Tag Archives: Terraform

Terraform: AWS EKS Terraform module update from version 20.x to version 21.

6 August 2025
 

 AWS EKS Terraform module version v21.0.0 added support for the AWS Provider Version 6. Documentation – here>>>. The main changes in the AWS EKS module are the replacement of IRSA with EKS Pod Identity for the Karpenter sub-module: Native support for IAM roles for service accounts (IRSA) has been removed; EKS Pod Identity is now… Read More »

Terraform: “no available releases match the given constraints

6 August 2025
 

 A fairly common error when upgrading module versions, when there are restrictions on module or provider versions, and they do not match each other. The Issue In this case, I merged Pull Requests from Renovate and didn’t notice that terraform-aws-modules/terraform-aws-lambda needed hashicorp/aws provider version 6: And first I upgraded Lambda to version 8. After that… Read More »

Terraform: using import, and some hidden pitfalls

15 June 2025
 

 Terraform has two ways to bring existing resources under Terraform management – using the Terraform CLI and the terraform import command, or using the import resource. Why might we need to import resources? if we already have a manually configured (the “clickops”) service that we want to bring under Terraform management (for example, the common… Read More »

Terraform: managing EKS Access Entries and EKS Pod Identities

24 August 2024
 

 So, we have an AWS Elastic Kubernetes Service cluster with Authentication mode EKS API and ConfigMap, which we enabled during upgrade of the EKS Terraform module from version 19.21 to 20.0. Before switching EKS Authentication mode completely to the API, we need to transfer all users and roles to Access Entries of the EKS cluster… Read More »

Terraform: EKS and Karpenter version upgrade 19.21 to 20.0

13 July 2024
 

 It seems like a common task to update a version of a Terraform module, but terraform-aws-modules/eks version 20.0 had some pretty big changes with breaking changes. The changes relate to authentication and authorization in AWS IAM and AWS EKS, which I analyzed in the post AWS: Kubernetes and Access Management API, the new authentication in… Read More »

AWS: RDS IAM database authentication, EKS Pod Identities, and Terraform

7 July 2024
 

  We’re preparing to migrate our Backend API database from DynamoDB to AWS RDS with PostgreSQL, and finally decided to try out AWS RDS IAM database authentication, which appeared in 2021. IAM database authentication, as the name implies, allows us to authenticate to RDS using AWS IAM instead of the login-password from the database server… Read More »

Dependabot: GitHub, and Terraform versions management

30 May 2024
 

  Over time, as the project grows, sooner or later the question of upgrading versions of packages, modules, and charts will arise. You can do it manually, of course, but only up to a certain point, because eventually you simply won’t be able to physically monitor and update everything. There are many solutions for automating… Read More »

GitHub Actions: Terraform deployments with a review of planned changes

7 March 2024
 

  In the GitHub Actions: deploying Dev/Prod environments with Terraform blog I’ve already described how we can implement CI/CD for Terraform with GitHub Actions, but there is one significant drawback to that solution: there is no way to review changes before applying them with terraform apply. GitHub Actions has the ability to use Reviewing deployments… Read More »

Terraform: creating a module for collecting AWS ALB logs in Grafana Loki

24 February 2024
 

 An example of creating a Terraform module to automate log collection from AWS Load Balancers in Grafana Loki. See how the scheme works in the Grafana Loki: collecting AWS LoadBalancer logs from S3 with Promtail Lambda blog. In short, ALB writes logs to an S3 bucket, from where they are picked up by a Lambda… Read More »