Question: hey, does terraform support launch templates yet?

Asked By
acsrujan
Asked At
2018-02-22 10:08:32

Found 15 possible answers.

User Answered At Possible Answer
jonatan.jebr 2018-02-22 13:13:28 @crielly I’m using both. So the default one is modified but also a new one is created.
ben231 2018-02-22 14:01:40 "When Terraform first adopts the Default Network ACL, it immediately removes all rules in the ACL" sounds a bit scary
jonatan.jebr 2018-02-22 14:55:02 It does, haha no changes even though it showed it was going to add a new default_network_acl, it was like an import /shrug well I setup a test vpc and everything worked out well
phroggyy 2018-03-02 21:45:28 terraform question: I'm just getting started with tf, to setup an ECS app on a brand new environment, and got it _almost_ down but getting the following error
InvalidParameterException: Unable to assume role and validate the specified targetGroupArn. Please verify that the ECS service role being passed has the proper permissions.
What is the `assume_role_policy` actually for – how do I correctly set it up to work?
Despite my googling, I haven't been able to figure out _what_ exactly this error means. I've tried a bunch of different configs, and it keeps throwing the same error. I think the main issue is not quite understanding what the `assume_role_policy` of an `aws_iam_role` actually _is_ and what I should specify it as. This role is being applied to the ECS service. So I guess my question is:
groenator 2018-03-03 00:44:40 hi - I wrote a new module for launch_configuration and autoscaling - I am using the name_prefix parameter - the value I am getting after creating the resources is “example-asg-20180303000844652900000002” - I would like to know if there’s a way on how to reduce the name, to something shorter than this? Thanks!
nicktechla 2018-03-03 00:45:36 why do you care what the name is if you are doing infra as code? just ref it
groenator 2018-03-03 00:45:45 that’s true what do you mean by ref it? and also this is a shared aws account - i would like to be shorter too - i shouldn’t - maybe is my ocd :slightly_smiling_face:
t0sche 2018-03-04 14:14:27 @phroggyy if this hasn’t been answered yet, we sometimes see this error when we hit our API rate limit. Could that be possible?
phroggyy 2018-03-04 15:13:15 @t0sche TLDR: no. I’m just headed back from the gym but will post relevant parts of my tf setup and maybe you’ll be able to see something really obvious I’m running this in a brand new AWS account, there’s only one IAM user with AdministratorAccess (trying to learn tf first and foremost, and later jumping into understanding what it needs access to) I got pointed to a repo to reference over in #aws . That has now led me down a path of expanding the terraform setup by a couple hundred lines, everything else working great, and me still hitting that one error
t0sche 2018-03-04 16:35:52 @phroggyy Gotcha. We have ours all built out in tf, but I’ve personally only added a couple of modules. Just ping me and when I have a sec I’ll take peak
phroggyy 2018-03-04 16:43:56 @t0sche put it all in a gist as I got a bit unsure of what may and may not be needed to understand it all https://gist.github.com/phroggyy/abfc86aa4ff0c1b6cf1fcba5e6df9fb0 - not attaching the right policy/role to the right resource - a bad policy, or My guess is that it's either: It's a bit sloppily structured atm, but the important parts should be in ecs.tf where I add the instance profile to the aws_launch_configuration , and the roles/policies declared in iam.tf
t0sche 2018-03-04 19:41:34 @phroggyy thanks, I’m out and about today but I’ll take a look when I get home and settled or if I get a break
phroggyy 2018-03-04 19:51:51 Thanks @t0sche , really appreciate it!
nocode 2018-03-05 14:53:06 @phroggyy the assume role is the Trust Relationship you see in an IAM Role for an ECS service, the trust relationship would change the service to "Service": "ecs.amazonaws.com " as you'll see in the Amazon managed IAM role ecsServeRole } ] } "Action": "sts:AssumeRole" }, "Service": "ecs.amazonaws.com " "Principal": { "Effect": "Allow", "Sid": "", { "Statement": [ "Version": "2008-10-17", { so for my instances for ECS, I have the following assume_role policy so for EC2, you want to allow EC2 instances to assume the IAM role and then granted the IAM permissions attached to the role
phroggyy 2018-03-05 16:06:59 @nocode in my gist there I have both ecs and ec2 declared So it should work

Related Questions