i've had this issue in terraform with backend configuration. I am getting this error when running Terraform plan.
Error: error configuring Terraform AWS Provider: no valid credential sources for Terraform AWS Provider found.
│
│ Please see https://registry.terraform.io/providers/hashicorp/aws
│ for more information about providing credentials.
│
│ Error: failed to refresh cached credentials, no EC2 IMDS role found, operation error ec2imds: GetMetadata, request send failed, Get "http://169.254.169.254/latest/meta-data/iam/security-credentials/": dial tcp 169.254.169.254:80: i/o timeout
with provider["registry.terraform.io/hashicorp/aws"].west,
│ on providers.tf line 5, in provider "aws":
│ 5: provider "aws" {
│
╵
Here is the code, there are no google pages to help with this error. I will appreciate any help and I'm forever grateful thanks
terraform {
`enter code here`backend "remote" {
organization = "Gnome2"
workspaces {
name = "terraform-begin"
}
}
required_providers {
aws = {
source = "hashicorp/aws"
version = "4.8.0"
}
}
}
provider "aws" {
region = "us-east-1"
}
provider "aws" {
alias = "west"
region = "us-west-1"
}
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
providers = {
aws = aws.west
}
name = "my-vpc"
cidr = "10.0.0.0/16"
azs = ["us-east-1a", "us-east-1b", "us-east-1c"]
private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"]
enable_nat_gateway = true
enable_vpn_gateway = true
tags = {
Terraform = "true"
Environment = "dev"
}
}
Can you use your AWS CLI to connect to your AWS account? like listing your AWS s3 buckets? based on the error I think you didn't configure your AWS by doing aws configure on your CLI. which will require you to have an access key id and secret for the setup.
You must configure AWS' credentials in the Terraform Cloud. In the Terraform Cloud platform, go to Settings -> Variable Sets -> Create Variable Set, put some "name", check "Apply to all workspaces in this organization" and click on buttom "Add Variable". Select "Environment variable" option, and inform the key=AWS_ACCESS_KEY_ID and value="Access key ID". The "Acces key ID" is the ID from AWS credential(IAM). Check the "sensitive" checkbox and click on buttom "Add Variable". So, retry this process to add a new Environment variable with the key/value pair AWS_SECRET_ACCESS_KEY/Secret access key of AWS credential. Finally, click on buttom "Create variable set". Retry the terraform plan command. See more in https://developer.hashicorp.com/terraform/tutorials/aws-get-started/aws-remote#set-workspace-variables
Related
any idea how i can use terraform to create nfs file share?
I need to create the s3 bucket
then
create nfs file share on existing storage gateway which I need to use the bucket name I created in step 1
any idea how to do in terraform?
You will need 3 terraform resources :
aws_s3_bucket
resource "aws_s3_bucket" "my_bucket" {
bucket = "my-nfs-bucket"
acl = "private"
tags = {
Author = "me"
Environment = "dev"
}
}
aws_storagegateway_gateway
resource "aws_storagegateway_gateway" "my-storagegateway" {
gateway_ip_address = "1.2.3.4"
gateway_name = "storage-gateway"
gateway_timezone = "GMT"
gateway_type = "FILE_S3"
}
aws_storagegateway_nfs_file_share
resource "aws_storagegateway_nfs_file_share" "my_bucket" {
client_list = ["0.0.0.0/0"]
gateway_arn = aws_storagegateway_gateway.my-storagegateway.arn
location_arn = aws_s3_bucket.my_bucket.arn
role_arn = aws_iam_role.my-role.arn
}
You will also need in the role_arn key-value the ARN of the AWS Identity and Access Management (IAM) role that a file gateway assumes when it accesses the underlying storage.
aws_iam_role
Managing your file gateway
How can i create a GCP VM instance with Terraform using click to deploy images?
I am trying :
data "google_compute_image" "wp_image" {
project = "click-to-deploy-images"
name = "wordpress"
}
boot_disk {
initialize_params {
image = data.google_compute_image.wp_image.id
}
}
but getting an error like:
Error: error retrieving image information: googleapi: Error 404: The resource 'projects/click-to-deploy-images/global/images/wordpress' was not found, notFound
I looked many location but couldn't find exact solution.
Note: I am using Terraform version = "3.48.0"
I created a terraform script to deploy a Java app engine to GAE flexible as below:
resource "google_app_engine_flexible_app_version" "test-terraform" {
version_id = "v1"
project = "project-id"
service = "service-terraform"
runtime = "java"
liveness_check {
path = "/"
}
readiness_check {
path = "/"
}
env_variables = {
port = "8080"
}
deployment {
zip {
source_url = "https://storage.googleapis.com/[BUCKET_NAME]/[ZIP_OBJECT_NAME]"
}
cloud_build_options {
app_yaml_path = "[PATH_TO_APP-YAML_FILE]"
}
}
# resoucres config
resources {
cpu = 1
memory_gb = 2
disk_gb = 10
}
# scale config
delete_service_on_destroy = true
}
I tried to change the value of PATH_TO_APP-YAML_FILE to
location of app.yaml on Storage
localtion of app.yaml on ZIP source code as "./src/main/appengine/app.yaml"
but not success deploy, error detail on Cloud Build show as below:
Step #1: WARN - A yaml configuration file was expected, but none was found at the provided path: app.yaml. Proceeding with default configuration values.
Step #1: Exception in thread "main" com.google.cloud.runtimes.builder.exception.ArtifactNotFoundException: No deployable artifacts were found. Unable to proceed.
Step #1: at com.google.cloud.runtimes.builder.buildsteps.PrebuiltRuntimeImageBuildStep.getArtifact(PrebuiltRuntimeImageBuildStep.java:77)
Step #1: at com.google.cloud.runtimes.builder.buildsteps.RuntimeImageBuildStep.run(RuntimeImageBuildStep.java:50)
Step #1: at com.google.cloud.runtimes.builder.BuildPipelineConfigurator.generateDockerResources(BuildPipelineConfigurator.java:104)
Step #1: at com.google.cloud.runtimes.builder.Application.main(Application.java:147) Finished Step #1 ERROR Blockquote
Could you please help me to point out exactly the value PATH_TO_APP-YAML_FILE?
Thanks!
According to the Terraform documentation this value stands for:
app_yaml_path - (Required) Path to the yaml file used in deployment, used to determine runtime configuration details.
However it is not clear if it is compatible with the source code being located in a Cloud Storage bucket. As suggested in the Terraform community page I would advice to open an issue in the HashiCorp forum to get more specific insight on this parameter.
I am new with terraform, but I have created an openstack compute instance like this:
provider "openstack" {
auth_url = "https://my-auth/v2.0/"
domain_name = "default"
alias = "alias"
user_name = "username"
tenant_name = "tenantname"
password = "pwd"
region = "region"
}
# Import SSH key pair into openstack project
resource "openstack_compute_keypair_v2" "keypair" {
provider = "myprovider"
name = "keypair"
public_key = "${file("~/.ssh/id_rsa.pub")}"
}
# Create a new virtual machine
resource "openstack_compute_instance_v2" "compute_instance" {
name = "compute_instance" # Instance Name
provider = "myprovider" # Instance distr
image_name = "Centos 7" # Image name
flavor_name = "b2-7" # Machine type name
key_pair = "${openstack_compute_keypair_v2.keypair.name}"
network {
name = "Ext-Net"
}
}
For maintainability and flexibility reasons I would like to add some "components" in the same instance, it could be anything, but here I have tried with a provisionner file and remote execution.
Indeed, when I add this arguments in my compute instance, I noticed that my compute instance will not be updated. For example:
provider "openstack" {
auth_url = "https://my-auth/v2.0/"
domain_name = "default"
alias = "alias"
user_name = "username"
tenant_name = "tenantname"
password = "pwd"
region = "region"
}
resource "openstack_compute_keypair_v2" "keypair" {
provider = "myprovider"
name = "keypair"
public_key = "${file("~/.ssh/id_rsa.pub")}"
}
resource "openstack_compute_instance_v2" "compute_instance" {
name = "compute_instance" # Instance Name
provider = "myprovider" # Instance distr
image_name = "Centos 7" # Image name
flavor_name = "b2-7" # Machine type name
key_pair = "${openstack_compute_keypair_v2.keypair.name}"
network {
name = "Ext-Net"
}
# Add a provisionner file on the ressource
provisioner "file" {
source = "foo_scripts/bar-setup.sh"
destination = "/tmp/bar-setup.sh"
connection {
type = "ssh"
user = "user"
private_key = "${file("~/.ssh/id_rsa")}"
}
}
# execute server setup file
provisioner "remote-exec" {
inline = [
"chmod +x /tmp/bar-setup.sh",
"sudo bash /tmp/bar-setup.sh",
]
connection {
type = "ssh"
user = "centos"
private_key = "${file("~/.ssh/id_rsa")}"
}
}
Indeed, by adding the provionner file on the ressource, when I run the command terraform plan or terraform apply, nothing change on my instance. I have infos messages notify me that:
Apply complete! Resources: 0 added, 0 changed, 0 destroyed.
What it's the right way to apply my changes to my compute instance.
Following Terraform documentation:
Provisioners are used to execute scripts on a local or remote machine as part of resource creation or destruction.
If you want the provisionners to run again, you should destroy (terraform destroy) and create (terraform apply) the resource again.
There's no way that Terraform can check the state of a local or a remote execution, it's not like there's an API call that can tell you what happen on your custom code - bar-setup.sh.
That would be like magic, or actual Magic.
Terraforms' for managing the infrastructure, the config of the instance, and not really for the content on the instance. Immutable content and recreating is the true path here. Making a completely new instance. However if it's your Hammer there are ways.
If you taint the resource that you want to update, then when terraform is run again next time the resource will be re-executed. But heed what I said about Hammers.
Alternatively you could leverage your CM tool of choice to manage the content of your instance - Chef/Ansible or create the images (i.e. immutable) used by Openstack via a tool like packer and update those. I'd do the latter.
I'm unable to get the auto accept peering done through the work around mentioned in the link (Why am I getting a permissions error when attempting to auto_accept vpc peering in Terraform?"] via provisioner option
See below Terraform code of mine. Can some one help me out?
provider "aws" {
region = "us-east-1"
profile = "default"
}
provider "aws" {
region = "us-east-1"
profile = "peer"
alias = "peer"
}
data "aws_caller_identity" "peer" {
provider = "aws.peer"
}
resource "aws_vpc_peering_connection" "service-peer" {
vpc_id = "vpc-123a56789bc"
peer_vpc_id = "vpc-YYYYYY"
peer_owner_id = "012345678901"
peer_region = "us-east-1"
accepter {
allow_remote_vpc_dns_resolution = true
}
requester {
allow_remote_vpc_dns_resolution = true
}
provisioner "local-exec" {
command = "aws ec2 accept-vpc-peering-connection --vpc-peering-connection-id=${aws_vpc_peering_connection.service-peer.id} --region=us-east-1 --profile=peer"
}
}
Output I'm getting:
Error: Error applying plan:
1 error(s) occurred:
* aws_vpc_peering_connection.servicehub-peer: 1 error(s) occurred:
* aws_vpc_peering_connection.servicehub-peer: Unable to modify peering options. The VPC Peering Connection "pcx-08ebd316c82acacd9" is not active. Please set `auto_accept` attribute to `true`, or activate VPC Peering Connection manually.
Terraform does not automatically rollback in the face of errors.
Instead, your Terraform state file has been partially updated with
any resources that successfully completed. Please address the error
above and apply again to incrementally change your infrastructure
Where as I'm able to run the aws cli command successfully via linux shell, outside the terraform template. Let me know if I'm missing out something in the terraform script.
Try with moving out your "local-exec" and add depends on link with your VPC peering.
resource "null_resource" "peering-provision" {
depends_on = ["aws_vpc_peering_connection.service-peer"]
provisioner "local-exec" {
command = "aws ec2 accept-vpc-peering-connection --vpc-peering-connection-id=${aws_vpc_peering_connection.service-peer.id} --region=us-east-1 --profile=peer"
}
}
As said Koe it's may be better to use auto_accept option.