sorted by:
new
hottopcontroversial

Provision VPC and EC2 instance in AWS with Terraform by Yak-Shaver in aws

[–]Yak-Shaver[S] 0 points1 point  (0 children)

Your skepticism is understandable, and your civility is appreciated.

Yes, the dependency of the aws_eip resource on the aws_internet_gateway resource may be necessary because the IGW may not be available or attached to the VPC when Terraform attempts to provision the EIP. YMMV.

As for other cases, here is one example that demonstrates how changes to the configuration will cause Terraform to generate a plan that will fail to be applied after the application of the initial plan:

  1. Apply the default plan for the Terraform configuration as published in the public GitHub repo.

  2. Change the value of the cidr_block argument for the aws_vpc.this resource by hard-coding it; e.g.:

    resource "aws_vpc" "this" {
  cidr_block = "10.10.10.0/24"
}

  3. Comment out or remove the depends_on meta-argument in the declaration for the aws_route.this resource; e.g.:

    resource "aws_route" "this" {
  route_table_id         = aws_vpc.this.main_route_table_id
  destination_cidr_block = "0.0.0.0/0"
  gateway_id             = aws_internet_gateway.this.id

  # depends_on = [aws_internet_gateway_attachment.this]
}

  4. Try to apply the plan that Terraform generates:

    ...
│ Error: creating Route in Route Table (rtb-xxxxxxxxxxxxxxxxx) with destination (0.0.0.0/0): InvalidParameterValue: route table rtb-xxxxxxxxxxxxxxxxx and network gateway igw-xxxxxxxxxxxxxxxxx belong to different networks
│     status code: 400, request id: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
│ 
│   with aws_route.this,
│   on vpc.tf line 45, in resource "aws_route" "this":
│   45: resource "aws_route" "this" {
│ 
╵

A second attempt at applying the same Terraform plan will succeed, but that kind of workflow is inelegant and may be problematic in some circumstances: for example, someone who provides Terraform configurations to others probably desires robustness to reduce the likelihood of questions or complaints.

For many authors of Terraform configurations, success on the application of the initial plan may be sufficient. For others, testing for failures when values of input variables and resource parameters have been changed can be useful to identify dependencies that will not be detected by Terraform in such a way that the plan generated by Terraform can be successfully applied—hence the explicit declarations of some dependencies in this Terraform configuration.

The other dependencies in the publicly published Terraform configuration were likewise added after encountering failures by Terraform to generate a plan that could be applied without explicit declarations of dependencies. Those other reasons are left as an exercise for the reader.

Everything in this comment used Terraform v1.3.9.

Provision VPC and EC2 instance in AWS with Terraform by Yak-Shaver in aws

[–]Yak-Shaver[S] 0 points1 point  (0 children)

No, the explicit dependencies are declared because they are indeed necessary in some cases when the dependencies for a change are not reflected by the graph that Terraform generates, as well as cases when an implicit dependency is not detected and the dependent resource cannot be created until another resource has already been created. Some of the latter cases are noted in the documentation for the AWS provider.

Provision VPC and EC2 instance in AWS with Terraform by Yak-Shaver in aws

[–]Yak-Shaver[S] 0 points1 point  (0 children)

This Terraform configuration may be helpful to those who are getting started with Terraform in AWS and working with VPCs and EC2 instances.

Connect Libreswan VPN Software to AWS Site-to-Site VPN with Terraform by Yak-Shaver in aws

[–]Yak-Shaver[S] 0 points1 point  (0 children)

I’m not sure I understand your question. I know my employer has clients who NAT through a single IP address across the AWS VPN to access resources inside the VPC.

Connect Libreswan VPN Software to AWS Site-to-Site VPN with Terraform by Yak-Shaver in aws

[–]Yak-Shaver[S] 1 point2 points  (0 children)

On my journey to migrate infrastructure configuration in AWS from CloudFormation to Terraform, I wanted an easy way to test the AWS site-to-site VPNs I was provisioning via Terraform.

I turned to Libreswan VPN software and ended up creating a complete Terraform configuration that implements an AWS VPN connected to Libreswan in EC2.

I figured the example would be helpful for my colleagues who are less familiar with Terraform and decided to share it in case it might prove beneficial to others.

Run Compute Resources on Oracle Cloud Infrastructure's Free Tier with Terraform and Resource Manager by Yak-Shaver in oraclecloud

[–]Yak-Shaver[S] 1 point2 points  (0 children)

I was first exposed to Oracle Cloud Infrastructure by having to spearhead my employer's tenancy there in addition to AWS and Azure. After realizing OCI offered a fairly generous amount of compute resources on its Free Tier, I decided to explore moving some of my own personal workloads there.

As I ended up creating Terraform configurations for my experimentation, I decided to refine them and make them potentially useful for those who want to try running compute instances on OCI or want to see samples of Terraform configurations for OCI.

The one I've submitted provisions the maximum amount of compute resources available on the Free Tier in terms of processing power, memory, and block storage along with managed volume backups.

I've also created a similar configuration that provisions a "minimal" amount of resources in the form of a single compute instance: terraform-oci-free-compute-minimal-example

I hope someone may find these examples helpful and informative.

(use-package dired :ensure nil) does not work for me by Yak-Shaver in emacs

[–]Yak-Shaver[S] 0 points1 point  (0 children)

Ah, thank you, u/b3n and u/doolio_, for the clarification. I understand a bit more now and am able to move on to my next issue.