Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validation error on secrets in module #47

Open
lucasleys opened this issue Jan 17, 2024 · 1 comment
Open

Validation error on secrets in module #47

lucasleys opened this issue Jan 17, 2024 · 1 comment

Comments

@lucasleys
Copy link

Locally, i don't get any validation errors. When i try running it in a gitlab pipeline it gives me validation errors.
Computing.tf

##---ECS---##

data "aws_iam_role" "labrole" {
name = "LabRole"
}

resource "aws_ecs_cluster" "ecs_cluster_j1" {
name = "ecs-cluster-j1"
}

resource "aws_ecs_service" "service_j1" {
name = "ecs-service-j1"
cluster = aws_ecs_cluster.ecs_cluster_j1.id
task_definition = aws_ecs_task_definition.task_j1.arn
desired_count = 4
launch_type = "FARGATE"

load_balancer {
target_group_arn = aws_lb_target_group.alb_ecs_tg_j1.arn
container_name = "j1-container"
container_port = 80
}

network_configuration {
#assign_public_ip = true
subnets = [module.vpc.private_subnets[0], module.vpc.private_subnets[1]]
security_groups = [aws_security_group.sg2-j1.id]
}

depends_on = [aws_ecs_cluster.ecs_cluster_j1 , aws_ecs_task_definition.task_j1, aws_security_group.sg2-j1]
}

resource "aws_ecs_task_definition" "task_j1" {
family = "task-family"
network_mode = "awsvpc"
requires_compatibilities = ["FARGATE"]
cpu = "256"
memory = "512"
execution_role_arn = data.aws_iam_role.labrole.arn

container_definitions = jsonencode([
{
name = "j1-container"
image = "" // Replace with your Docker image
repositoryCredentials: {
credentialsParameter: values(module.secrets-manager-2.secret_arns)[0]
}
environment: [
{
"name": "WEB_HOST",
"value": "http://${aws_lb.alb-j1.dns_name}"
}]
cpu = 256
memory = 512
portMappings = [
{
containerPort = 80
hostPort = 8080
}
]
}
])
#depends_on = []
}

resource "aws_security_group" "sg2-j1" {
name = "sg2-j1"
description = "j1 security group 2"
vpc_id = module.vpc.vpc_id

ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]

}

egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}

tags = {
Name = "sg2-j1"
Terraform = "true"
Environment = "test"
}
}

module "secrets-manager-2" {

source = "lgallard/secrets-manager/aws"
version = "0.11.0"

secrets = {
secret-secgit = {
description = "This is a key/value secret"
secret_key_value = {
username = var.gitlab_deploy_token_username
password = var.gitlab_deploy_token_password
}
recovery_window_in_days = 7
}
}
}

brave_Vm4oW347Dj
@lgallard
Copy link
Owner

If it works on your local machine, then it's something in the way you are using the module in GitHub Actions. Check if you need to escape characters to make it works.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lgallard @lucasleys