After following this guide, I encountered some issues that could be prevented by placing a note or a warning.
There should be a note to make sure to run terraform destroy with the same flags that were used for terraform apply e.g. terraform destroy -var aws_region=us-west-1
The backstory that prompted me to flag this:
I managed to get a small charge on AWS due to the NAT gateways that are defined in the config.
The problem is the shortcomings of the aws provider itself, when it comes to changing regions. As it turns out, it’s a known issue - but I didn’t know this at the time.
Since the tutorial instructs to run terraform apply -var aws_region=us-west-1 on the VPC workspace while the config file states us-east-1 , the resources are naturally deployed in us-west-1 . But what I didn’t know (as I’m still learning) is that I should actually destroy the resources with the -var aws_region=us-west-1 flag as well. (Yes, looking back, I see that it’s written in the tutorial, but I try to not copy-paste everything)
For some reason I assumed the terraform destroy will be based on the state file and won't need any more options to destroy every resource. But it isn’t, and once ran, it notifies me that all resources will be destroyed and clears the state file - as it should.
Days later I check my AWS billing and I see that I had quite a few hours of NAT gateway usage, that prompted me to investigate, and lo and behold, I had the NAT gateways still running, despite me thinking they have been destroyed days ago. So I check CloudTrail, and there was no API call ever made for the removal of them. It got me thinking what could’ve gone wrong, so I ran a few tests with debugging on, and came to the conclusion that is stated in the issue I referenced previously.
I can see how others could come to the mistake of just running terraform destroy without the flag and racking up some unforeseen charges.
Hence asking you to add a note to the tutorial where the reader is instructed to “Apply this configuration, setting the value of aws_region to us-west-1 .” to make sure the terraform destroy is ran the same way.
The other thing that could be done is to simply get rid of the NAT gateways and private subnets in the configuration and put the app instances into the public subnets. So there would be no charge at all (considering the user is still within the free-tier limits), even if the tutorial isn't being followed word by word.
I’d like to stress that I don’t blame anyone, but myself for the mistake. I just think that these changes could save some trouble for others who aren't familiar with the AWS provider :)
Hi!
After following this guide, I encountered some issues that could be prevented by placing a note or a warning.
There should be a note to make sure to run
terraform destroy
with the same flags that were used forterraform apply
e.g.terraform destroy -var aws_region=us-west-1
The backstory that prompted me to flag this:
I managed to get a small charge on AWS due to the NAT gateways that are defined in the config. The problem is the shortcomings of the aws provider itself, when it comes to changing regions. As it turns out, it’s a known issue - but I didn’t know this at the time.
Since the tutorial instructs to run
terraform apply -var aws_region=us-west-1
on the VPC workspace while the config file statesus-east-1
, the resources are naturally deployed inus-west-1
. But what I didn’t know (as I’m still learning) is that I should actually destroy the resources with the-var aws_region=us-west-1
flag as well. (Yes, looking back, I see that it’s written in the tutorial, but I try to not copy-paste everything) For some reason I assumed theterraform destroy
will be based on the state file and won't need any more options to destroy every resource. But it isn’t, and once ran, it notifies me that all resources will be destroyed and clears the state file - as it should.Days later I check my AWS billing and I see that I had quite a few hours of NAT gateway usage, that prompted me to investigate, and lo and behold, I had the NAT gateways still running, despite me thinking they have been destroyed days ago. So I check CloudTrail, and there was no API call ever made for the removal of them. It got me thinking what could’ve gone wrong, so I ran a few tests with debugging on, and came to the conclusion that is stated in the issue I referenced previously. I can see how others could come to the mistake of just running
terraform destroy
without the flag and racking up some unforeseen charges. Hence asking you to add a note to the tutorial where the reader is instructed to “Apply this configuration, setting the value ofaws_region
tous-west-1
.” to make sure theterraform destroy
is ran the same way.The other thing that could be done is to simply get rid of the NAT gateways and private subnets in the configuration and put the app instances into the public subnets. So there would be no charge at all (considering the user is still within the free-tier limits), even if the tutorial isn't being followed word by word.
I’d like to stress that I don’t blame anyone, but myself for the mistake. I just think that these changes could save some trouble for others who aren't familiar with the AWS provider :)