Where communities thrive

  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
    Hello all
    I'm trying to add an ECR lifecycle policy to my repository but Terraform is returning Error: RepositoryNotFoundException: The repository with name 'XXXXXXXXXX' does not exist in the registry with id 'YYYYYYYYYYY' even though the repository exists
    Any idea why?
    When I have lifecycle { prevent_destroy = true } turned on, it makes it impossible to see what change in my Terraform code would cause it to be recreated. How can I show what makes Terraform want to recreate it, without commenting out the lifecycle block?
    Hello, I would like to develop on the terraform provider for Cloud Foundry.
    I'm new and having trouble setting up the environment.
    I have my CF instance, TF installed, Go installed and repository cloned.
    But I don't manage to override the setting of Terraform so that it uses the provider I built rather than fetching it from the registry.
    Can you help me ?
    6 replies
    Hey guys,
    I want to know if we have a way to read sensitive environment variables stored in terraform cloud workspace variables specifically the aws access keys? I need to use it in the terraform code.
    1 reply
    Jeremy Huylebroeck
    hello. Is there such a thing as providers for physical network switches? I don't find any in the registry but maybe it's out there somewhere?
    3 replies
    Share a provider for any platform that exposes restful api: https://github.com/magodo/terraform-provider-restful

    hi guys, i will try deploy a composer with a custom network. But when i using the tag ip_allocation_policy, i receive an error: Blocks of type "ip_allocation_policy" are not expected here.

    resource "google_composer_environment" "composer" {
    project = var.project
    name = var.name
    region = var.region

    config {
    node_count = 4

    node_config {
      zone         = var.zone
      machine_type = var.machine_type
      network    = var.network
      subnetwork = var.subnetwork
      /* service_account = var.service_account */
    ip_allocation_policy {
      use_ip_aliases = true
    database_config {
      machine_type = var.db_machine_type
    web_server_config {
      machine_type = var.web_machine_type

    any idea what is wrong in my manifest?

    Hi everyone,I'm new to terraform and i'm wondering is there any project wrap terraform as a platform so anyone can operate terraform via web ui rather than run cli in term,I have been searching github for a while and found nothing,if it's not suggested,can u explain the philosophy behind this:) thx

    Good morning all. I'm using provider aws alias so I can reference Route53 priv zone. However, I am getting an error saying

    Error: no matching Route53Zone found

    Do you see anything wrong with my tf file?

    variable "stage_account" {
      description = "Blah"
      default     = "stage"
    variable "s_number" {
      description = "The account number of the AWS account we want to pull zone id from"
      default     = "222222222222B"
    provider "aws" {
      alias = "dns"
      profile = var.stage_account
      region  = "us-east-1"
      assume_role {
    data "aws_route53_zone" "example" {
      provider = aws.dns
      name = "example.com"
      private_zone = true
      vpc_id = "vpc-BBBBBBBB"     # This is vpc-id in AWS ACCOUNT B where the private zone example.com exist
    resource "aws_route53_zone_association" "example" {
      vpc_id  = "vpc-AAAAAAAA"    # This is vpc-id in AWS ACCOUNT A
      zone_id = data.aws_route53_zone.example.zone_id
      vpc_region = "us-east-1"
    The above code is in our DEV aws account and I'm trying to reference hosted zone in our stage account
    Is the error happening because it is still looking it up in DEV account?
    Rajesh Peta
    Hello All, Can some one help me on "how to associate multiple subnets with single route table using terraform"
    Rajesh Peta
    this is my code
    resource "aws_route_table_association" "private_route_table_association" {
    for_each = [aws_subnet.provider_subnet_app_3.id, aws_subnet.provider_subnet_nlb_2.id, aws_subnet.provider_subnet_nlb_1.id]
    subnet_id = each.key
    route_table_id = aws_route_table.provider_route_table.id

    Can anyone help me out with the bellow error:|
    Error: Unsupported block type

    │ on main.tf line 65, in resource "google_composer_environment" "test":
    │ 65: database_config {

    │ Blocks of type "database_config" are not expected here.

    │ Error: Unsupported block type

    │ on main.tf line 69, in resource "google_composer_environment" "test":
    │ 69: web_server_config {

    │ Blocks of type "web_server_config" are not expected here.

    Below is the code:
    terraform {
    required_providers {
    google = {
    source = "hashicorp/google"
    version = "3.90.1"

    variable "gcp_region" {
    type = string
    description = "Region to use for GCP provider"
    default = "us-central1"

    variable "gcp_project" {
    type = string
    description = "Project to use for this config"
    default = "aayush-terraform"

    provider "google" {
    region = var.gcp_region
    project = var.gcp_project

    resource "google_service_account" "test" {
    account_id = "composer-env-account"
    display_name = "Test Service Account for Composer Environment"

    resource "google_project_iam_member" "composer-worker" {
    role = "roles/composer.worker"
    member = "serviceAccount:${google_service_account.test.email}"

    resource "google_compute_network" "test" {
    name = "composer-test-network"
    auto_create_subnetworks = false

    resource "google_compute_subnetwork" "test" {
    name = "composer-test-subnetwork"
    ip_cidr_range = ""
    region = "us-central1"
    network = google_compute_network.test.id

    resource "google_composer_environment" "test" {
    name = "example-composer-env"
    region = "us-central1"
    config {
    node_count = 3

    node_config {
      zone         = "us-central1-a"
      machine_type = "n1-standard-1"
      network    = google_compute_network.test.id
      subnetwork = google_compute_subnetwork.test.id
      service_account = google_service_account.test.name
    database_config {
      machine_type = "db-n1-standard-2"
    web_server_config {
      machine_type = "composer-n1-webserver-2"


    Michael Klatsky
    Hello- I am trying to add a provisioner block to terraform, which adds a file when an ec2 instance is launched. My .tf file can be found here: https://pastebin.com/Rk1uK001. The result when I run "terraform validate" is:
    Error: Unsupported block type
    on ec2.tf line 23:
    23: provisioner "file" {
    Blocks of type "provisioner" are not expected here.
    How can I use a provisioner in this case?
    Michael Klatsky
    I used to be able to do this before I used modules.

    Hi all, I have a question about the TF "try" function. My understanding is that it will try an option and if it fails, will go on to the next. I have a module to create S3 buckets and I have to the following:

    resource "aws_s3_bucket_versioning" "versioning" {
      bucket = aws_s3_bucket.s3_bucket.id
      versioning_configuration {
        status = var.enable_versioning ? "Enabled" : try("Disabled", "Suspended")

    This is to cover the idea of a new bucket being created vs someone wanting to turn off versioning after a bucket has been created. However, I get the following error:

    Error: expected versioning_configuration.0.status to be one of [Enabled Suspended], got Disabled
       with module.bucket.aws_s3_bucket_versioning.versioning,
       on .terraform/modules/bucket/main.tf line 86, in resource "aws_s3_bucket_versioning" "versioning":
       86:     status = var.enable_versioning ? "Enabled" : try("Disabled", "Suspended")

    Am I misinterpreting what the try() function is for?

    @mklatsky, You might need to take a look at this: https://www.terraform.io/language/resources/provisioners/connection
    Michael Klatsky
    Ah- thank you. Believe it or not- I just solved it.
    Ah, good stuff!
    Michael Klatsky
    Needed the connection info- but also needed to put the provisioner block inside a resource block. The resource block is null_resource.
    I was trying to pit it in a ec2_instance block, which just errored because it thought i was trying to instantiate a new ec2 instance.
    Yeah, for a cluster I was building I had this config:
    # Deploy setup and cluster configuration to the worker hosts
    resource "null_resource" "config" {
      count = var.instance_count
      triggers = {
        id = openstack_compute_instance_v2.vtm[count.index].id
      connection {
        type         = "ssh"
        host         = openstack_compute_instance_v2.vtm[count.index].access_ip_v4
        user         = "admin"
        bastion_host = var.bastion_host
        bastion_user = var.bastion_user
      provisioner "file" {
        source      = "${path.module}/certs/${var.site}-server.crt"
        destination = "/root/setup_vsd_cert"
    Has someone experienced this problem where the resource policy for eventbus throws an error
    Im trying with a partner event source and so the event bus will be the same name.
    Maarten Vanden Branden
    Can someone help me with a silly question, this seems not to work, and I don't want to repeat my kubernetes config in the helm provider if possible:
    provider "kubernetes" {
      host                   = var.aks_host
      client_certificate     = var.admin_client_certificate
      client_key             = var.admin_client_key
      cluster_ca_certificate = var.admin_cluster_ca_certificate
    provider "helm" {
      kubernetes = provider.kubernetes
    Maarten Vanden Branden
    I guess it used to work in the past as I see it here => https://github.com/haf/terraform-provider-sealedsecrets
    Basile Chandesris
    Hi, I am facing an issue with AWS S3 logging probably (TF 1.2.2 and 1.2.3):
    │ Error: Provider produced inconsistent final plan

    │ When expanding the plan for module.alb_external.aws_lb.this[0] to include
    │ new values learned so far during apply, provider
    │ "registry.terraform.io/hashicorp/aws" produced an invalid new value for
    │ .access_logs[0].bucket: was cty.StringVal(""), but now
    │ cty.StringVal("###-cluster-elbs-access-logs").

    │ This is a bug in the provider, which should be reported in the provider's
    │ own issue tracker.
    I am using source = "terraform-aws-modules/s3-bucket/aws"
    version = ">= 3.3.0"
    Basile Chandesris
    logging = {
    target_bucket = module.logging_for_buckets.s3_bucket_id
    target_prefix = "log/${local.name_hyphened}-elbs-access-logs"
    target_bucket - (Required) The name of the bucket where you want Amazon S3 to store server access logs.
    id - The name of the bucket.
    Basile Chandesris
    s3_bucket_id The name of the bucket.
    Basile Chandesris
    adding a depends_on for s3 in the elb code does not solve the issue
    Basile Chandesris
    added a / at the end of target_prefix : same behavious
    Basile Chandesris

    resource "aws_subnet" "RdsSubnets" {
    count = var.RdsCreate ? length(var.RdsSubnets) : 0
    vpc_id = aws_vpc.VPC.id
    cidr_block = var.RdsSubnets[count.index]
    availability_zone = data.aws_availability_zones.AZs.names[count.index]
    map_public_ip_on_launch = false
    depends_on = [aws_eip.NATEIP]
    tags = {
    Name = "X360RdsPrivateSubnet${1+count.index}"
    resource "aws_route_table" "PrivateRT" {
    vpc_id = aws_vpc.VPC.id
    count = var.RdsCreate ? length(var.RdsSubnets) : 0
    route {
    cidr_block = ""
    nat_gateway_id = aws_nat_gateway.NAT[count.index].id
    tags = {
    Name = "X360PrivateRT"

    resource "aws_route_table_association" "PrivateRTA" {
    count = var.RdsCreate ? length(var.RdsSubnets) : 0
    subnet_id = aws_subnet.RdsSubnets[count.index].id
    route_table_id = aws_route_table.PrivateRT[count.index].id #aws_route_table.PrivateRT.id

    Hello everyone I am having a question about how to populate this variable type from this https://github.com/terraform-aws-modules/terraform-aws-eks/blob/master/modules/eks-managed-node-group/variables.tf
    variable "cluster_encryption_config" {
    description = "Configuration block with encryption configuration for the cluster"
    type = list(object({
    provider_key_arn = string
    resources = list(string)
    default = []
    Iwan Aucamp
    Does terraform refresh state from remote on every run?