Search results

Multi-part cloud-init provisioning with Terraform

Cloud-Init is "a standard for customizing" cloud instances, typically on their first boot. It is allows mixing state-based configuration management with imperative provisioning commands (details in our IaC article). By using cloud-init most of the annoyances of SSH-based provisioning can be avoided: Having to use (possibly shared) SSH keys for provisioning Having to have direct […]

Data-driven Terraform: Kubernetes cluster in Hetzner Cloud

Terraform does not have a particularly strong decoupling between data and code, at least not from a best practices perspective. It is possible and useful, however, to use data to define Terraform resources - if not for any other reason but to reduce code repetition for common resources that require defining lots of parameters. Here's […]

Terraform Enum data type

In Terraform you have access to basic data types like bool or string. Defining the data type is a good start for starting to improve the quality of your modules. However, you may want to validate that a certain string matches a list of pre-defined options, and if not, fail validation early. Terraform, unlike Puppet, […]

Conditional provisioner blocks in Terraform

I'll start with a spoiler: what the title suggests is not possible. It is, however, possible to accomplish this with cloud-init and Terraform templates as described in the Multi-part cloud-init provisioning with Terraform blog post. If you need to use SSH/WinRM provisioning, then there are various workarounds you can apply, and this article explains some […]

Terraform Azure resource provider registration fails

Terraform has good support for Microsoft Azure through the Terraform Azure provider and the AzureRM backend. However, you may hit a glitch when adding or importing resources if you lack permissions to register Azure resource providers: At first glance this error look cryptic, but it is quite clear once you understand what Azure resource providers […]

Managing self-hosted GitLab with Terraform

GitLab has an extensive API which allows managing its internal configuration such as users, groups and projects. The official GitLab Terraform provider builds on top of this API. It assumed here that the Terraform controller (e.g. your laptop) is able to reach your GitLab instance's TCP port 443 - if it can't there's no way […]

Product launch: 'Puppeteers Cloud Modeling'

Puppeteers has launched a new service product which allows you to gain control of your Cloud resources by having them imported to Terraform. This allows you to manage changes to your Cloud and radically reduces the need for the pesky "who changes this and why?", "who set this up and is it still needed?" and […]

Terraform stalls when recreating security groups

Sometimes Terraform stalls when trying to remove AWS EC2 security groups and Terraform does no give any hint as to what is wrong. The problem is caused by that security group being attached to an EC2 instance or network interface. Interestingly Terraform messes up the order of the AWS API calls even when it (attempts […]

Terraform resources with dynamic provider values

Sometimes you'd like to pass a dynamic value to a Terraform resource's provider parameter. This can be done, but some background first. Terraform allows you to define multiple providers of the same type using provider aliases. This is useful when you're working with a provider that is tied to a region, the AWS provider being […]

AWS to Azure resource translation table

We use Terraform for managing our Cloud infrastructure. Our customers typically use AWS and that's what we're most familiar with. Each public Cloud has its own terminology, so this page is a translation table between Terraform resource names in the AWS and Azure providers: AWS Azure aws_instance azurerm_linux_virtual_machine aws_network_interface azurerm_network_interface aws_security_group azurerm_network_security_group aws_security_group_rule azurerm_network_security_rule aws_vpc […]

Sed spell to ease moving to Terraform 0.13

When moving from older versions of Terraform 0.12.x to latest 0.12.x (now: 0.12.29) you may notice the following warnings: These make sense, but may come as a surprise as earlier 0.12.x versions were perfectly fine with them. You may have tons of these, so fixing them manually gets tiresome. The fix is not too difficult, […]

Terraform 0.11->0.12 migration: stabs at the state file

We maintain a rather complex AWS environment built with Terraform that uses nested modules and lots of per-resource provider configurations. Recently the pain of staying with Terraform 0.11 became too much, so we had to start the migration to Terraform 0.12, with 0.13 going to follow soon after. In general the official upgrade instructions were […]

Finnish language webinar recording: "Building infrastructure as code"

For the Finnish speakers out there here's a recording of our webinar held in co-operation with Turku Business Region on 5th May 2020: Infrastruktuurin rakentaminen koodilla We cover the very basics of infrastructure as code, version control, quality assurance techniques and tools such as Puppet, Terraform, Ansible and Puppet Bolt.

Terraform: Importing resources from a non-default AWS region

I recently - again - had to import resources to Terraform (0.11.14) from AWS that were outside of the default AWS region and were managed in a nested (non-root) module. The root module contained the provider configuration, including multiple aliases to allow creation of resources in different regions, as well as the nested module call, […]

Terraform S3 access denied problems

I've stumbled upon interesting access denied problems with S3-based Terraform state files recently. Suppose you have two or more Terraform root modules which use the same bucket for storing the state and just use a different key (=state file): terraform { backend "s3" { bucket = "terraform-state" key = "root-module-1" region = "eu-central-1" } } […]

Lack of default connection settings in Terraform 0.12.x

I was recently bit by a feature (one might call it a bug) in Terraform. We wanted to try out the "Networks" feature in Hetzner Cloud but that required upgrading terraform-provider-hcloud, which in turn required upgrading Terraform to 0.12.x. For the most part migration from 0.11.x code to 0.12.x code was straightforward with some help […]