Terraform has two ways to bring existing resources under Terraform management – using the Terraform CLI and the terraform import command, or using the import resource. Why might we need to import resources? if we already have a manually configured (the “clickops”) service that we want to bring under Terraform management (for example, the common… Read More »
We have an automation for AWS IAM that creates EKS Access Entries to give AWS IAM Users access to an EKS cluster. I don’t remember if I wrote it myself or if some LLM generated it (although judging by the code, I did 🙂 ), but later I discovered an unpleasant feature of how this… Read More »
So, we have an AWS Elastic Kubernetes Service cluster with Authentication mode EKS API and ConfigMap, which we enabled during upgrade of the EKS Terraform module from version 19.21 to 20.0. Before switching EKS Authentication mode completely to the API, we need to transfer all users and roles to Access Entries of the EKS cluster… Read More »
It seems like a common task to update a version of a Terraform module, but terraform-aws-modules/eks version 20.0 had some pretty big changes with breaking changes. The changes relate to authentication and authorization in AWS IAM and AWS EKS, which I analyzed in the post AWS: Kubernetes and Access Management API, the new authentication in… Read More »
We’re preparing to migrate our Backend API database from DynamoDB to AWS RDS with PostgreSQL, and finally decided to try out AWS RDS IAM database authentication, which appeared in 2021. IAM database authentication, as the name implies, allows us to authenticate to RDS using AWS IAM instead of the login-password from the database server… Read More »
Over time, as the project grows, sooner or later the question of upgrading versions of packages, modules, and charts will arise. You can do it manually, of course, but only up to a certain point, because eventually you simply won’t be able to physically monitor and update everything. There are many solutions for automating… Read More »
In the GitHub Actions: deploying Dev/Prod environments with Terraform blog I’ve already described how we can implement CI/CD for Terraform with GitHub Actions, but there is one significant drawback to that solution: there is no way to review changes before applying them with terraform apply. GitHub Actions has the ability to use Reviewing deployments… Read More »
An example of creating a Terraform module to automate log collection from AWS Load Balancers in Grafana Loki. See how the scheme works in the Grafana Loki: collecting AWS LoadBalancer logs from S3 with Promtail Lambda blog. In short, ALB writes logs to an S3 bucket, from where they are picked up by a Lambda… Read More »
So, we have a deployed Kubernetes cluster – see the Terraform: Creating EKS, Part 1 – VPCs, Subnets, and Endpoints series. And we have a GitHub Actions workflow to deploy it – see GitHub Actions: Deploying Dev/Prod environments with Terraform. It’s time to start deploying our backend to Kubernetes. Here we will use GitHub Actions… Read More »
With the data “terraform_remote_state” we can get the outputs of one project to use in another. For example, our AWS VPC is created separately from AWS EKS (although in the series Terraform: Building EKS, part 1 – VPC, Subnets and Endpoints VPCs were created as part of a cluster, but then I separated them). So,… Read More »