Видео

This might be specific to eb cli.

@@pablosspot i could fix the issue .. Thanks for the reply though!

Yes most definitely

If you are creating clusters based on the value of var.count, I think implementing for_each is not necessary since var.count will always force the traversal to be a counter e.q. it will start from 0, then 1, then 2 ...etc. So this will ensure your infrastructure will be idempotent. But if you are still keen to use for_each, you will have to convert your var.count into a list then convert it to a set: for_each = toset(range(var.count)) That in itself is already an unnecessary calculation in the code.

This one is very true. You may not know outright when you exceed the rule limit although i would imagine this could be trapped when updating the infrastructure. If you deal with multiple subnets, 60 CIDR blocks can easily creep up on you which I suppose can be adjusted by requesting a limit change.

Hi @pikachu3686. What error are you getting? If you run docker scan and it says command not found, you will need to install the docker-scan-plugin package to make it work.

If you have github and atlantis running on your own VM on the same network, you just have to make sure your github server is reachable from your atlantis instance.

@@pablosspot thank you but I am getting another error: atlantis plan throws below error: running "/usr/bin/terraform init -input=false -upgrade" in "/home/ubuntu/.atlantis/repos/Tranzub/devopstf/6/default/oracle-infrastructure": exit status 1 Initializing the backend... ╷ │ Error: Can't ask approval for state migration when interactive input is disabled. │ │ Please remove the "-input=false" option and try again.

@@aayushmohta592 Have you tried removing the "-input=false"?

The message "approval for state migration" suggests that you are changing terraform backend. I suggest you migrate your state first before you start integrating with atlantis.

You're welcome 🐕

You're very welcome :)

Thank you!

I have not tried it but i think it does. If you have a local SMTP service that you need to expose to the internet and you know which port it is running on (e.g. generic smtp ports are 25 and 465), you can start ngrok for that port.

You are correct. This video came about before AWS introduced the separate response and cache policies on their cloudfront resource. I might have to look into creating a video for that.

100%!

@@pablosspot i was manually editing the state in a text editor before i watched this 😂

@@omirrrr oooh! I did that before and made a mistake and it was a nightmare to recover. I ended up bailing out of my state file and re-importing all my resources.

It is the console output when you run the program defined in data.external which in this case is running a script to get the git sha with the echo command: ruclips.net/video/22MVpDArIhg/видео.html&lc=UgxAyyT7ub8HQPuESxR4AaABAg#t=4m13s

The ngrok link will not work if the app is not running.

Hi @raffaelloringue. Thanks for this question. My understanding is that the Dockerfile contains all the explicit instructions used to build the docker image. This allows snyk to perform a more efficient and effective scan because the Dockerfile provides exactly what steps are done, what layers are setup and what base images are used. I suppose snyk can do an introspection of docker images to derive the instructions but it may not be exactly the same as the actual Dockerfile.

You are better off setting up ECS Service which will then get associated with your target group.

Check this one out ruclips.net/video/_0AiP1SC4Mo/видео.html And look at 13:08

Thank you for your feedback. I'm actually in the process of recreating some of these videos. The only challenge I have at the moment is that I also need to make sure this captures some latest stuff. I very very much appreciate the feedback though. Thank you!

Hi @nishantpanchal24. Sorry for the very late response. This can be done via the UI most definitely. But the problem with doing it this way is that this does not assure 100% repeatability. The reason we put all infrastructure changes in a code is so that we can save them in version control so the knowledge can be shared very readily with other people and automation process can be implemented against the code. I suggest look into/explore terraform (or opentofu).

You're very welcome!

You're welcome

After you have run terraform apply, you can get rid of those import statements

I think it is best to keep the providers out of terraform modules. You will need to set this up inside your IaC repo which will then be used inside the tf module

@@pablosspot thank you got it.

Thank you, appreciate those nice words :) . The EC2 instance type is set as part of the auto scaling which is the next video in the playlist here ruclips.net/p/PLiF-Vmkmf3EnQVTPXRRpHtyEgN9L-SSwX&si=OT3BzgZ3iHIBWCsc

Sure. Please let me know what the problem is and I will try to help. :)

Have you tried doing a jsonencode? You can define 1 variable in the template file and try to assign the value from jsonencode.

Not happy. Most if not all of my terraform backend are in terraform cloud. I have finished moving them to S3 but that means I will have to pay minimal amount for storage. I'm slowly moving away from them but not with Terraform. I have stopped using vault. Im also slowly getting myself familiar with opentofu. So far the move is seamless (Im working on a very very short show and tell about the move).

That’s very very old. Any reason why you are not upgrading. I mean there’s things to be done before getting to version one but there’s also so much things that will make tf easier with any of the version 1 releases.

@@pablosspot it's just too large. I think they made a team which is responsible for creating mirror infrastructure for different traffic flows with the latest versions of everything. The traffic would be then redirected into that. Upgrading everything wouldn't work as there are too many dependencies and the code is old

@@flesz_ that’s what I thought. I went through that painful process from 0.12 to 1.1. Extra difficult if you have inherited the code. But if there’s a way you can gradually upgrade, I highly recommend. There’s a number of security related features like masking secret values in state that you can benefit from at least version 1. My words are prescriptive and not imperative :)

good question, if I remember well, it wouldn't work

I think this lifecycle will try to create the resource first then destroy which would fail because it will try to create for a resource that already exists.

Yep - it’s now in the bin

I had issues in the past (not sure if it has been fixed) where terraform sets the execution mode to Remote by default which stops me from running terraform locally. My wrapper script sets it to Local. Now that you mentioned it, I might have to check if there has been any fix around it.

This is the line where i set it to use Local execution mode: github.com/dyordsabuzo/miscellany/blob/main/tools/terraform-workspace-local.sh#L79 Hopefully that script does not overwhelm you. It's not as simple as I wish it is when I wrote it.

Terraform is now in BSL but unfortunately that PR is still open: github.com/hashicorp/terraform/issues/23261

Thank you :)

Hello. I don’t think this is possible. You will need a TLS certificate to attach to the lb to be able to use https.

I have attached the TLS certificate using ACM . my question is to use directly https with alb dns name instead of custom domain name? @@pablosspot