cloud engineer
How to add Snapshot Schedules to disks in Terraform. Add this to your existing VM.
resource "google_compute_disk_resource_policy_attachment" "hourly_attachment" { name = "hourly-snapshots" disk = google_compute_instance.test.name zone = "us-central1-c" } resource "google_compute_disk_resource_policy_attachment" "daily_attachment" { name = "daily-snapshots" disk = google_compute_instance.test.name zone = "us-central1-c" } |
resource "google_compute_disk_resource_policy_attachment" "hourly_attachment" { name = "hourly-snapshots" disk = google_compute_instance.test.name zone = "us-central1-c" } resource "google_compute_disk_resource_policy_attachment" "daily_attachment" { name = "daily-snapshots" disk = google_compute_instance.test.name zone = "us-central1-c" }
How to create service account in GCP via Terraform.
provider "google" { project = "your_project_id" } resource "google_service_account" "service_account" { account_id = "your-service-account-name" display_name = "test service account built by terraform" } |
provider "google" { project = "your_project_id" } resource "google_service_account" "service_account" { account_id = "your-service-account-name" display_name = "test service account built by terraform" }
Occasionally I was getting this random error when running Terraform.
╷ │ Error: error configuring Terraform AWS Provider: no valid credential sources for Terraform AWS Provider found. │ │ Please see https://registry.terraform.io/providers/hashicorp/aws │ for more information about providing credentials. │ │ Error: RequestError: send request failed │ caused by: Post "https://sts.amazonaws.com/": read tcp xx.xx.xx.xx:59422->xx.xx.xx.xx:443: read: connection reset by peer │ │ │ with provider["registry.terraform.io/hashicorp/aws"], │ on main.tf line 10, in provider "aws": │ 10: provider "aws" { |
╷ │ Error: error configuring Terraform AWS Provider: no valid credential sources for Terraform AWS Provider found. │ │ Please see https://registry.terraform.io/providers/hashicorp/aws │ for more information about providing credentials. │ │ Error: RequestError: send request failed │ caused by: Post "https://sts.amazonaws.com/": read tcp xx.xx.xx.xx:59422->xx.xx.xx.xx:443: read: connection reset by peer │ │ │ with provider["registry.terraform.io/hashicorp/aws"], │ on main.tf line 10, in provider "aws": │ 10: provider "aws" {
Here’s the fix. Place this in your ~/.bash_profile.
export AWS_SDK_LOAD_CONFIG=1 |
export AWS_SDK_LOAD_CONFIG=1
This forces Terraform to use both config and credentials file.
How to add a second drive on GCP Compute Engine using Terraform.
provider "google" { project = "your-project-id" zone = "us-central1-c" } resource "google_compute_disk" "data-drive" { name = "data-drive" type = "pd-standard" zone = "us-central1-c" size = "20" } resource "google_compute_attached_disk" "attach-data-drive" { count = 1 disk = google_compute_disk.data-drive.id instance = google_compute_instance.test.id } resource "google_compute_instance" "test" { name = "test" machine_type = "e2-micro" boot_disk { initialize_params { image = "rocky-linux-cloud/rocky-linux-8" } } scheduling { preemptible = true automatic_restart = false } network_interface { network = "default" access_config { } } } |
provider "google" { project = "your-project-id" zone = "us-central1-c" } resource "google_compute_disk" "data-drive" { name = "data-drive" type = "pd-standard" zone = "us-central1-c" size = "20" } resource "google_compute_attached_disk" "attach-data-drive" { count = 1 disk = google_compute_disk.data-drive.id instance = google_compute_instance.test.id } resource "google_compute_instance" "test" { name = "test" machine_type = "e2-micro" boot_disk { initialize_params { image = "rocky-linux-cloud/rocky-linux-8" } } scheduling { preemptible = true automatic_restart = false } network_interface { network = "default" access_config { } } }
How to create AWS security groups using Terraform.
resource "aws_security_group" "my-security-group" { name = "my-security-group" description = "allow ports" vpc_id = aws_vpc.my-vpc.id ingress { description = "ping" from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] } ingress { description = "http" from_port = 80 to_port = 80 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } ingress { description = "https" from_port = 443 to_port = 443 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } egress { from_port = 0 to_port = 0 protocol = "ALL" cidr_blocks = ["0.0.0.0/0"] } tags = { Name = "my-security-group" } } |
resource "aws_security_group" "my-security-group" { name = "my-security-group" description = "allow ports" vpc_id = aws_vpc.my-vpc.id ingress { description = "ping" from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] } ingress { description = "http" from_port = 80 to_port = 80 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } ingress { description = "https" from_port = 443 to_port = 443 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } egress { from_port = 0 to_port = 0 protocol = "ALL" cidr_blocks = ["0.0.0.0/0"] } tags = { Name = "my-security-group" } }