Home Explore Help
Register Sign In
AFS
/
infrastructure-notes
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: b9c6d3b6da
Branches Tags
infrastructure-...
/
MDR Terraform Notes.txt

MDR Terraform Notes.txt 2.7 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374 
  1. ------------------
    2. 

  2. workspaces are being used to break up environments. 
    3. 

  3. 

  4. terraform workspace list
    5. 

  5. terraform workspace select test
    6. 

  6. 

  7. 

  8. Strange errors? Unexpected results? try this
    9. 

  9. rm .terraform
    10. 

  10. terraform init
    11. 

  11. 

  12. State issues
    13. 

  13. terraform state show aws_ami.msoc_base
    14. 

  14. terraform refresh -target=data.aws_ami.msoc_base
    15. 

  15. 

  16. Terraform also has a DynamoDB State lock (msoc-terraform-lock). This will prevent terraform state breakage. 
    17. 

  17. 

  18. ------------------
    19. 

  19. View TF code
    20. 

  20. https://github.com/terraform-aws-modules
    21. 

  21. 

  22. 

  23. -------------------
    24. 

  24. Modules
    25. 

  25. 

  26. We are using the aws ec2-instance module
    27. 

  27. 

  28. https://registry.terraform.io/modules/terraform-aws-modules/ec2-instance/aws/2.13.0
    29. 

  29. https://github.com/terraform-aws-modules/terraform-aws-ec2-instance
    30. 

  30. 

  31. 

  32. var.something means this is a module that needs the variable to run. Your code will fill the variable. 
    33. 

  33. data is a read-only terrafom object that queries provider or generates something on the localhost
    34. 

  34. locals are variables that can refer to variables or other locals
    35. 

  35. variables - expecting data from somewhere else.
    36. 

  36. provider instance of the API
    37. 

  37. 

  38. 

  39. 

  40. 

  41. --------------------
    42. 

  42. IAM Role 
    43. 

  43. 

  44. get this error?
    45. 

  45. aws_iam_policy.nga_instance_policy: Error creating IAM policy nga_instance_tag_read: AccessDenied:
    46. 

  46. 

  47. add this
    48. 

  48.   provider = "aws.iam_admin"
    49. 

  49.   
    50. 

  50. -------------------
    51. 

  51. 

  52. in terraform .tf files when the self = true. that is for putting the security group into itself. e.g. add the security group to the security groups rules. 
    53. 

  53. 

  54. the terraform is setup in folders. each folder is a project and apply should be run in the folder. Common is the execption as some of the projects are dependent on that folder. 
    55. 

  55. 

  56. role and policy have to be done in the IAM terraform
    57. 

  57. 

  58. 

  59. iam_data.tf
    60. 

  60. 

  61. 02-msoc_vpc/lambda.tf with security groups
    62. 

  62. 

  63. terraform plan -target=
    64. 

  64. terraform plan -target=module.sensu_go_server.aws_instance.this -target=module.sensu_go_server.aws_route53_record.private
    65. 

  65. 

  66. terraform apply -target=module.sensu_server.aws_route53_record.private -target=module.sensu_server.aws_instance.this
    67. 

  67. 

  68. terraform apply -target=aws_security_group_rule.outbound_to_sensu -target=module.sensu_servers_sg.aws_security_group_rule.ingress_with_cidr_blocks[0] -target=module.sensu_servers_sg.aws_security_group_rule.ingress_with_cidr_blocks[1]
    69. 

  69. 

  70. terraform apply -target=module.vpc_default_security_groups.aws_security_group_rule.typical_host_outbound_to_sensu_8081 -target=aws_security_group_rule.vault_server_to_sensu -target=module.vpc_default_security_groups.aws_security_group_rule.typical_host_outbound_to_sensu_5672
    71. 

  71. 

  72. 

  73. terraform apply -target=module.afs_cluster.module.vpc_default_security_groups.aws_security_group_rule.typical_host_outbound_to_sensu_5672 -target=module.afs_cluster.module.vpc_default_security_groups.aws_security_group_rule.typical_host_outbound_to_sensu_8081
    74. 

  74.