In the first part, we covered the basics of AWS OpenSearch Service in general and the types of instances for Data Nodes – AWS: Getting Started with OpenSearch Service as a Vector Store. In the second part, we covered access, AWS: Creating an OpenSearch Service Cluster and Configuring Authentication and Authorization. Now let’s write Terraform… Read More »
Ephemeral resources and write-only arguments appeared in Terraform a long time ago, back in version 1.10, but there was no opportunity to write about them in detail. The main idea behind them is not to leave “traces” in the state file, which is especially useful for passwords or tokens, because the data only exists during… Read More »
AWS EKS Terraform module version v21.0.0 added support for the AWS Provider Version 6. Documentation – here>>>. The main changes in the AWS EKS module are the replacement of IRSA with EKS Pod Identity for the Karpenter sub-module: Native support for IAM roles for service accounts (IRSA) has been removed; EKS Pod Identity is now… Read More »
A fairly common error when upgrading module versions, when there are restrictions on module or provider versions, and they do not match each other. The Issue In this case, I merged Pull Requests from Renovate and didn’t notice that terraform-aws-modules/terraform-aws-lambda needed hashicorp/aws provider version 6: And first I upgraded Lambda to version 8. After that… Read More »
Terraform has two ways to bring existing resources under Terraform management – using the Terraform CLI and the terraform import command, or using the import resource. Why might we need to import resources? if we already have a manually configured (the “clickops”) service that we want to bring under Terraform management (for example, the common… Read More »
We have an automation for AWS IAM that creates EKS Access Entries to give AWS IAM Users access to an EKS cluster. I don’t remember if I wrote it myself or if some LLM generated it (although judging by the code, I did 🙂 ), but later I discovered an unpleasant feature of how this… Read More »
So, we have an AWS Elastic Kubernetes Service cluster with Authentication mode EKS API and ConfigMap, which we enabled during upgrade of the EKS Terraform module from version 19.21 to 20.0. Before switching EKS Authentication mode completely to the API, we need to transfer all users and roles to Access Entries of the EKS cluster… Read More »
It seems like a common task to update a version of a Terraform module, but terraform-aws-modules/eks version 20.0 had some pretty big changes with breaking changes. The changes relate to authentication and authorization in AWS IAM and AWS EKS, which I analyzed in the post AWS: Kubernetes and Access Management API, the new authentication in… Read More »
We’re preparing to migrate our Backend API database from DynamoDB to AWS RDS with PostgreSQL, and finally decided to try out AWS RDS IAM database authentication, which appeared in 2021. IAM database authentication, as the name implies, allows us to authenticate to RDS using AWS IAM instead of the login-password from the database server itself.… Read More »
Over time, as the project grows, sooner or later the question of upgrading versions of packages, modules, and charts will arise. You can do it manually, of course, but only up to a certain point, because eventually you simply won’t be able to physically monitor and update everything. There are many solutions for automating such… Read More »