drives failing (Retirement Notifications anyone?), etc

On top of that, stuff will hit internal inconsistencies. E.g. you have an ASG which tries to launch an EC2 instance only to fail ‘cos you’ve reached your limit for that particular type of EC2 instance.

But you can build around it in your app with Error Retries and Exponential Backoffs (techniques probably more familiar to mobile developers):

https://docs.aws.amazon.com/general/latest/gr/api-retries.html

E.g. here’s a solution Terragrunt uses: https://github.com/gruntwork-io/terragrunt/blob/master/README.md#auto-retry

October 23, 2018 by snowcrash

terraform state: how do you show an instance with a count?

Say we have an instance which has been built with a count.

After downloading the JSON state file from S3 (assuming you’re hosting it remotely) then you can look in the state file for this resource using:

terraform show ~/Downloads/terraform-state-file.json | less

Assuming it’s called my-instance you can search for it and you’ll find:

aws_instance.my-instance.0:

and

aws_instance.my-instance.1:

etc.

So, let’s say you want to taint this resource. Let’s try show initially on it as it’s non-destructive so:

tf state show aws_instance.my-instance.0

But this gives:

Error filtering state: Error parsing address ‘aws_instance.my-instance.0’: Unexpected value for InstanceType field: “0”

Please ensure that all your addresses are formatted properly.

Using my-instance[0]does not work.

You need to specify the instance using:

//TODO

SnowCrash

Need Paid Support? Chat with us!

Category Archives: Terraform

aws_autoscaling_group – diffs didn’t match during apply. This is a bug with Terraform

Terraform: Error creating launch configuration: AlreadyExists: Launch Configuration by this name already exists

Terraform Interpolation Syntax

Conditionals

Terraform 0.12

HCL2

Improved Error messages

Remote Plan and Apply

AWS: add ssh key, check fingerprint and add to Terraform

AWS EKS: An error occurred (ResourceNotFoundException) when calling the DescribeCluster operation: No cluster found for name

Terraform Automation

Terraform: EKS cluster – aws_eks_cluster.demo: error creating EKS Cluster: InvalidParameterException: Error in role params

AWS: reliable? It ain’t!

terraform state: how do you show an instance with a count?