Cannot seem to use vars within TF files

pocockn · June 9, 2022, 3:35pm

I am attempting to migrate my existing application to use Terraspace.

I have an ECS stack that has the structure of:

My staging.tfvars contains

region = "eu-west-1"
env = "staging"

My backend.tf contains

terraform {
  backend "s3" {
    bucket = "name_of_bucket_that_already_exists"
    key    = "ecs/tfstate"
    region = var.region
  }
}

However, running

TS_ENV=staging terraspace plan ecs

I get the following error:

parse.y:225:in `raise_error': **parse error on value: var.region (****Racc::ParseError****)**
**2: backend "s3" {**
**3: bucket = "name_of_bucket_that_already_exists"**
**4: key = "ecs/tfstate"**
*** 5: region = __var.region__**
**6: }**
**7: }**

Is there something I am missing here? I would think it would pull the var from the tfvars folder but it doesn’t seem to be working

tung · June 9, 2022, 4:07pm

Interesting. Think this is a bug. Think what’s going is:

Terraspace parses backend.tf in order to figure out the settings like bucket and region to create the backend state bucket. https://github.com/boltops-tools/terraspace/blob/fa1bb35ba68c9f93f133ac41277176822bdcc39e/lib/terraspace/compiler/expander.rb#L31
The region = var.region region is throwing off the parser

Terraspace parsers the backend to detect which cloud provider plugin interface it needs to use to auto create the backend.

This means cannot currently use var.region in backend.tf since terraspace has to do some early logic way before a terraform apply happens.

Though it’s non-ideal, a workaround is to use ERB and set the AWS_REGION env variable.

config/terraform/backend.tf

terraform {
  backend "s3" {
    bucket         = "<%= expansion('terraform-state-:ACCOUNT-:REGION-:ENV') %>"
    key            = "<%= expansion(':TYPE_DIR/:APP/:ROLE/:MOD_NAME/:ENV/:EXTRA/:REGION/terraform.tfstate') %>"
    region         = "<%= expansion(':REGION') %>"
    encrypt        = true
    dynamodb_table = "terraform_locks"
  }
}

Unsure how would be able get var.region at runtime since the auto backend creation happens quite early on outside of terraform. Open to suggestions and PRs. No sweat either way of course. Hope that helps.

pocockn · June 9, 2022, 4:46pm

Thank you for replying!

I would love to contribute but have little Ruby experience.

Another question.

I have:

terraform {
  backend "s3" {
    bucket = "mirror-ecs-terraform-state-files"
    key    = "ecs/tfstate"
    region = "eu-west-2"
  }
}

provider "aws" {
  region = "<%= expansion(':REGION') %>"
}

So my bucket with the state is within eu-west-2 but my resource for this environment needs to be built in eu-west-1.

When I run:

AWS_REGION=eu-west-1 TS_ENV=new-schema terraspace plan ecs

I get:

Building .terraspace-cache/eu-west-1/new-schema/stacks/ecs
Built in .terraspace-cache/eu-west-1/new-schema/stacks/ecs
Current directory: .terraspace-cache/eu-west-1/new-schema/stacks/ecs
/Users/nickpocock/.gem/ruby/2.6.0/gems/aws-sdk-core-3.131.1/lib/seahorse/client/plugins/raise_response_errors.rb:17:in `call': **The bucket you are attempting to access must be addressed using the specified endpoint. Please send all future requests to this endpoint. (****Aws::S3::Errors::PermanentRedirect****)**

The reported error is Aws::S3::Errors::PermanentRedirect

I think its potentially ignoring my hardcoded eu-west-2 for my bucket and overwriting it with the AWS_REGION env var, is there a way around this?

tung · June 9, 2022, 5:07pm

I see. Turns out a was a bug when s3 bucket tagging support was added. Essentially, the s3 client was not using the same parsed region from backend.tf. Released a fix: https://github.com/boltops-tools/terraspace_plugin_aws/pull/19

To update:

cd your-terraspace-project
bundle update terraspace_plugin_aws

More generally you can update all gems with:

cd your-terraspace-project
bundle update

The fix was released in terraspace_plugin_aws 0.3.8, so you should get something like this

$ bundle info terraspace_plugin_aws
  * terraspace_plugin_aws (0.3.8)
        Summary: Terraspace AWS Plugin
        Homepage: https://github.com/boltops-tools/terraspace_plugin_aws
        Path: /home/ec2-user/.rvm/gems/ruby-3.1.1/gems/terraspace_plugin_aws-0.3.8
$

That should remove the Aws::S3::Errors::PermanentRedirect error and allow you to use a s3 bucket backend in a different region than where your resources are being provisioned.

Note: Hope to be releasing terraspace_plugin_aws 0.4.x very soon with some improvements to the generated backend.tf defaults.

pocockn · June 10, 2022, 7:38am

Awesome, thanks so much. I will update the plugin now.

I would love to try and contribute to this project. Do you have a list of first-time issues or something to work on?

tung · June 11, 2022, 1:12am

Note: Released terraspace_plugin_aws 0.4.0 with some updates on the generated backend.tf. Updated upgrading docs with some notes: Upgrading Guide - Terraspace

RE: Do you have a list of first-time issues or something to work on?

Issues help wanted
Issues good first issue
More docs: http://terraspace.test/docs/contributing/