DoyleDev
commented
5 days ago Ended up running the dig locally
dig mdb7sywh50xhpr.chkweekm4xjq.us-east-1.rds.amazonaws.com
and saved the ip as the variable. Removed the data block.
Open DoyleDev opened 5 days ago
DoyleDev
commented
5 days ago Ended up running the dig locally
dig mdb7sywh50xhpr.chkweekm4xjq.us-east-1.rds.amazonaws.com
and saved the ip as the variable. Removed the data block.
jdbraun-db
commented
21 hours ago Hey @DoyleDev - thanks for raising the issue, I'll take a look.
The background on why we need to run this is that the AWS WAF that is spun-up doesn't support FQDN for port 3306. So, we try and grab the IP to pass into the firewall rule.
The standard behavior should be:
Question: When you set the variable originally, what did you set it as? The original URL that you posted has the wrong region in the name: mdb7sywh50xhpr.chkweekm4xjq.us-east-2.rds.amazonaws.com, however, the region is correct in your DIG call: mdb7sywh50xhpr.chkweekm4xjq.us-east-1.rds.amazonaws.com.
I checked the example SRA module, and it does look like it's using us-east-1.
Thanks for the feedback! If there's anything else that you notice, please let us know.
DoyleDev
commented
21 hours ago I was testing both us-east-1 and 2 and getting the same error. Thanks again!
jdbraun-db
commented
21 hours ago Thanks! Last follow up question, are you running Terraform locally or hosted? This call would try and resolve the URL, so want to ensure the network connectivity is there as well.
DoyleDev
commented
21 hours ago It is hosted, we are using Terraform Enterprise.
Issue error: `Error: External Program Execution Failed with module.SRA.module.harden_firewall[0].data.external.metastore_ip on modules/sra/data_plane_hardening/firewall/firewall.tf line 166, in data "external" "metastore_ip": program = ["sh", "${path.module}/metastore_ip.sh"] The data source received an unexpected error while attempting to execute the program.
Program: /usr/bin/sh Error Message: modules/sra/data_plane_hardening/firewall/metastore_ip.sh: 5: dig: not found Resolved IP: Error: Failed to resolve IP for mdb7sywh50xhpr.chkweekm4xjq.us-east-2.rds.amazonaws.com
State: exit status 1`
I have been able to deploy just about everything else and get the workspace up, however I am running into this issue. This seems to be pointing to a hard coded variable in the sra.tf file, is this something I need to change? I am deploying via TFE and i'm wondering if i'm running into issues with dig?
Also: This module is AWESOME. Last year I had to stand up two databricks workspaces in terraform and it took weeks, where this took minutes and is much more secure, great work here!!