terraform command and examples

terraform.md

Terraform

• https://www.terraform.io/docs/commands/refresh.html
• https://www.terraform.io/docs/providers/aws/d/iam_policy_document.html
• terraform state show

uninstall

brew uninstall --force terraform
brew cleanup -s terraform

tfswitch

• https://medium.com/@warrensbox/how-to-manage-different-terraform-versions-for-each-project-51cca80ccece

  brew install warrensbox/tap/tfswitch tfswitch 0.11.14

tfenv

• tfutils/tfenv#158

  brew install tfenv tfenv install 0.11.14

Debug

• terraform destroy stuck on refreshing state hashicorp/terraform#23564

  TF_LOG=DEBUG RKE_LOG=1 terraform <plan/destroy>

Remove lock

terraform force-unlock <LOCK_ID>

aws_iam_policy

resource "aws_iam_policy" "allow_kms_decrypt_letsEncryptKey" {
  name        = "tf-policy-${var.instance_name}_access_kms_letsEncryptKey"
  path        = "/"
  description = "Give certificate manager access to letsEncryptKey via KMS"
  policy = "${data.template_file.allow_kms_decrypt_letsEncryptKey.rendered}"
}

resource "aws_iam_role_policy_attachment" "attach_kms_decrypt_letsEncryptKey_to_role" {
  role       = "${aws_iam_role.certificate_manager_role.name}"
  policy_arn = "${aws_iam_policy.allow_kms_decrypt_letsEncryptKey.arn}"
}

data "template_file" "allow_route53_ListResourceRecordSets" {
  template = "${file("../common-modules/aws/policy/route53/ListResourceRecordSets.json.tpl")}"
  vars = {
    resource = "arn:aws:kms:us-east-1:494770124270:key/400e47b4-8562-4015-a14d-857dc3f388e6"
  }
}