I'm trying to develop Terraform code for an OpenVPN Access Server, however I get the error:
aws_instance.openvpn_srv: Error launching source instance: OptInRequired:
In order to use this AWS Marketplace product you need to accept terms and
subscribe.
Does Terraform have any support for using AMIs like this?
We’ve found it easiest to accept the ULA one time through console and it solves that issue for the life of the ami.
apparently, your account is not allowed to access the resource in aws, pls choose marketplace and that page will give your next instruction( setup credit card or else)
Oliver
Related
I am new to azure and i am exploring it now, as first step i created a free azure account and in that i created a Resource group and an App service to that resource group.
When i try to access the Url https://azurehome.azurewebsites.net/ its giving an error 'The service is unavailable.'
any help on this ?
Please follow this document to troubleshoot:
https://learn.microsoft.com/en-us/azure/app-service/troubleshoot-http-502-http-503
By the way, this problem may be caused by the region you choose, trying to change the region may be effective. I'm using Central US and it works fine.
If it still doesn't resolve, please provide more information.
If you need support, you can click this link:
https://azure.microsoft.com/en-us/support/options/
is there any code generator for Azure Terraform?
Actually i am trying to add Azure app service to existing resource group. For this we need a state configuration file, which can be generated only ( Terraform import ) if we have full Terraform code already written for that resource group.
I saw, Using Terraform to import existing resources on Azure and Update existing app service with Terraform ,but here i am talking about the thousands of resource groups.
Thanks
Gill
You would, to my knowledge, need to use terraform import against all of the existing resources that you have / want to consumse via terraform.
In saying that if you only want to manage the Azure App Service with Terraform and not everything else you can just simply pass all the requirements for the resource in and only manage this in the terraform state file.
Hi Lachie thanks for reply, I Found the solution using AZ2TF tool.
Thanks to Mr Agarciamiravet, who explained all the steps to use AZ2TF tool ( by using Docker) at
https://recetasdevops.com/migra-tu-infraestructura-actual-de-azure-a-terraform-con-py-az2tf/
this worked very well for me.
Thanks
Gill
I am working on terraform sagemaker to create notebook instance. I would like to launch notebook instance in private VPC with direct internet access disabled rather than Amazon manged VPC, but i don't see an option in terraform aws_sagemaker_notebook_instance to disable the direct internet access. Please advise on how to approach this scenario.
Thank you !
Terraform does not yet support the DirectInternetAccess property for the aws_sagemaker_notebook_instance resource. You can track the PR here.[A]
As a work around I am using CloudFormation. If you need to you can wrap the CFN template in the aws_cloudformation_stack resource.[B][C]
Hope this helps out dude.
[A] https://github.com/terraform-providers/terraform-provider-aws/pull/8618]
[B] https://www.terraform.io/docs/providers/aws/r/cloudformation_stack.html
[C] https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sagemaker-notebookinstance.html#cfn-sagemaker-notebookinstance-directinternetaccess
How can i find the app, whose credentials were used to launch a vm in azure. I am able to use the compute client to get admin_username attached to a VM but it does not solve my use case as a user can give any username while launching it.
compute_client = ComputeManagementClient(credentials, subscription_id)
vm_details = compute_client.virtual_machines.get(resource_group_name= <resource_group>, vm_name=<vm_name>, expand='instanceView')
username = vm_details.os_profile.admin_username
Is the app_name stored as a vm property anywhere that can be accessed via azure-sdk for python?
First, please clarify "launch". Do you mean initial deployment, or starting an already existing VM which was off? Or both :)?
I do believe that this information is not part of the VM, but will be considered an event of ARM. Then, this will be available part of the Activity Log:
https://learn.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-overview-activity-logs
Activity Log is available in the Monitor SDK:
https://learn.microsoft.com/en-us/python/api/overview/azure/monitoring?view=azure-python
If you want to test this quickly, try the CLI:
https://learn.microsoft.com/en-us/cli/azure/monitor/activity-log?view=azure-cli-latest#az-monitor-activity-log-list
Since this CLI is using the same SDK, if you find your information with the CLI this means you can definitely get it with SDK
(I work at MS in the Python team, but not in the VM or Monitor team, it's why I start my post with "believe", but I really think it's accurate based on my knowledge of Azure)
So as the deployment of our app we were thinking to deploy it in market place as a private ami.So we were thinking to get the docker image of the app when some one spinning up the vm with our ami.But the thing is the user who spin up the ami is the admin of the vm so he has full access.So does he has access to our code base when he ssh in to the docekr image.Is there a way to restrict user to access the code
Yes. Let them use your AWS server and don't give their account SSH access to the code.
Seriously. There isn't a trick to this one. This is the only way you can do it, short of SELinux.