Where communities thrive

  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
    Chris Johnson
    Keeping up to date seems to be a requirement, depending on how much emphasis on backwards-compatibility they place
    fixing these errors that I am getting using the latest terraform may be the best thing. it did pull in newer aws provider
    fixed the errors I saw. got this Failed to instantiate provider "ansible" to obtain schema: Incompatible API version with plugin. Plugin version: 4, Client versions: [5]
    fixed that error. working through the others now
    Chris Johnson
    Oh are you setting TF_LOG=debug ?
    That will make your providers print a lot more helpful output about what's going wrong behind the scenes
    Hello everyone. How can I properly create an IAM role in AWS using Terraform v.12 and create a Trusted Entity attached to my role. The trusted entity I want is is another AWS account. I've tried doing an inline policy and a data "aws_iam_policy_document" but both result in invalid principals errors. Any help would be greatly appreciated
    in GovCloud ^
    Justin Georgeson
    After sharing AMIs to another account with aws_ami_launch_permission, what is the recommended way to copy the tags to that shared AMI?
    Greg Swallow
    has there been a recent terraform cloud upgrade?

    I'm attempting to deploy an ecs cluster with the following config.

    resource "aws_cloudwatch_log_group" "saleor-backend" {
      name = var.saleor_awslogs_group_name
    data "template_file" "myapp-task-definition-template" {
      template = file("template/app.json")
      vars = {
        repository_url           = replace(aws_ecr_repository.saleor_ecr.repository_url, "https://", "")
        image_tag                = var.commit_ref
        debug                    = var.debug
        allowed_client_hosts     = var.allowed_client_hosts
        allowed_hosts            = var.allowed_hosts
        default_from_email       = var.default_from_email
        email_url                = var.email_url
        aws_access_key_id        = var.aws_access_key_id
        aws_secret_access_key    = var.aws_secret_access_key
        aws_media_bucket_name    = var.media_bucket_name
        aws_media_custom_domain  = var.media_domain
        aws_storage_bucket_name  = var.static_bucket_name
        aws_static_custom_domain = var.static_domain
        awslogs-group            = var.saleor_awslogs_group_name
        awslogs-region           = var.aws_region
        awslogs-stream-prefix    = var.saleor_awslogs_stream_prefix
    resource "aws_ecs_task_definition" "myapp-task-definition" {
      family                = "myapp"
      container_definitions = data.template_file.myapp-task-definition-template.rendered
    resource "aws_elb" "myapp-elb" {
      name = "myapp-elb"
      listener {
        instance_port     = 80
        instance_protocol = "http"
        lb_port           = 80
        lb_protocol       = "http"
      health_check {
        healthy_threshold   = 3
        unhealthy_threshold = 3
        timeout             = 30
        target              = "http:80/health/"
        interval            = 60
      cross_zone_load_balancing   = true
      idle_timeout                = 400
      connection_draining         = true
      connection_draining_timeout = 400
      subnets         = [,]
      security_groups = []
      tags = {
        name = "myapp-elb"
    resource "aws_ecs_service" "myapp-service" {
      name            = "myapp"
      cluster         =
      task_definition = aws_ecs_task_definition.myapp-task-definition.arn
      desired_count   = 1
      iam_role        = aws_iam_role.ecs-service-role.arn
      depends_on      = [aws_iam_policy_attachment.ecs-service-attach1]
      load_balancer {
        elb_name       =
        container_name = "myapp"
        container_port = 80
    # cluster
    resource "aws_ecs_cluster" "saleor-cluster" {
      name = "saleor-cluster"
    resource "aws_launch_configuration" "ecs-saleor-django-launchconfig" {
      name_prefix          = "ecs-launchconfig"
      image_id             = var.ecs_amis[var.aws_region]
      instance_type        = var.ecs_instance_type
      # key_name             = aws_key_pair.mykeypair.key_name
      iam_instance_profile =
      security_groups      = []
      user_data            = "#!/bin/bash\necho 'ecs_cluster=saleor-cluster' > /etc/ecs/ecs.config\nstart ecs"
      lifecycle {
        create_before_destroy = true
    resource "aws_autoscaling_group" "ecs-saleor-django-autoscaling" {
      name                 = "ecs-saleor-django-autoscaling"
      vpc_zone_identifier  = [,]
      launch_configuration =
      min_size             = 1
      max_size             = 1
      tag {
        key                 = "name"
        value               = "ecs-ec2-container"
        propagate_at_launch = true

    and i have a service in saleor-cluster but my container instance is running in the default cluster. Is there something that I'm doing wrong?

    Timo Goosen
    @r33drichards what happens if you do a terraform plan?
    Try hardcoding the cluster id
    hi team,
    Need small clarification here.
    once we create a VM with terraform
    is it possible to resize /update the VM config ?
    Paul Rudin
    just trying out terraform 0.13, I've read the docs, but I can't get a local provider binary be found, I had no problem with just dropping it in the working directory with 0.12 - is there a minimal working example for how this could work?
    Did you update the required_providers section?
    Team, Any suggestion about the below error?
    The refreshed state will be used to calculate this plan, but will not be
    persisted to local or remote state storage.
    Error: Incorrect attribute value type
      on ../../modules/generic-vm/ line 3, in provider "vsphere":
       3:   user                 = var.vsphere_user
        | var.vsphere_user is object with no attributes
    Inappropriate value for attribute "user": string required.
    Error: Incorrect attribute value type
      on ../../modules/generic-vm/ line 4, in provider "vsphere":
       4:   password             = var.vsphere_password
        | var.vsphere_password is object with no attributes
    Inappropriate value for attribute "password": string required.
    Error: Incorrect attribute value type
      on ../../modules/generic-vm/ line 5, in provider "vsphere":
       5:   vsphere_server       = var.vsphere_server
        | var.vsphere_server is object with no attributes
    Inappropriate value for attribute "vsphere_server": string required.

    The provider config is looks like below

    provider "vsphere" {
      version              = "~> 1.10"
      user                 = var.vsphere_user
      password             = var.vsphere_password
      vsphere_server       = var.vsphere_server
      allow_unverified_ssl = true

    And in the variable file

    variable "vsphere_user" {
      default = {}
    variable "vsphere_password" {
      default = {}
    Am trying to make a module for generic vm creations
    Try setting an empty string or null.
    Have tried setting empty string (default = “” ) or null (default = “null”) and then provided the values while calling the modules but getting Cannot complete login due to an incorrect user name or password. error.
    you need to check your credentials
    The credentials are working fine when using without modules.
    are you using same default without modules?
    No. When am trying without modules am using variables without default.
    variable "vsphere_user" {} variable "vsphere_password" {}
    Michael Fellinger
    Is there any way to debug this? I have no clue what possibly could require such an argument:
    Error: Missing required argument
    The argument "server_url" is required, but was not set.
    Releasing state lock. This may take a few moments...
    Michael Fellinger
    hmm, strace says it's trying to run the acme provider, even though it's never mentioned in my config...
    must've somehow switched up workspaces...
    @tbugfinder @karthikeayan Thanks for validating folks, The issue has been fixed by moving the provider config from the root module to the child module.
    Carlo Cancellieri
    Hi guys, nice to meet you all, I'm new :)
    I'm provisioning a gcp compute instance with an tls_private_key and ssh_key into the metadata to use the file provisioner and now I've the file on the compute instance, which is the best way to remove the metadata without recreating the compute instance?
    possibly destroying also the tls_private_key resource
    Can I leverage on triggers?
    Currently I've to explicitly call "terraform destroy " on the tls_private_key ... in this case the metadata will contain a not usable public ssk key but it's still dirty...
    Will Yardley
    x-posting from #terraform - anyone have any ideas about this one? hashicorp/terraform#25849

    Error "x509: certificate signed by unknown authority" when executing the command "terraform apply" with docker.
    I have a terraform project running with docker, with a "docker-compose.yml" with the following content:

    version: "3.1"
        image: hashicorp/terraform:0.13.0
        working_dir: /workspace
          - .:/workspace
          - dev/vars.env

    A "" file with the following content:

    terraform {
      required_providers {
        k8s = {
          source  = "banzaicloud/k8s"
          version = "0.8.2"
      required_version = ">= 0.13"
    provider "k8s" {
      config_path = var.kubeconfig_path
    resource "k8s_manifest" "ingressroute" {
      provider = k8s
      content   = data.template_file.ingressroute.rendered
      namespace = var.namespace

    When executing the command "terraform apply" it throws the error:

    Error: Post "": x509: certificate signed by unknown authority

    That same configuration works on the host

    What I have tried:

    1. Add the "ca-certificates" package to the official image and run the "update-ca-certificates" command.
    2. Create your own image with Ubuntu.
    3. Copy my "ca-certificates.crt" to "/ etc / ssl / certs /"
      4 Verify the certificate in my configuration with OpenSSL
    Is this an appropriate place to ask about cdktf? I am trying to import a third party module but can't find any reference to how to do it anywhere
    Looks like it's not possible yet, you can only use the terraform registry hashicorp/terraform-cdk#16
    Hi @ruby232_gitlab you might have to install custom certificates within the container.
    Stepan Chatalyan
    hi all, I'm creating a elastic beanstalk app and env, I would like to enable the mertrics collection for the autoscaling group that were created by the EB env, I tried to declare it and import it, but it's deleting me the tags and I need to explicity define the min/max for the ASG... someone had previous problem like this?
    Simon Baier

    Hey, i have a general question regarding aws_s3_bucket_object objects created via for_each. So i have this object:

    resource "aws_s3_bucket_object" "objects" {
      bucket = var.object_store_name
      key = "base-path/${each.value}"
      source = each.key
      etag = filemd5(each.key)
      for_each = local.local.files_aws

    Now i'd like to trigger a null resource based on the etag of these objects, by getting the etag field as a list and joining it into a string. When using the same for_each syntax with a openstack swift resource declaration, i can run values(swift_type.objects).etag, but for S3, this will yield a aws_s3_bucket_object.objects is object with 62 attributes error, presumably because in the tfstate the object is just of type aws_s3_bucket_object while for the openstack provider this will yield a map object. Is this a bug?

    How can i get the field of my s3 objects?

    Halil Burak Cetinkaya
    Hi All,
    Is it possible to pass sql files instead of string queries in BigQuery tables and BigQuery jobs?
    Greg Swallow
    Hey all! Is it possible to create dynamically named outputs with a for or a for_each expression in terraform?
    Chris Johnson
    Just output a map
    Greg Swallow
    I need to output strings.
    That's ok, though. I've moved on.
    Chris Johnson
    Right, a map of strings
    Will Yardley
    anyone have a rough idea of how long it'll be for 0.13.1 to drop?
    @tbugfinder The certificates are given to me by Traefik automatically from Let's Encrypt, what should I install?
    @ruby232_gitlab Let's encrypt CA certificates then.

    Thanks for answering, run the following commands.

    cd /usr/share/ca-certificates
    wget ""

    And still the same problem, I suspect terraform has problems with certificates from

    Could you verify if the CA was added to one of those files?