Questions tagged [infrastructure-as-code]
Infrastructure as Code (IaC) is the process of managing and provisioning computer data centers through machine-readable definition files, rather than physical hardware configuration or interactive configuration tools.
484
questions
31
votes
7
answers
68k
views
How to give a .tf file as input in Terraform Apply command?
I'm a beginner in Terraform.
I have a directory which contains 2 .tf files.
Now I want to run Terraform Apply on a selected .tf file & neglect the other one.
Can I do that? If yes, how? If no, ...
- 657
26
votes
3
answers
23k
views
Error deleting Target Group: ResourceInUse when changing target ports in AWS through Terraform
I am currently working through the beta book "Terraform Up & Running, 2nd Edition". In chapter 2, I created an auto scaling group and a load balancer in AWS.
Now I made my backend server HTTP ...
- 4,618
20
votes
3
answers
30k
views
CloudFormation Resource Creation if not exist
I want to create Route53 HostedZone with CloudFormation so I want to check some information in Route53 about HostedZone is exist.
In logic of my case I need check if resource is exist, ignore the ...
- 1,269
17
votes
6
answers
17k
views
How to enable CORS with AWS SAM
I'm trying to enable CORS in my AWS SAM app. Here is the snippet from my template.yaml:
Globals:
Api:
Cors:
AllowMethods: "'*'"
AllowHeaders: "'*'"
...
- 533
14
votes
1
answer
17k
views
AWS and Terraform - Default egress rule in security group
There is a repeatable configuration that I see in many Terraform projects where the provider is AWS:
The configuration of an outbound (egress) rule to allow ALL outbound traffic.
As far as I ...
- 20.2k
14
votes
4
answers
10k
views
AWS RDS IAM Authentication with Terraform
I am trying to set up my infrastructure properly with no passwords or keys laying around. AWS RDS has an option to do so, by enabling users(applications) to authenticate with generated tokens.
...
- 1,231
13
votes
1
answer
8k
views
terraform resource creation - this keyword
I came across a pattern in couple of terraform code in Github.
resource "aws_vpc" "this"
I wanted to know how keyword this provides a particular advantage over a named resource. I ...
- 1,110
12
votes
3
answers
13k
views
How to use multiple AWS account to isolate terraform state between environment
How can I do to use s3 backend that points to a different AWS account?
In other words, I would like to have something like that:
Dev environment state on an S3 bucket in AWS account A
Stage ...
- 345
11
votes
3
answers
22k
views
How do you dynamically create an AWS IAM policy document with a variable number of resource blocks using terraform?
In my current terraform configuration I am using a static JSON file and importing into terraform using the file function to create an AWS IAM policy.
Terraform code:
resource "aws_iam_policy" "...
- 385
10
votes
1
answer
6k
views
AWS with Terraform - security groups argument inside a security group rule
When you look at terraform's docs for security group, you can see that there is an option to define a security_groups argument inside the ingress/egress security rules.
It seems quite strange to me, ...
- 20.2k
10
votes
4
answers
10k
views
AWS CDK multiple Apps
Would it be possible to have two CDK Apps in the same project, something like this:
from aws_cdk import core
from stack1 import Stack1
from stack2 import Stack2
app1 = core.App()
Stack1(app1, "...
- 3,357
10
votes
3
answers
3k
views
Should the infrastructure code be stored in the same repository as the application code?
I am setting up an infrastructure to support a WebApp. One of my repositories have all the Network Infrastructure (VPC, Subnets, NAT, Bastion and so on).
The WebApp has a Route 53 + ALB + AutoScalling ...
- 7,936
9
votes
1
answer
5k
views
How to Attach Custom GCP Role to a GCP Service Account Using Terraform
I have created a service account and a custom role in GCP using Terraform. How do I attach this custom role to the service account? I could do this using GCP Console but that is not the need here as I ...
9
votes
2
answers
4k
views
Export existing AWS CloudWatch alarms to CloudFormation template
How to export existing, configured and tested AWS CloudWatch alarms to Cloudformation template?
I know about CloudFormer tool, but it supports limited number of AWS services (Amazon VPC, DynamoDB, ...
- 7,151
8
votes
5
answers
4k
views
ARM Template - auto approval of managed private endpoint
I am developing an ARM template for Azure Data Factory with managed private endpoints to SQL Server and Azure Datalake. However, when the ARM template completes execution, the managed private ...
- 1,045
7
votes
1
answer
27k
views
Terraform Nested Module Calling and Outputs
I'm working on infrastructure provisioning, so I'm calling modules as nested.
There is my file system tree.
├── main.tf
└── modules
├── client.tf
└── in
└── main.tf
My ...
- 1,269
7
votes
2
answers
7k
views
Terraform: Failed to query available provider packages (Azapi)
I try to use the Azure/Azapi Provider within my Terraform project but after I add the provider and run terraform init, I get the following error:
Error: Failed to query available provider packages
...
- 57.7k
7
votes
1
answer
15k
views
How do I implement a DynamoDB Global Secondary Index with Infrastructure As Code in CloudFormation
I am working on implementing a GSI in CloudFormation with Infrastructure As Code. All I want to do is use this table to keep count of the entries in the main DynamoTable. Here is what the main tale ...
- 1,537
7
votes
4
answers
6k
views
Set account recovery preference for AWS Cognito User Pool with Terraform
In the spirit of infrastructure as code, I've configured an AWS Cognito User Pool via Terraform with the helpful aws_cognito_user_pool resource.
However, I can't seem to locate the argument/config ...
- 364
7
votes
1
answer
1k
views
Could I use GCP infrastructure as a code to setup Firebase Auth, Firestore, RDB, Cloud Functions?
I know that I could setup Cloud Firestore and GCP Cloud Functions with infrastructure as a code, but I'm interested that it will be shown at the Firebase Console. I also can't find any way to deploy ...
- 1,968
7
votes
3
answers
4k
views
How to enable interactive authoring while deploying Data Factory Azure IR on managed vNet through Terraform?
I am using below Terraform code to deploy Data factory Azure IR in managed virtual network:
resource "azurerm_data_factory_integration_runtime_azure" "ManagedIR" {
name ...
6
votes
3
answers
3k
views
AWS Cloudformation - Stack vs NestedStack
I thought that this would be answered quite clearly out there on the internet. But I have found no sufficient answer to when to use one type of stacks and when to use another type of stacks.
So the ...
- 3,357
6
votes
2
answers
8k
views
Terraform - Use security group ID created in separate file for EC2 instance creation
I have used this module to create a security group in AWS VPC. How do I reference the resource created from this in a separate file? I am creating our bastion instance in a separate directory in the ...
- 77
6
votes
2
answers
2k
views
Arm Template (Bicep): Circular Dependency when merging appsettings (list function)
I'm trying to update the AppSettings of an App Service through a bicep file.
When doing this in my bicep template:
var currentAppSettings = list('Microsoft.Web/sites/appServiceName/config/appsettings',...
- 415
6
votes
3
answers
2k
views
Check if AWS resource has been deployed by CloudFormation
I'm new to a large AWS deployment where stuff is mostly deployed through CloudFormation (and some through Terraform). But there are always cases where something has been deployed manually and not ...
- 457
5
votes
2
answers
4k
views
How to get the "Function Url" which is with in a Function-App deployed using Terraform?
As part of IaC, A Function App, lets name it FuncAppX is deployed using Terraform, which has a function with-in.
I need to access the Url of the same function with-in a function app using Terraform. I ...
5
votes
1
answer
18k
views
How to properly reset Terraform default tfstate?
Recently, I've started using workspace per env in my Terraform configuration. I ended up having three workspaces dev, staging and production. But for historical reasons my default workspace still ...
- 10.3k
5
votes
1
answer
3k
views
How to access/cast the module output to specific object in bicep?
I am having below bicep which is returning keyvault. I like to access the properties/functions in keyvault in parent bicep. But not sure how to achieve when using it as a module.
I have keyvault....
- 599
5
votes
2
answers
1k
views
CloudFormation templates: continuous testing for infrastructure as a code
On the project we use some of AWS services like AWS Lambda, EC2, AWS API Gateway, ElastiCache, etc. Also we have CloudFormation template which describes whole our infrastructure. As the project is ...
- 7,151
5
votes
1
answer
3k
views
Terraform - ASGs with Mixed Instance Policies
I am using AWS with Terraform to spin up infra, but specifically I'm having issues spinning up an ASG with a Mixed Instance Policy. I am trying to spin up an ASG where by one instance will always be ...
- 281
5
votes
1
answer
1k
views
How to debug CloudFormation templates generated by Serverless orchestrated by CircleCI
Context
I feel like I need to provide a lot of context here for the full scope of the problem to be understood, so apologies in advance if this goes a bit long or ends up providing too much ...
- 106k
4
votes
3
answers
6k
views
Cloudformation Output of Cloudformation Init
I have got a CloudFormation stack , shown as below ,
"Metadata" : {
"AWS::CloudFormation::Init" : {
"config" : {
"/home/ec2-user/create_db_user....
- 1,269
4
votes
1
answer
629
views
Is Pulumi that magical when compared to using Azure .NET SDK?
I'm with a dilema here about which SE site to ask this question so please help me out if it should be somewhere else.
I've been looking into Infrastructure as Code solutions.
Didn't like Terraform ...
- 8,330
4
votes
4
answers
12k
views
Bicep: Creating random string
I'm coming from a Terraform background and AWS. Now I'm using Bicep with Azure, so please bear with me :)
In Terraform, we create random passwords with the random_password resource. We then stored ...
- 933
4
votes
1
answer
2k
views
How to declaratively manage Kafka topics?
We're using Apache Kafka and have a lot of manually created topics (with custom topic config). We want to manage our topics like the rest of our infrastructure/configuration as code.
How can we ...
- 41
4
votes
1
answer
2k
views
Fetching AWS SecretManager Secret as Integer Value per CDK
I'm trying to fetch the Secret as integer Value (port number) per CDK in order to create another resource. Basically when I need a String value for String parameters everything is working fine, but ...
4
votes
1
answer
5k
views
What is the Correct Terraform Provider Configuration for Google Cloud Platform Resources with Beta Arguments?
Terraforming any Google Cloud Platform (GCP) resource defined by any beta arguments requires the google-beta provider. Should the google-beta provider be used instead of or in tandem with the google ...
- 1,231
4
votes
3
answers
71
views
+300
Preventing Terraform from assigning reserved IP addresses to resources
I have a scenario where I’m using AWS server setup with an EFS and RDS setup. To enable high availability, I’ve configured a PCS cluster, and as a result, some IP addresses have been reserved as ...
4
votes
2
answers
2k
views
How refactorable are AWS CDK applications?
I'm exploring how refactorable CDK applications are. Suppose I defined a custom construct (a stack) to create an EKS cluster. Let's call it EksStack. Ideally, I'd create the role to be associated with ...
- 345
4
votes
1
answer
3k
views
How do you ignore a nested field in Terraform?
Terraform newbie here. I have a code here for the ECS schedule task. Whenever I change this and apply the change, the first version of task definition is getting set in the ECS task. So I tried adding ...
- 8,258
4
votes
1
answer
5k
views
In Pulumi, exist a equivalent to pulumi.Output.apply, but to transform pulumi.Input values?
I'm developing a Pulumi ComponentResource named CopyPostgresql in Typescript.
CopyPostgreSql is a Kubernetes job that copy in streaming the content of a source Postgresql database to a target ...
- 809
4
votes
2
answers
2k
views
How to create Azure Front Door Standard/Premium with custom domain using Bicep?
In the classic Azure Front Door you can just point a DNS CNAME to your Front Door and validate it. In the new Azure Front Door Standard/Premium a CNAME must be validated using a TXT record on your DNS....
- 4,498
4
votes
3
answers
3k
views
Get existing VPC for use within a Pulumi stack
I'm trying to use Pulumi within a somewhat restricted AWS environment.
This sandbox requires that I use a specific VPC, and there is no default VPC.
I have tried the examples showing how to reference ...
- 29.4k
4
votes
2
answers
352
views
How to get the PR (Pull Request) number
I just started using Pulumi and I checked a lot of docs, a lot of repos and just can't find how can I get the PR (Pull Request) number to be used.
I know that Pulumi generates an Environment variable/...
- 1,016
4
votes
1
answer
1k
views
CloudFormation Custom Resource responseKey
I have got lambda backed Custom Stack in CloudFormation , So I need the fetch function output and put it to the AWS Console, how I can handle this problem?
My Stack is shown as below ;
"...
- 1,269
4
votes
1
answer
999
views
CloudFormation Response Object Timeout
I've got a CloudFormation Lambda Backed Custom Resource ,
Lambda function in public subnets but when I check the cloudWatch logs shown it below
Log-Message#1
Starting new HTTPS connection (1): ...
- 1,269
4
votes
1
answer
693
views
Launch EC2 servers in multiple subnets using count with terraform
I have a use case where I have set variable instance_count = 3 and I have 2 Private_subnets which is a list ["subnet-id-A", "subnet-id-B"], what I want my terraform code to ...
- 41
3
votes
1
answer
10k
views
Terraform: resolve "no available releases match the given constraints" error
I am trying to update hashicorp/aws provider version.
I added terraform.tf file with following content:
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
...
- 2,047
3
votes
1
answer
3k
views
terraform_remote_state data block syntax
I'm working on an AWS multi-account setup with Terraform. I've got a master account that creates several sub-accounts, and in the sub-accounts I'm referencing the master's remote state to retrieve ...
- 517
3
votes
1
answer
4k
views
Adding environment variable to Cloudformation ECS + Fargate deployment
Our images have environment variables that ought to be defined during docker run, any idea how to add this variables into the cloudformation file. We currently have something like:
Task:
Type: AWS::...
- 796