AWS EKS Terraform module version v21.0.0 added support for the AWS Provider Version 6. Documentation – here>>>. The main changes in the AWS EKS module are the replacement of IRSA with EKS Pod Identity for the Karpenter sub-module: Native support for IAM roles for service accounts (IRSA) has been removed; EKS Pod Identity is now… Read More »
A fairly common error when upgrading module versions, when there are restrictions on module or provider versions, and they do not match each other. The Issue In this case, I merged Pull Requests from Renovate and didn’t notice that terraform-aws-modules/terraform-aws-lambda needed hashicorp/aws provider version 6: And first I upgraded Lambda to version 8. After that… Read More »
Terraform has two ways to bring existing resources under Terraform management – using the Terraform CLI and the terraform import command, or using the import resource. Why might we need to import resources? if we already have a manually configured (the “clickops”) service that we want to bring under Terraform management (for example, the common… Read More »
We have an automation for AWS IAM that creates EKS Access Entries to give AWS IAM Users access to an EKS cluster. I don’t remember if I wrote it myself or if some LLM generated it (although judging by the code, I did 🙂 ), but later I discovered an unpleasant feature of how this… Read More »
So, we have an AWS Elastic Kubernetes Service cluster with Authentication mode EKS API and ConfigMap, which we enabled during upgrade of the EKS Terraform module from version 19.21 to 20.0. Before switching EKS Authentication mode completely to the API, we need to transfer all users and roles to Access Entries of the EKS cluster… Read More »
It seems like a common task to update a version of a Terraform module, but terraform-aws-modules/eks version 20.0 had some pretty big changes with breaking changes. The changes relate to authentication and authorization in AWS IAM and AWS EKS, which I analyzed in the post AWS: Kubernetes and Access Management API, the new authentication in… Read More »
We’re preparing to migrate our Backend API database from DynamoDB to AWS RDS with PostgreSQL, and finally decided to try out AWS RDS IAM database authentication, which appeared in 2021. IAM database authentication, as the name implies, allows us to authenticate to RDS using AWS IAM instead of the login-password from the database server… Read More »
Over time, as the project grows, sooner or later the question of upgrading versions of packages, modules, and charts will arise. You can do it manually, of course, but only up to a certain point, because eventually you simply won’t be able to physically monitor and update everything. There are many solutions for automating… Read More »
In the GitHub Actions: deploying Dev/Prod environments with Terraform blog I’ve already described how we can implement CI/CD for Terraform with GitHub Actions, but there is one significant drawback to that solution: there is no way to review changes before applying them with terraform apply. GitHub Actions has the ability to use Reviewing deployments… Read More »
An example of creating a Terraform module to automate log collection from AWS Load Balancers in Grafana Loki. See how the scheme works in the Grafana Loki: collecting AWS LoadBalancer logs from S3 with Promtail Lambda blog. In short, ALB writes logs to an S3 bucket, from where they are picked up by a Lambda… Read More »