With a few updates I was able to use your framework with a Terraform:1.4.4 docker image. I was able to build IaC on AWS using your work. Very helpful indeed. Massive thank you!
Hello budy, how are you? I'm brazilian so my english is from a translator! OK? how do i use github secrets inside terraform script? I think I need this mechanism to be able to run my terraform inside the pipeline and its container. tnks!!
good job! just a qq question, if you have different projects in your repo, so different codepipeline and codebuild projects (i.e. for backing ami with Packer), since you are using the branch main, how can you avoid to fire all pipelines in your account? I hope I was clear : ) thanks for sharing this video!
Thank you for this straightforward tutorial! I have followed this tutorial and am able to make the pipeline run but the only issue I'm facing is it doesn't trigger automatically whenever I push new changes to my repo. I checked the latest code isn't synced either unless I press 'Release Change'. Which part exactly is triggering the pipeline? I've seen an example on AWS DevOps blog where they use a CloudWatch event to trigger the pipeline run. But I'm unclear on this tutorial of precisely what event is the trigger here. Can anyone help plz?
can anybody help me? how do i inform my access and secret keys for the pipeline? i mean, in the buildspec.yaml file i can tell how variables? could any friend help me with this? I can run my terraform from my PC normally, but the aws cli with the credentials is installed on it, I believe it is necessary to inform the code pipeline and I imagine it is through my yaml file... i am brazilian and i used the translator to try your help.
How will you destroy those resources that were created during the plan phase ?. I would like to destroy all the resources that were created during the different phases at the end of the last phase. Not sure how can you get the reference to those resources that were created within the docker image
at the very beginnig when I am running terraform init i face the following error error configuring S3 Backend: no valid credential sources for S3 Backend found. can someone please guide me, why I am seeing this and where should I store the credentials?
@Davo'clock any reason why we needed to create the s3 bucket outside the codebuild. `lets say what i am trying to acieve is bringup my whole infrastructure using codebuild. so i firest created the code build resource on aws. .Then i create my s3 and dynomo i.e tf-backend-state first using codebuild. then i later create the other resources pointing all of them to my tf-backend-state. with this will i still need to bring up an s3 first. its like bringing up jenkins CICD in my case and then using it to spin up terraform instance
You could create a one time codebuild job that all it does is create an S3 bucket and a dynamodb table. You can then feed those names into your terraform project. This doesn't really buy you much unless you wanted to do this for many accounts/regions at once. When you define the backend information for s3, terraform won't let you use variables for bucket name, so you gotta hardcode that value, which makes it isolated from your terraform project right off the bat. Additionally, if you create your codebuild terraform project manually, that removes the ability from managing the pipeline/build project from terraform itself, unless you were to import it, but that's basically doing the same work twice.
Tag updates trigger cloudwatch events, and as you may know, you can do just about anything with events. Here's a paper on the big picture: aws.amazon.com/blogs/mt/monitor-tag-changes-on-aws-resources-with-serverless-workflows-and-amazon-cloudwatch-events/ You can have a lambda function triggered by a tag change (you can specify which tag under what service), which evaluates the tag value, and triggers a pipeline/codebuild/codedeploy action.
in azure I can have plan and apply as tasks in a pipeline,and choose wherever or not to run an apply,is there a way to do that with the setup you've shown here?
Yes, you can either add a manual approval stage before apply, and not approve after plan (so it doesn't apply), or you can disable the plan->apply transition from the pipeline screen
@@timsamanchi3004 please can you input i have a fail at the build stage After storing my dockerhub credentials on secrets manager still have the same error message and i also when forward and generated a secret token on dockerhub, stored it on secret manager and used the private arn still have the same error message. Initializing the backend... Successfully configured the backend "s3"! Terraform will automatically use this backend unless the backend configuration changes. Error refreshing state: AccessDenied: Access Denied status code: 403, request id: JDMP5M5HVR6WPB2X, host id: /aksGRqbvyfGe8P70kojfn+pzDsVAkC3RbLcusfeqS4ojEi8KNgyW9m4Iukd2lKle/SRgMpz/Qg= [Container] 2022/06/10 14:48:11 Command did not exit successfully terraform init exit status 1 [Container] 2022/06/10 14:48:11 Phase complete: PRE_BUILD State: FAILED [Container] 2022/06/10 14:48:11 Phase context status code: COMMAND_EXECUTION_ERROR Message: Error while executing command: terraform init. Reason: exit status 1
@Rajat ghosh After storing my dockerhub credentials on secrets manager still have the same error message and i also when forward and generated a secret token on dockerhub, stored it on secret manager and used the private arn still have the same error message. Initializing the backend... Successfully configured the backend "s3"! Terraform will automatically use this backend unless the backend configuration changes. Error refreshing state: AccessDenied: Access Denied status code: 403, request id: JDMP5M5HVR6WPB2X, host id: /aksGRqbvyfGe8P70kojfn+pzDsVAkC3RbLcusfeqS4ojEi8KNgyW9m4Iukd2lKle/SRgMpz/Qg= [Container] 2022/06/10 14:48:11 Command did not exit successfully terraform init exit status 1 [Container] 2022/06/10 14:48:11 Phase complete: PRE_BUILD State: FAILED [Container] 2022/06/10 14:48:11 Phase context status code: COMMAND_EXECUTION_ERROR Message: Error while executing command: terraform init. Reason: exit status 1
@@timsamanchi3004 hey, I have the same issue within the plan phase but haven't been able to fix it. The only alert is that there is a deprecated syntaxis but that is. Not getting more crucial errors/ Please, let me know. Appreciate
With a few updates I was able to use your framework with a Terraform:1.4.4 docker image. I was able to build IaC on AWS using your work. Very helpful indeed. Massive thank you!
Hi there, can you please drop a link to the code or a link to your github repo?
Thanks
Massive thanks for providing this video; helped me create my first AWS pipeline and being able to relate to Jenkins and GitHub Actions!
Hello budy, how are you? I'm brazilian so my english is from a translator! OK?
how do i use github secrets inside terraform script? I think I need this mechanism to be able to run my terraform inside the pipeline and its container.
tnks!!
Thanks for making this video. I was able to configure complete terraform pipeline by watching your video.
Did the same code that Dave posted work for you?
Thank you for this video, It helped me a lot to understand the pipeline.
Thank you for making this. Please continue to make more videos.
good job! just a qq question, if you have different projects in your repo, so different codepipeline and codebuild projects (i.e. for backing ami with Packer), since you are using the branch main, how can you avoid to fire all pipelines in your account? I hope I was clear : ) thanks for sharing this video!
Very good demo. Thank you!
Thanks mate. Keep it up, your doing great!
Thanks for such a clear video
Thanks for the video. It is very informative.
CAN'T THINK ENOUGH ❤️❤️🌨️
Thank you for this straightforward tutorial! I have followed this tutorial and am able to make the pipeline run but the only issue I'm facing is it doesn't trigger automatically whenever I push new changes to my repo. I checked the latest code isn't synced either unless I press 'Release Change'. Which part exactly is triggering the pipeline? I've seen an example on AWS DevOps blog where they use a CloudWatch event to trigger the pipeline run. But I'm unclear on this tutorial of precisely what event is the trigger here. Can anyone help plz?
Great work, really helpful!!. How would I change this from a single account, to a multi account pipeline?
How do we do a terraform destroy with this implementation ?
can anybody help me? how do i inform my access and secret keys for the pipeline?
i mean, in the buildspec.yaml file i can tell how variables? could any friend help me with this?
I can run my terraform from my PC normally, but the aws cli with the credentials is installed on it, I believe it is necessary to inform the code pipeline and I imagine it is through my yaml file...
i am brazilian and i used the translator to try your help.
How will you destroy those resources that were created during the plan phase ?. I would like to destroy all the resources that were created during the different phases at the end of the last phase. Not sure how can you get the reference to those resources that were created within the docker image
at the very beginnig when I am running terraform init i face the following error
error configuring S3 Backend: no valid credential sources for S3 Backend found.
can someone please guide me, why I am seeing this and where should I store the credentials?
aws configure
generate the user credentials in IAM and authenticate using "aws configure" in the CMD.
Outstanding
@Davo'clock any reason why we needed to create the s3 bucket outside the codebuild. `lets say what i am trying to acieve is bringup my whole infrastructure using codebuild. so i firest created the code build resource on aws. .Then i create my s3 and dynomo i.e tf-backend-state first using codebuild. then i later create the other resources pointing all of them to my tf-backend-state. with this will i still need to bring up an s3 first. its like bringing up jenkins CICD in my case and then using it to spin up terraform instance
You could create a one time codebuild job that all it does is create an S3 bucket and a dynamodb table. You can then feed those names into your terraform project. This doesn't really buy you much unless you wanted to do this for many accounts/regions at once.
When you define the backend information for s3, terraform won't let you use variables for bucket name, so you gotta hardcode that value, which makes it isolated from your terraform project right off the bat. Additionally, if you create your codebuild terraform project manually, that removes the ability from managing the pipeline/build project from terraform itself, unless you were to import it, but that's basically doing the same work twice.
Our requirement is tag based trigger. I find this is not possible with aws ci/cd tool ? Any thoughts
Tag updates trigger cloudwatch events, and as you may know, you can do just about anything with events. Here's a paper on the big picture:
aws.amazon.com/blogs/mt/monitor-tag-changes-on-aws-resources-with-serverless-workflows-and-amazon-cloudwatch-events/
You can have a lambda function triggered by a tag change (you can specify which tag under what service), which evaluates the tag value, and triggers a pipeline/codebuild/codedeploy action.
in azure I can have plan and apply as tasks in a pipeline,and choose wherever or not to run an apply,is there a way to do that with the setup you've shown here?
Yes, you can either add a manual approval stage before apply, and not approve after plan (so it doesn't apply), or you can disable the plan->apply transition from the pipeline screen
@@davoclock4379 Thank you , will look for how to do that!
what is the version of powershell did you used ?
PS C:\> Get-Host | Select-Object Version
Version
-------
5.1.19041.610
Hero 🏅
Does this code really work? I tried it so many times to no avail. it always fails on codebuild plan phase. Has anyone came across the same issue?
@Rajat ghosh i have fixed it but this code as it is is incorrect.
@@timsamanchi3004
please can you input i have a fail at the build stage
After storing my dockerhub credentials on secrets manager still have the same error message
and i also when forward and generated a secret token on dockerhub, stored it on secret manager and used the private arn still have the same error message.
Initializing the backend...
Successfully configured the backend "s3"! Terraform will automatically
use this backend unless the backend configuration changes.
Error refreshing state: AccessDenied: Access Denied
status code: 403, request id: JDMP5M5HVR6WPB2X, host id: /aksGRqbvyfGe8P70kojfn+pzDsVAkC3RbLcusfeqS4ojEi8KNgyW9m4Iukd2lKle/SRgMpz/Qg=
[Container] 2022/06/10 14:48:11 Command did not exit successfully terraform init exit status 1
[Container] 2022/06/10 14:48:11 Phase complete: PRE_BUILD State: FAILED
[Container] 2022/06/10 14:48:11 Phase context status code: COMMAND_EXECUTION_ERROR Message: Error while executing command: terraform init. Reason: exit status 1
@Rajat ghosh
After storing my dockerhub credentials on secrets manager still have the same error message
and i also when forward and generated a secret token on dockerhub, stored it on secret manager and used the private arn still have the same error message.
Initializing the backend...
Successfully configured the backend "s3"! Terraform will automatically
use this backend unless the backend configuration changes.
Error refreshing state: AccessDenied: Access Denied
status code: 403, request id: JDMP5M5HVR6WPB2X, host id: /aksGRqbvyfGe8P70kojfn+pzDsVAkC3RbLcusfeqS4ojEi8KNgyW9m4Iukd2lKle/SRgMpz/Qg=
[Container] 2022/06/10 14:48:11 Command did not exit successfully terraform init exit status 1
[Container] 2022/06/10 14:48:11 Phase complete: PRE_BUILD State: FAILED
[Container] 2022/06/10 14:48:11 Phase context status code: COMMAND_EXECUTION_ERROR Message: Error while executing command: terraform init. Reason: exit status 1
@@timsamanchi3004 hey, I have the same issue within the plan phase but haven't been able to fix it. The only alert is that there is a deprecated syntaxis but that is. Not getting more crucial errors/ Please, let me know. Appreciate
@@timsamanchi3004 pls how did you fix it
The skillful feeling simultaneously man because otter finally exercise inside a shocking earthquake. spotted, wicked music