Join us weekly on Thursdays for Community Office Hours focused on Terraform and its providers. Please use this thread to ask technical questions to be answered during the 60-minute live office hours.
During Community Office Hours, we will have experts available to provide advice on technical architecture, give recommendations for operational best practices, review current Github issues, or dive into the open source-code itself.
The hosting teammates will reference this thread during each Community Office Hours focusing on Terraform and its providers.
My company created an internal set of modules that weâre required to use. Each of the modules has a provider block (for aws).
I want to call the corporate modules, but redefine the provider block in order to use localstack endpoints
When I run the modules, it seems like the provider block in the module is taking precedence. Is there a way for me to make terraform use my provider block?
My current organization is not using terraform and I am spear-heading the effort to make that statement no longer true.
I am currently writing a white paper on the security of Terraform in the Enterprise and I am struggling to find any source code security documentation. Is there anything public that I can link to in my paper?
Not sure if this is the correct Office Hours as my questions are all specific to the AzureRM provider.
Is there interest in resources that arenât backed by ARM? If so is there any recomendation on how to go about implementing this?
Context: I want to configure Stored Access Policy for a container and a queue in order to provide revokable SAS tokens.
There are mulitiple resource types, that if they fail after creation, but before creation is complete do not add the resource to the state. This makes cleaning up the problem a very manual process. Is this pattern intentional or would you be open to PRs that ensured the resource was added to the state as long as the initial creation succeeded?
Context: #9713 and #9717 for concrete resources Iâve stumbled across this problem due to missing permissions for the user running terraform on the initial run.
How to resolve differences of opinion in PRs, and how to highlight PRs that are close for being ready for a proper review?
Taking a concrete example, on #10030 I suggested splitting one of the input params in two then Neil came in and suggested the opposite and progress on the PR seems to have stopped in the confusion/uncertainty of the correct way forward.
I am developing a Terraform provider that creates a resource ( A ) and as part of that process, the provider and the resource negotiate a key that should be considered secret. We want to then immediately use this key in another resource ( B ) that will use the key to access the resource A . Also, for B to use A it needs access to multiple additional pieces of information, like IP address and name
Is it acceptable to store secrets in the Terraform state (in the resource output, and used in a resource input)?
To keep the provider user from having to use reference multiple fields, would it be acceptable to pack multiple fields worth of information into a single field?
What if the âkeyâ in this case was a kilobyte or more of data, (for example: it was a PEM encoded public or private key). Would there be any concerns about the size of the state file if this field was referenced multiple places?
Thanks in advance for reviewing this question. I look forward to hearing your answers.
1-its not secure so you store it in backend like s3 ,dynamodb , artifact and other option store it in vault
2- as output would be good for example using * to declare all resource but as reference to resource , needing to be validate it and interaction and conflict it with count index .
3- yes , if is it possible to compress it state file to minimum would be good or better to use backend
But when I click on the link, the page hangs ( keeps on loading - never completes ).
And âterraform initâ command fails for the provider.
Can you please help with fixing this? What step is missing here?
I see that the webhook is missing from the repo. Since the provider page is not loading, we are not sure how to fix this? The document indicates that I need to do a âresyncâ once that page loads.
I emailed registry support multiple times, but did not get any response. Would appreciate if we can discuss how to fix this issue.
I am receiving this error:
Error waiting for NAT Gateway (nat-xxxxx) to become available: unexpected state âfailedâ, wanted target âavailableâ. last error: %!s()
It seems this error was encountered by several others under this issue, but I didnât see a resolution:
is there a known solution to this? Or, a way to get more information about this error, such as what is causing this unexpected state of failed?
posting code below incase it is just some obvious error on my part:
###Create NAT Gateway #------------------------------------------------------- #If RdsCreate is set to true, the NAT EIP will be created. All of the network infrastructure related to the RDS depends_on NATEIP.
Hi, where do I find the current schedule for the Community Office Hours. The link in the original post by katiereese317 doesnât show a schedule. thank you so much,
Hi. Iâm trying to run the terraform to update the already existing VM image definition properties in Azure to new properties but getting below error
Code=âPropertyChangeNotAllowedâ Message=âChanging property âgalleryImage.properties.identifier.offerâ is not allowed.â Target=âgalleryImage.properties.identifier.offerâ.
Could you please help on this issue.
I have a technical question and was wondering if the community could help. Essentially I am trying to execute a terraform file and would like it to proceed if a certain resource block fails to execute. I have tried using timeout but that just kills the entire process one the time out is reached.