Where communities thrive

  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
    satish reddy
    line 54:
    scaling_config {
    desired_size = "${each.value.desired_size}"
    max_size = "${each.value.max_size}"
    min_size = "${each.value.min_size}"
    update_config {
    max_unavailable_percentage = 10
    Angus Hollands
    satish reddy: can you share the entire resource definition?
    Joe Roberts
    Can someone help me figure out how to reference this aws lambda child module output in another root module resource? https://github.com/terraform-aws-modules/terraform-aws-lambda/blob/master/outputs.tf#L2-L4
    I'm trying to use the lambda arn in a lambda_action:
      lambda_action {
        function_arn    = module.lambda_function.aws_lambda_function.this[0].lambda_function_arn
        invocation_type = "Event"
        position        = 2

    Hi Team i am trying to pass the value of a item in for loop into terraform as follows but not able to succed. Request your kind advise

    for remote_list in [remote-list1,remote-list2]: [
    for remote in local.${remote_list} {


    hi, i am a little confused about how one can use the google_billing_budget resource https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/billing_budget

    I am getting the error present in the warning, but I am not really sure how to properly fix it. Does anyone have a working example that I could leech on? :D

    I have tried impersonating a service account with gcloud auth activate-service-account, but it didn't help. The full error I am getting is:
    Error creating Budget: googleapi: Error 403: Your application has authenticated using end user credentials from the Google Cloud SDK or Google Cloud Shell which are not supported by the billingbudgets.googleapis.com. We recommend configuring the billing/quota_project setting in gcloud or using a service account through the auth/impersonate_service_account setting. For more information about service accounts and how to use them in your application, see https://cloud.google.com/docs/authentication/. If you are getting this error with curl or similar tools, you may need to specify 'X-Goog-User-Project' HTTP header for quota and billing purposes. For more information regarding 'X-Goog-User-Project' header, please check https://cloud.google.com/apis/docs/system-parameters.
    hello all, how can i use something like for_each = toset(var.config_files) provisioner templatefile("${each.value}") to render multiple files in the same for_each loop ? the var.config_files is a list of files
    Tom Jackson
    hey folks, i'm interested in creating lex skill resources via the aws provider. I don't see any sign of such a resource currently and don't see any mention of it on the roadmap. is this on anyone's radar?
    Any idea how I can get this to work :
    service_role = "${var.environment = "preprod" ? var.codebuild_role_arn_preproddeploy : var.codebuild_role_arn_proddeploy}"
    service_role = "${var.environment == "preprod" ? var.codebuild_role_arn_preproddeploy : var.codebuild_role_arn_proddeploy}"
    Can anyone help me with dynamodb table items error
    when making a customer terraform provider What are the best practices for validating values in a set or list? Since ValidateFunc ValidateDiagFunc are only supported for primitive types
    ValidateFunc and ValidateDiagFunc are not yet supported on lists or sets.
    2 replies
    can we install docker engine inside a vagrant ubuntu virtual box by using Terrfaform?
    My plan is using Vagrant to setup a bunch of raw ubuntu vms, then run "terraform init/plan/apply" to do the rest: including install docker engine, create k8s cluster by kind, install helm apps, setup port mapping etc.


    Erik Aaron Hansen
    hey! I need to use the output from one command as input to another. I've used https://github.com/matti/terraform-shell-resource for this. The problem I have is that circleci wants to re-run the command after being created, which I don't want. However, if I run it locally on my computer it won't try to re-run it when it's already created. in circle it says that there's a diff in the stdout/stderr :s I'm not completely sure if I understand how terraform works with regards to this. We're using circle to roll out changes (with terraform plan and terraform apply).
    1 reply
    I have a block being run for_each with internal dynamic blocks that reference the each of the main block. Why is it only the dynamic blocks that have "There is no variable named "each"."? I'm using each successfully outside of those dynamic, internal blocks

    Good afternoon all. I'm creating a user_data in resource "aws_launch_template". It will be a unix shell script. Am I right I will have to use "filebase64()" function? I got that function from this link - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_template#user_data

    However, I got confused with examples I saw in Hashicorp community forum. They used base64encode() to wrap the connect

    So which is right for assigning a value to "user_data"?

    1 reply
    Przemyslaw Bak
    I need to create an EKS cluster with TF. This EKS cluster need to be connected to the existing VPC with many components (subnets, RTs, etc). This VPC (and all its sub-components) won't be managed by TF. Should I import it to TF or access it as data source ?
    ahhh issue is i didn't need to have .arn as the polkicy was already providing the arn
    Anyone help me
    Need a sftp with username and password using aws sftp using terraform module.

    Potentially stupid question here that probably implies I'm missing the boat on how terraform works, but here goes. I have a few terraform modules that allow us to create virtual machines on our environment. We are using backend storage with locking to ensure safe multi-user synchronized state. I can easily modify my main.tf / terraform.tfvars to add/remove virtual machines. My understanding is that the tfstate reflects the actual state, and the .tf files reflect the desired state. Terraform will apply changes to turn the actual state into the desired state.
    While the actual state is shared (via the backend) I think this also implies that the desired state needs to be shared in something like a git repo. That is, if fred and mark have copies of the same terraform scripts to create vms, and we have something like this: (assume we have a list of vm's in our tf variables somewhere)

    • fred sets vm_list = ["fred-vm"] and runs terraform init (which pulls the tfstate), terraform apply, and we get fred-vm
    • mark sets vm_list = ["mark-vm"] and runs terraform init, terraform apply, mark-vm gets created AND fred-vm gets deleted

    I don't want fred-vm to be deleted, i want mark-vm to be added.

    The obvious solution here is to share the terraform scripts via dvcs repo such as a git repo, but what I'm trying to do is a little nefarious. I'm trying to obfuscate terraform away from the users by wrapping things up in a jenkins job. Run the 'Create-VM' job w/ the vm-name parameter and it creates the VM, run the 'Destroy-VM' job w/ the vm-name parameter and it deletes the VM (by doing some work to figure out the resource names)

    Is this a reasonable workflow, or do I have to bite the bullet and have people work on a git module containing the terraform code?

    git repo*
    Noah Wöhler
    Hi, can I post a call for participants in an interview study on open source projects here? If any mod wants more details via DM first, then I'm happy to oblige :)
    Anyone help me
    Need a sftp with username and password using aws sftp using terraform module.

    So whats the proper way to reference resources created in another file?
    I a folder
    in that folder i create roles and and some policies so.

    I create policies in /folder/roles/instance_permission.tf and i need to reference roles in that policy as well as add the policy to those role files.. Rather than put the ARN manually how do i reference like local.roles.instance_permission_policy.. etc.

    I suppose to summarize my question: With terraform you define the desired state in a very absolute/static way. "I want 3 vm resources, vm1 vm2 and vm3". Is there a way to dynamically add/remove from the current state? "add 1 more vm called vm-fred".
    6 replies

    When writing a provider is there any way to unit test that the terraform hcl is mapped into the expected resource you want to create. So if you had a resource

    resource "foo_resource" "bar" {
       name = "baz"
       enabled= true
       favorite_color = "yellow"

    will get turned into a struct that is

    foo.Foo {
      Name: baz,
      enabled: true,
      favoriteColor: yellow

    Hey guys, just wondering how do you avoid trailing commas in templatefile?

    For example:

    resource "something" "test" {
      values = [
            list_of_something = var.list_of_something

    And the template:

          environment = [
            %{ for something in list_of_something ~}
            %{ endfor ~}

    Is there a graceful way to control the last element in a similar manner like in Jinja if loop.last?


    3 replies
    Uriel Salischiker
    This message was deleted
    Uriel Salischiker
    Is there a way to detect if a value is unknown during plan and replace it with a known value?

    Hi, does anyone have a working example of authentication for google_billing_budget https://registry.terraform.io/providers/hashicorp/google-beta/latest/docs/resources/billing_budget ?

    I am confused by this warning

    If you are using User ADCs (Application Default Credentials) with this resource, you must specify a billing_project and set user_project_override to true in the provider configuration. Otherwise the Billing Budgets API will return a 403 error. Your account must have the serviceusage.services.use permission on the billing_project you defined.
    Iwan Aucamp
    hi, is there some easy way to generate a openpgp keypair from Terraform?
    I guess one option is to generate a RSA keypair and use pem2openpgp when using it with GnuPG, but pem2openpgp seems to be somewhat dead
    Shashwat Singh
    Hi all,
    Wanted to if there is any plan to add EFS intelligent support to terraform. Specifically looking to enable Transition out of IA feature using TF.
    Anyone familiar with cidrsubnets function in terraforrm? Trying to figure out how to geenrate 2 subnets and can't figure out the calculation.. Trying to generate a .32/28 and a .48/28
    Kanaka Raju

    Hello getting this error while creating EC2 Instances with terraform.
    Other services such as VPC,S3 buckets can be created easily but in EC2 It gives an error.

    It says,
    Failed to reach target state. Reason: Client.InternalError: Client error on launch


    Hello, terraform plan in AKS always show changes:
    oms_agent {

              - enabled            = false -> null
              - oms_agent_identity = [] -> null

    Maybe someone know how to fix it?

    george (he/him)
    Is there a way to tell terraform cloud to only do a shallow clone of the repo when it does planning? I have a few really big repos and for those workspaces, planning can take up to 15 mins before even starting


    Stephan Stachurski
    is there a terraform ide that has good features for auto refactoring? like extracting fields to locals or variables
    Satish Sahasrabudhe

    Hi. I'm a newbie to terraform. I'm trying to add cloudwatch alarms for ec2. Here's the snippet. So, when I try to add other instances, it says it will replace the last line with just another line.

    I want the "dimensions" to be applicable where Environment = Prod. So, how do I do that ?

    resource "aws_cloudwatch_metric_alarm" "instance-health-check" {
    alarm_name = "instance-health-check"
    comparison_operator = "GreaterThanOrEqualToThreshold"
    evaluation_periods = "1"
    metric_name = "StatusCheckFailed"
    namespace = "AWS/EC2"
    period = "120"
    statistic = "Average"
    threshold = "2"
    alarm_description = "This metric monitors ec2 health status"
    alarm_actions = ["arn:aws:sns:us-east-1:123:abc-pagerduty-integration"]

    dimensions = {
    instance_id = "i-123"
    instance_id = "i-456"

    With TF 0.12 I had a sanity check in CI for modules, I'd run terraform init -backend=false; terraform validateand that worked fine. With TF 1.0 the validateis failing due to missing provider
    Hey guys, when the order of column in resource azurerm_cosmosdb_cassandra_table has been changed, it complains Code="NotFound" Message="Message: {\"code\":\"NotFound\",\"message\":\"Message: {\\"Errors\\":[\\"Resource Not Found. Learn more: https:\\/\\/aka.ms\\/cosmosdb-tsg-not-found\\"]}
    Does anyone have any idea here?

    Hey Guys, I'm trying to make use of count to skip modules when we try to apply the changes in us-east region.

    module "mod1" {
      count  = var.aws_region == "us-east-1" ? 0 : 1
      source = "./modules/mod1" }
    module "mod2" {
      count  = var.aws_region == "us-east-1" ? 0 : 1
      source = "./modules/mod2"
      Infra-tg                 = module.mod1.infra-tg
      Infra-sg              = module.mod1.infra-sg 

    In here both modules are skipping, but mod2 still expects output values from mod1. Which is throwing an error " Error: Unsupported attribute -- This value does not have any attributes."

    Any suggestion is appreciated .

    hi, anyone here familiar with the google_monitoring_notification_channel resource for setting up a slack notification channel? Can this be done automatically (programatically?) From where should I ideally fetch the referenced auth_token ?