Terraform provider to help with various AWS automation tasks (mostly all that stuff we cannot accomplish with the official AWS terraform provider)

terraform-provider-awsutils Latest Release Slack Community Discourse Forum

README Header

Cloud Posse

Terraform provider for performing various tasks that cannot be performed with the official AWS Terraform Provider from Hashicorp.

This provider is derived in large parts from the official HashiCorp AWS provider. We copied all the boilerplate functionality so that it follows the terraform-provider-aws conventions, but then removed all the standard resources and added in our own. This module is intended to be used as an escape hatch to accomplish all the hard things that will never be supported by the official provider due to strong (and valid) opinions of how providers should manage the lifecycle of a resource. Unfortunately, in the real-world we have to make tradeoffs to get stuff done. That's this provider in a nutshell.


This project is part of our comprehensive "SweetOps" approach towards DevOps.

Usage

Here is how to use this provider in your own Terraform code:

terraform {
  required_providers {
    awsutils = {
      source = "cloudposse/awsutils"
      version = ">= 0.1.0"
    }
  }
}

See the Docs for additional information.

Examples

Here is an example of using this provider:

terraform {
  required_providers {
    awsutils = {
      source = "cloudposse/awsutils"
    }
  }
}

Here are some additional examples:

Developing the Provider

If you wish to work on the provider, you'll first need Go installed on your machine (see Requirements above).

To compile the provider, run go install. This will build the provider and put the provider binary in the $GOPATH/bin directory.

To generate or update documentation, run go generate.

In order to run the full suite of Acceptance tests, run make testacc.

Note: Acceptance tests create real resources, and often cost money to run.

$ make testacc

Testing Locally

You can test the provider locally by using the provider_installation functionality.

For testing this provider, you can edit your ~/.terraformrc file with the following:

provider_installation {
  dev_overrides  {
    "cloudposse/awsutils" = "/path/to/your/code/github.com/cloudposse/terraform-provider-awsutils/"
  }

  # For all other providers, install them directly from their origin provider
  # registries as normal. If you omit this, Terraform will _only_ use
  # the dev_overrides block, and so no other providers will be available.
  direct {}
}

With that in place, you can build the provider (see above) and add a provider block:

required_providers {
    awsutils = {
      source = "cloudposse/awsutils"
    }
  }

Then run terraform init, terraform plan and terraform apply as normal.

$ terraform init
Initializing the backend...

Initializing provider plugins...
- Finding latest version of cloudposse/awsutils...

Warning: Provider development overrides are in effect

The following provider development overrides are set in the CLI configuration:
 - cloudposse/awsutils in /path/to/your/code/github.com/cloudposse/terraform-provider-awsutils

The behavior may therefore not match any released version of the provider and
applying changes may cause the state to become incompatible with published
releases.
terraform apply

Warning: Provider development overrides are in effect

The following provider development overrides are set in the CLI configuration:
 - cloudposse/awsutils in /Users/matt/code/src/github.com/cloudposse/terraform-provider-awsutils

The behavior may therefore not match any released version of the provider and
applying changes may cause the state to become incompatible with published
releases.


An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:

Terraform will perform the following actions:

Plan: 1 to add, 0 to change, 0 to destroy.

Share the Love

Like this project? Please give it a ★ on our GitHub! (it helps us a lot)

Are you using this project or any of our other projects? Consider leaving a testimonial. =)

Related Projects

Check out these related projects.

  • Cloud Posse Terraform Utils Provider - Terraform provider for various utilities (deep merging, stack configuration management), and to add additional missing functionality to Terraform

References

For additional context, refer to some of these links.

  • Terraform Plugins - Terraform is logically split into two main parts: Terraform Core and Terraform Plugins. Each plugin exposes an implementation for a specific service, such as the AWS provider or the cloud-init provider.

Help

Got a question? We got answers.

File a GitHub issue, send us an email or join our Slack Community.

README Commercial Support

DevOps Accelerator for Startups

We are a DevOps Accelerator. We'll help you build your cloud infrastructure from the ground up so you can own it. Then we'll show you how to operate it and stick around for as long as you need us.

Learn More

Work directly with our team of DevOps experts via email, slack, and video conferencing.

We deliver 10x the value for a fraction of the cost of a full-time engineer. Our track record is not even funny. If you want things done right and you need it done FAST, then we're your best bet.

  • Reference Architecture. You'll get everything you need from the ground up built using 100% infrastructure as code.
  • Release Engineering. You'll have end-to-end CI/CD with unlimited staging environments.
  • Site Reliability Engineering. You'll have total visibility into your apps and microservices.
  • Security Baseline. You'll have built-in governance with accountability and audit logs for all changes.
  • GitOps. You'll be able to operate your infrastructure via Pull Requests.
  • Training. You'll receive hands-on training so your team can operate what we build.
  • Questions. You'll have a direct line of communication between our teams via a Shared Slack channel.
  • Troubleshooting. You'll get help to triage when things aren't working.
  • Code Reviews. You'll receive constructive feedback on Pull Requests.
  • Bug Fixes. We'll rapidly work with you to fix any bugs in our projects.

Slack Community

Join our Open Source Community on Slack. It's FREE for everyone! Our "SweetOps" community is where you get to talk with others who share a similar vision for how to rollout and manage infrastructure. This is the best place to talk shop, ask questions, solicit feedback, and work together as a community to build totally sweet infrastructure.

Discourse Forums

Participate in our Discourse Forums. Here you'll find answers to commonly asked questions. Most questions will be related to the enormous number of projects we support on our GitHub. Come here to collaborate on answers, find solutions, and get ideas about the products and services we value. It only takes a minute to get started! Just sign in with SSO using your GitHub account.

Newsletter

Sign up for our newsletter that covers everything on our technology radar. Receive updates on what we're up to on GitHub as well as awesome new projects we discover.

Office Hours

Join us every Wednesday via Zoom for our weekly "Lunch & Learn" sessions. It's FREE for everyone!

zoom

Contributing

Bug Reports & Feature Requests

Please use the issue tracker to report any bugs or file feature requests.

Developing

If you are interested in being a contributor and want to get involved in developing this project or help out with our other projects, we would love to hear from you! Shoot us an email.

In general, PRs are welcome. We follow the typical "fork-and-pull" Git workflow.

  1. Fork the repo on GitHub
  2. Clone the project to your own machine
  3. Commit changes to your own branch
  4. Push your work back up to your fork
  5. Submit a Pull Request so that we can review your changes

NOTE: Be sure to merge the latest changes from "upstream" before making a pull request!

Copyrights

Copyright © 2021-2021 Cloud Posse, LLC

Trademarks

All other trademarks referenced herein are the property of their respective owners.

About

This project is maintained and funded by Cloud Posse, LLC. Like it? Please let us know by leaving a testimonial!

Cloud Posse

We're a DevOps Professional Services company based in Los Angeles, CA. We ❤️ Open Source Software.

We offer paid support on all of our projects.

Check out our other projects, follow us on twitter, apply for a job, or hire us to help with your cloud strategy and implementation.

Contributors

Matt Calhoun
Matt Calhoun

README Footer Beacon

Owner
Cloud Posse
DevOps Accelerator for Startups 🙌 Hire Us!
Cloud Posse
Comments
  • awsutils_default_vpc_deletion does nothing

    awsutils_default_vpc_deletion does nothing

    Describe the Bug

    I'm trying to delete the default VPC using awsutils_default_vpc_deletion but nothing happens on apply. After apply it said it removed the default vpc with id vpc-caf666b7 but my default vpc id is vpc-d60a80ab After destroy then apply again it says there is no default VPC.

    Code

    terraform {
      required_providers {
        awsutils = {
          source  = "cloudposse/awsutils"
          version = "~> 0.11.0"
        }
      }
    }
    
    provider "awsutils" {
      region = "us-east-1"
    }
    
    resource "awsutils_default_vpc_deletion" "default" {
    }
    

    Additional Context

    According to AWS SDK documentation from here: https://docs.aws.amazon.com/sdk-for-go/api/service/ec2/#DescribeVpcsInput the filter should be is-default but here https://github.com/cloudposse/terraform-provider-awsutils/blob/0.11.0/internal/service/ec2/find.go#L72 it is isDefault.

  • `awsutils_guardduty_organization_settings` Fails to Deploy to Security Account

    `awsutils_guardduty_organization_settings` Fails to Deploy to Security Account

    Found a bug? Maybe our Slack Community can help.

    Slack Community

    Describe the Bug

    awsutils_guardduty_organization_settings fails when attempting to deploy to the security account after setting var.guardduty_admin_delegated=true

    Expected Behavior

    awsutils should deploy awsutils_guardduty_organization_settings successfully

    Steps to Reproduce

    Steps to reproduce the behavior:

    1. Set up the Cloud Posse compliance and compliance-rootmodules
    2. Apply compliance to security with var.guardduty_admin_delegated=false and securityhub_admin_delegated=false
    3. Apply compliance-root to root
    4. Apply compliance to security with var.guardduty_admin_delegated=true and securityhub_admin_delegated=true
    5. This last apply will fail with the following error:
    Plan: 1 to add, 0 to change, 0 to destroy.
    awsutils_guardduty_organization_settings.this[0]: Creating...
    ╷
    │ Error: error designating guardduty administrator account members: BadRequestException: The request is rejected because the input detectorId is not owned by the current account.
    │ {
    │   RespMetadata: {
    │     StatusCode: 400,
    │     RequestID: "42811a85-80f8-4818-ad87-5bc1a80c462f"
    │   },
    │   Message_: "The request is rejected because the input detectorId is not owned by the current account.",
    │   Type: "InvalidInputException"
    │ }
    │
    │   with awsutils_guardduty_organization_settings.this[0],
    │   on main.tf line 44, in resource "awsutils_guardduty_organization_settings" "this":
    │   44: resource "awsutils_guardduty_organization_settings" "this" {
    │
    ╵
    Releasing state lock. This may take a few moments...
    exit status 1
    

    Logs

    -----------------------------------------------------: timestamp=2021-12-10T17:59:49.124Z
    2021-12-10T17:59:49.533Z [INFO]  provider.terraform-provider-awsutils_v0.11.0: 2021/12/10 17:59:49 [DEBUG] [aws-sdk-go] DEBUG: Response guardduty/CreateMembers Details:
    ---[ RESPONSE ]--------------------------------------
    HTTP/2.0 400 Bad Request
    Access-Control-Allow-Headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-Content-Sha256,X-Amz-User-Agent,*,Date,X-Amz-Target,x-amzn-platform-id,x-amzn-trace-id
    Access-Control-Allow-Origin: *
    Access-Control-Expose-Headers: x-amzn-ErrorType,x-amzn-requestid,x-amzn-errormessage,x-amzn-trace-id,x-amz-apigw-id,Date
    Access-Control-Max-Age: 86400
    Content-Type: application/json
    Date: Fri, 10 Dec 2021 17:59:49 GMT
    X-Amz-Apigw-Id: xxx=
    X-Amzn-Errortype: BadRequestException
    X-Amzn-Requestid: 35150de3-96f7-484d-b599-6da002bd9a67
    X-Amzn-Trace
    

    Environment:

    Initializing provider plugins...
    - terraform.io/builtin/terraform is built in to Terraform
    - Reusing previous version of hashicorp/local from the dependency lock file
    - Reusing previous version of hashicorp/external from the dependency lock file
    - Reusing previous version of cloudposse/utils from the dependency lock file
    - Reusing previous version of hashicorp/aws from the dependency lock file
    - Reusing previous version of cloudposse/awsutils from the dependency lock file
    - Using previously-installed cloudposse/awsutils v0.11.0
    - Using previously-installed hashicorp/local v2.1.0
    - Using previously-installed hashicorp/external v2.1.1
    - Using previously-installed cloudposse/utils v0.17.10
    - Using previously-installed hashicorp/aws v3.70.0
    
    Terraform v1.1.2
    on linux_amd64
    

    Additional Context

    • Potentially related issue with AWS provider: https://github.com/hashicorp/terraform-provider-aws/issues/10925
  • awsutils provider errors out with

    awsutils provider errors out with "InternalValidate" at "terraform apply"

    I have configured a provider.tf file as such `provider "aws" { region = var.region profile = "default" shared_credentials_file = "~/ec2/SLZ-AWS/.aws/credentials" }

    provider "awsutils" { region = var.region profile = "default" shared_credentials_file = "~/ec2/SLZ-AWS/.aws/credentials" }

    terraform { required_providers { aws = { source = "hashicorp/aws" version = "~> 3.26" } awsutils = { source = "cloudposse/awsutils" } } }`

    When running "terraform init" the provider is added to the .lock file with no issue. When running "terraform apply", the following error appears:

    `Internal validation of the provider failed! This is always a bug with the provider itself, and not a user issue. Please report this bug:

    1 error occurred: * data source awsutils_ec2_client_vpn_export_client_config: client_configuration: One of optional, required, or computed must be set`

    This provider worked fine (i've been using it extensively) until recently

  • git.io->cloudposse.tools update

    git.io->cloudposse.tools update

    what and why

    Change all references to git.io/build-harness into cloudposse.tools/build-harness, since git.io redirects will stop working on April 29th, 2022.

    References

    • DEV-143
  • add awsutils_expiring_iam_access_key resource

    add awsutils_expiring_iam_access_key resource

    what

    • Add a new awsutils_expiring_iam_access_key resource that will self taint after max_age seconds

    why

    • Best practices call for IAM access keys to be rotated regularly (usually every 45 days or less)

    references

  • fix(datasource): Datasource output for client_configuration missing id field

    fix(datasource): Datasource output for client_configuration missing id field

    what

    • Added the appropriate id field to the client_configuration

    why

    • Without the id, the result is invalid and is returned as a null

    references

    • N/A
  • Fix for

    Fix for "One of optional, required, or computed must be set"

    what

    • Provider is currently failing because the schema attributes are incorrectly set

    why

    • This is currently affecting other upstream dependent components and causing errors at plan time

    references

    • Fixes #16
  • awsutils_default_vpc_deletion does not support count

    awsutils_default_vpc_deletion does not support count

    Describe the Bug

    Right now, I am using the awsutils_default_vpc_deletion resource to delete my default VPC. Sadly when running terraform plan this resource is also running and as I am using only a ReadOnly User account for the plan command, I am receiving an error message that the user is not authorized to delete the VPC.

    Now the idea came up to set the count value to the resource. Sadly, the count value is completely ignored.

    Expected Behavior

    The count value is used.

    Steps to Reproduce

    Add standard requirements for setting the provider up, use a ReadOnly role in the target account and add count = 0 to the resource like:

    resource "awsutils_default_vpc_deletion" "default" {
      count = 0
    }
    

    now run terraform plan -> Result: Error message that the user is not authorized to delete the VPC

    now run terraform apply -> Result: Same error message like before

    Environment (please complete the following information):

    Anything that will help us triage the bug will help. Here are some ideas:

    • OS: multiple linux
    • TF Version: v1.0.4
  • Configure Renovate

    Configure Renovate

    WhiteSource Renovate

    Welcome to Renovate! This is an onboarding PR to help you understand and configure settings before regular Pull Requests begin.

    🚦 To activate Renovate, merge this Pull Request. To disable Renovate, simply close this Pull Request unmerged.


    Detected Package Files

    • .github/workflows/auto-release.yml (github-actions)
    • .github/workflows/release.yml (github-actions)
    • .github/workflows/tests.yml (github-actions)
    • .github/workflows/validate-codeowners.yml (github-actions)
    • go.mod (gomod)

    Configuration Summary

    Based on the default config's presets, Renovate will:

    • Start dependency updates only once this onboarding PR is merged
    • Separate major versions of dependencies into individual branches/PRs
    • Do not separate patch and minor upgrades into separate PRs for the same dependency
    • Upgrade to unstable versions only if the existing version is unstable
    • Raise PRs immediately (after branch is created)
    • If semantic commits detected, use semantic commit type fix for dependencies and chore for all others
    • Keep existing branches updated even when not scheduled
    • Disable automerging feature - wait for humans to merge all PRs
    • Ignore node_modules, bower_components, vendor and various test/tests directories
    • Autodetect whether to pin dependencies or maintain ranges
    • Rate limit PR creation to a maximum of two per hour
    • Limit to maximum 20 open PRs at any time
    • Group known monorepo packages together
    • Use curated list of recommended non-monorepo package groupings
    • Ignore spring cloud 1.x releases
    • Ignore http4s digest-based 1.x milestones
    • Use node versioning for @types/node
    • Limit concurrent requests to reduce load on Repology servers until we can fix this properly, see issue 10133

    🔡 Would you like to change the way Renovate is upgrading your dependencies? Simply edit the renovate.json in this branch with your custom config and the list of Pull Requests in the "What to Expect" section below will be updated the next time Renovate runs.


    What to Expect

    With your current configuration, Renovate will create 4 Pull Requests:

    Update github.com/keybase/go-crypto commit hash to de78d2c
    • Schedule: ["at any time"]
    • Branch name: renovate/github.com-keybase-go-crypto-digest
    • Merge into: main
    • Upgrade github.com/keybase/go-crypto to de78d2cb44f4360c724f681478689e314d00bf96
    Update actions/checkout action to v2.3.4
    • Schedule: ["at any time"]
    • Branch name: renovate/actions-checkout-2.x
    • Merge into: main
    • Upgrade actions/checkout to v2.3.4
    Update module github.com/aws/aws-sdk-go to v1.38.71
    • Schedule: ["at any time"]
    • Branch name: renovate/github.com-aws-aws-sdk-go-1.x
    • Merge into: main
    • Upgrade github.com/aws/aws-sdk-go to v1.38.71
    Update mszostok/codeowners-validator action to v0.6.0
    • Schedule: ["at any time"]
    • Branch name: renovate/mszostok-codeowners-validator-0.x
    • Merge into: main
    • Upgrade mszostok/codeowners-validator to v0.6.0

    🚸 Branch creation will be limited to maximum 2 per hour, so it doesn't swamp any CI resources or spam the project. See docs for prhourlylimit for details.


    ❓ Got questions? Check out Renovate's Docs, particularly the Getting Started section. If you need any further assistance then you can also request help here.


    This PR has been generated by WhiteSource Renovate. View repository job log here.

  • Bump mszostok/codeowners-validator from 0.5.0 to 0.6.0

    Bump mszostok/codeowners-validator from 0.5.0 to 0.6.0

    ⚠️ Dependabot is rebasing this PR ⚠️

    Rebasing might not happen immediately, so don't worry if this takes some time.

    Note: if you make any changes to this PR yourself, they will take precedence over the rebase.


    Bumps mszostok/codeowners-validator from 0.5.0 to 0.6.0.

    Release notes

    Sourced from mszostok/codeowners-validator's releases.

    v0.6.0

    🚨GitHub Codeowners Validator 0.6.0 is now available!

    Highlights

    • ✨ Add validation for checking if team has a proper permission Due to the new permission validation step in Owners Checker, this check takes a little more time.

    • 🐛 Fix bug in Owners Checker. Now Owners Checker supports child teams with inherited repo perms.

    • ⚠️ Error message was changed in Owners Checker.

      # From
      [err] line 15: Team "avengers" does not have permissions associated with the repository "codeowners-samples".
      

      To

      [err] line 15: Team "avengers" does not exist in organization "gh-codeowners" or has no permissions associated with the repository.

    Installation

    To install the codeowners-validator, run:

    # Install codeowners-validator in /usr/local/bin in version 0.6.0
    curl -sfL https://raw.githubusercontent.com/mszostok/codeowners-validator/master/install.sh| sh -s -- -b /usr/local/bin v0.6.0
    

    See the Installation section for more installation options.

    Docker images

    • docker pull mszostok/codeowners-validator:latest
    • docker pull mszostok/codeowners-validator:v0.6.0
    • docker pull mszostok/codeowners-validator:v0.6

    Changelog 🚀

    8fafb0b Adjust docs and GitHub action for v0.6.0 release 2f6e3bb Fix badly worded error (#64) 5ed7b98 Adjust integration test after changing error message 204640e address comments from PR #62 9224144 Add permissions check to valid_owner cde24ed Add a twitter badge e5e11b0 rename test to comply with golang.org/x/mod/module.CheckFilePath (#60)

    Contributors

    Thanks again to everyone who contributed to this release! ✨

    ... (truncated)

    Commits
    • 2f6e3bb Fix badly worded error (#64)
    • 8fafb0b Adjust docs and GitHub action for v0.6.0 release
    • 5ed7b98 Adjust integration test after changing error message
    • 204640e address comments from PR #62
    • 9224144 Add permissions check to valid_owner
    • cde24ed Add a twitter badge
    • e5e11b0 rename test to comply with golang.org/x/mod/module.CheckFilePath (#60)
    • 085f270 Adjust docs and GitHub action for v0.5.1 release
    • d6bdfac Add CONTRIBUTING.md and development.md (#56)
    • 4f46df1 Add configurability for the list of ignored owners (#55)
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • bug: fix pagination bug

    bug: fix pagination bug

    what

    • Fix a bug with pagination when calling the Security Hub DescribeStandardsControls API method.

    why

    • Previously we were not using pagination and this created a scenario where the control we were searching for might not be found depending on the number of controls enabled on the account.

    references

  • Support detaching the `AdministratorAccess` policy from `OrganizationAccountAccessRole`

    Support detaching the `AdministratorAccess` policy from `OrganizationAccountAccessRole`

    Use Case

    Upon creating a new account, the OrganizationAccountAccessRole automatically has AdministratorAccess, I want to delete it in Terraform without needing to e.g. import and then delete, as that wouldn't make sense.

    Describe Ideal Solution

    Detaches the default AdministratorAccess policy that grants * on *. But before it does that, verifies that the ARN given by the user is attached already, so that users do not accidentally lock themselves out of an AWS subaccount after creation.

    E.g. It can check that OrganizationAccountAccessRole has IAMFullAccess, and then detach the existing AdministratorAccess policy.

    Alternatives Considered

    Do it outside of Terraform.

  • Support `awsutils_route53domains_register_domain` resource

    Support `awsutils_route53domains_register_domain` resource

    Have a question? Please checkout our Slack Community or visit our Slack Archive.

    Slack Community

    Describe the Feature

    Register domain name using a terraform resource

    resource "awsutils_route53domains_register_domain" "db_migration" {
      domain_name       = "<value>"
      duration_in_years = ""
      idn-lang-code     = ""
      auto-renew        = true
      admin-contact     = ""
      tech-contact      = ""
    
      registrant-contact = ""
    
      privacy_protect_admin_contact      = ""
      privacy_protect_registrant_contact = ""
      privacy_protect_tech_contact       = ""
    }
    

    https://docs.aws.amazon.com/cli/latest/reference/route53domains/register-domain.html

  • Improve aws_iam_user_login_profile

    Improve aws_iam_user_login_profile

    what

    • Added the ability to configure a user with an explicit password
    • Adding a project build using docker for users who do not have the go environment installed

    why

    • For testing, it is sometimes necessary to quickly create a user with a password. You can also prepare the user on the production instance in this way, only then you need to remember to force the password update.

    references

    • https://github.com/cloudposse/terraform-aws-iam-user/pull/17
    • Official issue in aws provider repo - https://github.com/hashicorp/terraform-provider-aws/issues/18749
    • The code is based on this https://github.com/hashicorp/terraform-provider-aws/pull/18929
  • Support `awsutils_ecs_runtask` resource for run once tasks

    Support `awsutils_ecs_runtask` resource for run once tasks

    Have a question? Please checkout our Slack Community or visit our Slack Archive.

    Slack Community

    Describe the Feature

    resource "awsutils_ecs_runtask" "db_migration" {
      # must have arguments
      cluster         = "<value>"
      task_definition = ""
      launch_type     = "FARGATE"
      initial_count   = 1
    
      # keepers or triggers
      triggers = {
        for file in fileset("${path.module}../db/*") :
        file => file
      }
    
      # optional
      capacity_provider_strategy = "<value>"
      execute_command            = true
      group                      = "<value>"
      network_configuration      = "<value>"
      overrides                  = "<value>"
      placement_constraints      = "<value>"
      placement_strategy         = "<value>"
      platform_version           = "<value>"
      propagate_tags             = "<value>"
      reference_id               = "<value>"
      started_by                 = "<value>"
    
      tags = { tag_key = "tag_value" }
    }
    

    Additional Context

  • awsutils_default_vpc_deletion: DHCP options sets should also be deleted

    awsutils_default_vpc_deletion: DHCP options sets should also be deleted

    Describe the Feature

    The awsutils_default_vpc_deletion deletes most resources associated with each default VPC, but it misses a resource that is also created by default in a new AWS account: DHCP option sets.

    These option sets are usually missed because they have a reverse dependency on a VPC, i.e. can only be deleted after it is deassociated from the VPC, or after the VPC is gone. But they should be deleted nonetheless, if a clean account without default network resources is desired.

    Expected Behavior

    The default DHCP option set in each region should be deleted along with each VPC.

    Use Case

    I'm trying to create clean AWS accounts without any leftover resources that AWS creates by default.

    Describe Ideal Solution

    1. Call https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVpcs.html to determine the ID of the default DHCP option set of the VPC (filter by vpc-id, return the value of result.Vpcs[0].DhcpOptionsId)
    2. Call https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateDhcpOptions.html with DhcpOptionsId="default" on the VPC
    3. Delete the VPC
    4. Call https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeleteDhcpOptions.html on the option set

    Repeat for all regions.

    Alternatives Considered

    N/A

    Additional Context

    N/A

This is a CLI to help changing and doing stuff in Terraform Cloud.

Terraform Cloud Tool This is a CLI to help changing and doing stuff in Terraform Cloud. Terraform CLI Functions $ terraform-cloud-tool Terraform Cloud

Jul 27, 2022
Terraform-equinix-migration-tool - Tool to migrate code from Equinix Metal terraform provider to Equinix terraform provider

Equinix Terraform Provider Migration Tool This tool targets a terraform working

Feb 15, 2022
Jan 4, 2022
Terraform-house - Golang Based terraform automation example using tf.json

Terraform House Manage your own terraform workflow using go language, with the b

Feb 17, 2022
Terraform Provider for Azure (Resource Manager)Terraform Provider for Azure (Resource Manager)
Terraform Provider for Azure (Resource Manager)Terraform Provider for Azure (Resource Manager)

Terraform Provider for Azure (Resource Manager) Version 2.x of the AzureRM Provider requires Terraform 0.12.x and later, but 1.0 is recommended. Terra

Oct 16, 2021
Terraform-provider-mailcow - Terraform provider for Mailcow

Terraform Provider Scaffolding (Terraform Plugin SDK) This template repository i

Dec 31, 2021
Terraform-provider-buddy - Terraform Buddy provider For golang

Terraform Provider for Buddy Documentation Requirements Terraform >= 1.0.11 Go >

Jan 5, 2022
Terraform-provider-vercel - Terraform Vercel Provider With Golang

Vercel Terraform Provider Website: https://www.terraform.io Documentation: https

Dec 14, 2022
Terraform-provider-age - Age Terraform Provider with golang

Age Terraform Provider This provider lets you generate an Age key pair. Using th

Feb 15, 2022
Pulumi provider for Vultr (based on the Terraform one), not official

Vultr Resource Provider The Vultr Resource Provider lets you manage Vultr resources. Installing This package is currently not available for most langu

Apr 23, 2022
Dredger is a utility to help convert helm charts to Terraform modules using kubernetes provider.

dredger Dredger is a utility to help convert helm charts to Terraform modules using kubernetes provider. Dredger is made of dark magic and cannot full

Aug 25, 2022
Terraform-in-Terraform: Execute Modules directly from the Terraform Registry

Terraform-In-Terraform Provider This provider allows running Terraform in Terraform. This might seem insane but there are some edge cases where it com

Dec 25, 2022
Terraform utility provider for constructing bash scripts that use data from a Terraform module

Terraform Bash Provider This is a Terraform utility provider which aims to robustly generate Bash scripts which refer to data that originated in Terra

Sep 6, 2022
Quick start repository for creating a Terraform provider using terraform-plugin-framework

Terraform Provider Scaffolding (Terraform Plugin Framework) This template repository is built on the Terraform Plugin Framework. The template reposito

Dec 15, 2022
Terraform Provider Scaffolding (Terraform Plugin SDK)

Terraform Provider Scaffolding (Terraform Plugin SDK) This template repository is built on the Terraform Plugin SDK. The template repository built on

Feb 8, 2022
OpenAPI Terraform Provider that configures itself at runtime with the resources exposed by the service provider (defined in a swagger file)
OpenAPI Terraform Provider that configures itself at runtime with the resources exposed by the service provider (defined in a swagger file)

Terraform Provider OpenAPI This terraform provider aims to minimise as much as possible the efforts needed from service providers to create and mainta

Dec 26, 2022
Hashicups-tf-provider - HashiCups Terraform Provider Tutorial

Terraform Provider HashiCups Run the following command to build the provider go

Jan 10, 2022
A Terraform module to manage cluster authentication (aws-auth) for an Elastic Kubernetes (EKS) cluster on AWS.

Archive Notice The terraform-aws-modules/eks/aws v.18.20.0 release has brought back support aws-auth configmap! For this reason, I highly encourage us

Dec 4, 2022