AWS Provider Coverage

[pearkes]

AWS Provider Coverage

View this spreadsheet for a near-time summary of AWS resource coverage. If there's a resource you would like to see coverage for, just add your GitHub username to next to the resource. We will use the number of community upvotes in the spreadsheet to help prioritize our efforts.

https://docs.google.com/spreadsheets/d/1yJKjLaTmkWcUS3T8TLwvXC6EBwNSpuQbIq0Y7OnMXhw/edit?usp=sharing

[jpluscplusm]

Support for enabling the PROXY protocol on an ELB would be marvellous: http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/enable-proxy-protocol.html

[bgentry]

Yesterday I also noticed that VPC DHCP options are missing

[pearkes]

@bgentry @jpluscplusm added both, thanks!

[benzimmer]

I'd love to see Route53 Health checks and DNS failover to be supported.

[Tokynet]

We are almost there! Just need the IAM roles :) :+1:

[marshyski]

:+1: IAM roles, thanks for the quick push on the tags!!!

[buth]

A possible block devices implementation. https://github.com/hashicorp/terraform/pull/440

[mitchellh]

Feature requests:

467

468

469

[pmoust]

Support for spinning up ELB within VPC is not yet implemented.

[fsalum]

are we going to have tag support for the resources below?

aws_subnet aws_route_table aws_internet_gateway

[mitchellh]

@fsalum Yes, it would be quite easy we designed the tag system to be reused across different resources so its just a matter of applying it to each.

[fsalum]

@mitchellh good to know, I'm replicating my current non-terraform infrastructure in one region to another using terraform and that would help a lot. If you could consider it in the TODO list :+1:

[yahyapo]

Support for ACL's in subnets is not yet implemented.

[kief]

So we can now assign an IAM roles to an instance (hooray!), but can we run terraform on that instance, taking advantage of the IAM role? I would like to run terraform from instances in the cloud without having to put an access_key and secret_key on the instance.

[marshyski]

+1 with @kief

[delitescere]

That's a great idea @kief.

An interim solution if you can palate it, is to send AWS_* environment variables in your SSH session.

In your ~/.ssh/config file:

Host <whatever you have>
  SendEnv AWS_*
  . . .

On the target server's /etc/ssh/sshd_config file:

AcceptEnv AWS_*

Then sudo /etc/init.d/sshd reload

Now when you ssh to that host, any AWS_ environment variables will be transferred.

[kief]

Thanks @delitescere. This won't help my use case, though, which is to have terraform run without direct human intervention.

More context: we're pushing terraform templates into a git repo, which triggers build jobs in GoCD (same principle would work with Jenkins, TeamCity, etc.). It builds an instance of infra using terraform, tests it with serverspec, then destroys it. If the stage passes, further stages can roll the changes out to dev and prod environments, in some cases needing a human to trigger the stage so we only push them when we're ready.

To enable this, we assign an IAM role to the instances running our Go Agents, so they can run terraform. We can put the keys in environment variables, but they still tend to show up in logs and console output.

[Tokynet]

It would complete my usability needs if it would leverage IAM role creds.

Currently:

1. Apply tags
2. Apply IAM role (to allow instance to query aws to get its tags.
3. Puppet then reads the tags and classifies the instance accordingly.

Totally hands off :)

Only ugly part is aws creds on terraform instance.

[jtopper]

We have a home-grown Fog-based tool that I'm really keen to replace with Terraform. In case you're using feedback here to prioritise work, the following functionality would let us do that:

• Support for ENI (creation, adding to an instance, creating routes via them)
• EBS (ability to create a new, tagged volume, and add it to an instance)
• Control of instance termination protection and instance-initiated shutdown behaviour in the aws_instance type
• Support for RDS parameter groups
• Support for ElastiCache
• Creation of IAM roles.
• VPC DHCP options

[donjohnson]

I think "IAM for Instances" can be checked off here, as it is just a string to an instance profile (IAM Role) ARN, and when IAM Role support is in place it will just be a var lookup away.

[tonnydourado]

The readme says it's still largely untested, but I thought that maybe this could be of some help: https://github.com/stripe/aws-go

[ryanking]

Can we add support for private DNS in Route 53 in here?

http://aws.amazon.com/about-aws/whats-new/2014/11/05/amazon-route-53-now-supports-private-dns-with-amazon-vpc/

[scottsuch]

I notice that security groups were added as a top level item. I'd love to see security group support for RDS, any chance of adding it to the list here?

[sage-oli-wood]

Can I chip in my support for egress rules in aws_security_group too please.

[sage-oli-wood]

aws_security_group > ingress > protocol Is it possible to supply protocols other than TCP?

[joelhandwell]

Can we add support for VPC peering connection?

[drnic]

Created an issue for "AWS EBS volume support" https://github.com/hashicorp/terraform/issues/746

[joescii]

Created ticket for AWS Route 53 ALIAS A Record support. #747

[Tokynet]

+1 for EBS support.

Funny, I was just trying this out today under block_device and it failed.

I think it should work just like the snapshot_id option.

-Miguel On Jan 6, 2015 2:40 PM, "Dr Nic Williams" notifications@github.com wrote:

Created an issue for "AWS EBS volume support" #746 https://github.com/hashicorp/terraform/issues/746

— Reply to this email directly or view it on GitHub https://github.com/hashicorp/terraform/issues/28#issuecomment-68920850.

[buth]

@drnic @Tokynet This should work using the block_device option.

[Tokynet]

What option though? I'm writing on my phone and can't paste the code snip.

Block_device { Device_name = "/dev/sdb" Volume_type = "gp2" Volume_size = "50" } On Jan 6, 2015 2:55 PM, "Eric Buth" notifications@github.com wrote:

@drnic https://github.com/drnic @Tokynet https://github.com/Tokynet This should work using the block_device option.

— Reply to this email directly or view it on GitHub https://github.com/hashicorp/terraform/issues/28#issuecomment-68923306.

[netors]

As a user who wants to implement private DNS on an internal VPC with Terraform, I need the following:

First, I need to be able to associate a hosted zone to a VPC: http://docs.aws.amazon.com/Route53/latest/APIReference/API_AssociateVPCWithHostedZone.html (maybe adding the vpc_id to the aws_route53_zone resource?)

Second, I need to create a DHCP Option Set: http://docs.aws.amazon.com/AWSEC2/latest/CommandLineReference/ApiReference-cmd-CreateDhcpOptions.html

Then I need to associate the DHCP Option Set to a VPC: http://docs.aws.amazon.com/AWSEC2/latest/CommandLineReference/ApiReference-cmd-AssociateDhcpOptions.html (maybe this can also be done in a new aws_dhcp_option_set resource using a vpc_id)

(reference: http://aws.amazon.com/about-aws/whats-new/2014/11/05/amazon-route-53-now-supports-private-dns-with-amazon-vpc/)

NOTE: This options and associations need to happen before an instance gets provisioned in our VPC so the correct dns option is added to the /etc/resolv.conf, or it should hint to reboot the instances if it is done afterwards..

[teancom]

@Tokynet Device name should just be 'sdb' (or possibly 'xvdb') - it should not include the /dev/. At least, that's what worked for me.

[buth]

@Tokynet That code block, within an aws_instance block, should create a new EBS volume and attatch it. (Note: it does not mount it.)

[Tokynet]

The code I have works and as mentioned here, it creates a new EBS volume every time.

I would like to have a specific EBS volume mounted every time I bring this instance up. I would make the config not destroy the volume on instance termination.

What I want to see is the config (option) that allows me to specify the volume NOT the snapshot (I have seen and used that one but have to constantly update the terraform config since we have to make new snapshots as we update the packages on that volume).

-Miguel

[likwid]

+1 on egress. I am really impressed with Terraform otherwise.

[neurogenesis]

+1 for tags, with the additional requirement for a means of applying tags to instances created via autoscaling groups. some use cases:

• "name" tag for organization & filter in AWS UI
• apply tags for audit / accounting / billing purposes (customer=acme, offering=..., department=..., etc.)

in looking at https://www.terraform.io/docs/providers/aws/r/instance.html, it looks like this might apply only to single instances.

in looking at https://www.terraform.io/docs/providers/aws/r/autoscale.html, there's no way to specify tags.

info about tags and autoscaling groups: http://docs.aws.amazon.com/AutoScaling/latest/DeveloperGuide/ASTagging.html

[ojongerius]

Could you please add VPN support ( #551 ) to this one?

[davedash]

RDS encryption at rest.

[plombardi89]

VPC peering +1 and IAM +1

Those two are holding us back from using this over Cloud Formation at the moment (VPC peering more so).

[bhourigan]

I'd like to add auto scaling group policy to this list, such as documented here: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-policy.html

[rodrickbrown]

Any plans to move to aws-go-sdk instead?

[knuckolls]

It wasn't until I saw this post that I understood what aws-go-sdk was. If it's going to be amazon's official go client then i'll :+1: moving to that eventually.

https://aws.amazon.com/blogs/aws/coming-soon-aws-sdk-for-go/

[phinze]

@rodrickbrown yep that is indeed the plan!

[jespada]

Enhancement: https://github.com/hashicorp/terraform/issues/938

[ryanking]

Can we add enabling ELB access logs to this one?

[nevins-b]

856 adds support for egress rules but requires a pull request to the upstream goamz to be merged first

[david-latham]

:+1: for private dns in route 53

[d3v1an7]

aws_autoscaling_group

:+1: Add/edit tags (also modify Tag New Instances) :+1: Add/edit scaling policies

:heart:

[nevins-b]

So I have a pull request to support ELB policies in goamz (https://github.com/mitchellh/goamz/pull/224). Now I'm looking for recommendations of how to implement these in terraform.