Hi all trying to set up Infracost on our environment I ve be Infracost Community #help

$https://infracost.io logo$

Hi all, trying to set up Infracost on our environm...

cuddly-dentist-1090

07/03/2024, 9:31 PM

Hi all, trying to set up Infracost on our environment. I've been able to integrate the GitLab app and get comments on new MR's. But I'm having trouble to allow Infracost to pull our private Terraform modules from an S3 bucket. According to the documentation here I added the environment variables to our config file, like this:

Copy code

version: 0.1
env:
  AWS_ACCESS_KEY_ID: ${IC_ACCESS_KEY_ID}
  AWS_SECRET_ACCESS_KEY: ${IC_SECRET_ACCESS_KEY}

Where the IC_ variables are ones that I added to our GitLab repository as CI/CD variables. I have verified that this key/secret has the required IAM permissions by downloading a module from the aws-cli using these credentials. However, I'm still getting 403 responses while Infracost is trying to fetch the modules. Not really sure what the next step in troubleshooting should be. Anyone with suggestions on what to try next?

white-airport-8778

07/04/2024, 5:07 AM

@cuddly-dentist-1090 when you run

AWS_ACCESS_KEY_ID=xxx AWS_SECRET_ACCESS_KEY=xxx infracost breakdown --path . ---log-level=debug

locally on your laptop, does it download modules ok? If you can’t run that locally, try setting the 2 AWS envs as gitlab env vars to see if that makes a difference

cuddly-dentist-1090

07/04/2024, 3:47 PM

Hey @white-airport-8778, thanks for your response. So when I run the command locally, it seems to work just fine and give me a baseline and usage cost. So it seems that somehow my config file is not correctly parsed maybe?

white-airport-8778

07/04/2024, 4:01 PM

yeah, I’d try to set the env variable directly in gitlab, not in the config file, to see if that helps, plz report back so we can dig in

cuddly-dentist-1090

07/04/2024, 4:06 PM

Even when renaming the vars directly to the AWS_ ones, it is still throwing 403s somehow.

white-airport-8778

07/04/2024, 4:12 PM

when you run

AWS_ACCESS_KEY_ID=$MYENV AWS_SECRET_ACCESS_KEY=$MYOTHERENV infracost breakdown --path . ---log-level=debug

in gitlab-ci.yml does that work?

cuddly-dentist-1090

07/04/2024, 4:26 PM

I've been using the GitLab app so far, so no changes had yet been made to gitlab-ci.yml file. I added this very simple job to the CI now:

Copy code

infracost:
  image: infracost/infracost:ci-latest
  variables:
    AWS_ACCESS_KEY_ID: ${IC_ACCESS_KEY_ID}
    AWS_SECRET_ACCESS_KEY: ${IC_SECRET_ACCESS_KEY}
  script:
    - infracost breakdown --path .
  allow_failure: true
  rules:
    - if: $CI_PIPELINE_SOURCE == 'merge_request_event'

But it gives me this error:

Using docker image sha256:f64b2699a12d7cac004dd13d3a2c4903c3bfcf8b9ccdd6fa4aa132a167f338fc for infracost/infracost:ci-latest with digest infracost/infracost@sha256:e0ee23510c4d175bf17d05f784aa53ebdedc8f4f190e99c034251e9bfc8e7fdf ...

Error: unknown command "sh" for "infracost"

Cleaning up project directory and file based variables 00:01

ERROR: Job failed: exit code 1

white-airport-8778

07/04/2024, 4:27 PM

OH! GitLab App! In that case, you need to fix it differently… one sec

white-airport-8778

07/04/2024, 4:30 PM

https://dashboard.infracost.io > Org Settings > Integrations > your gitlab app > next page > Do you need additional environment variables? Yes AWS_ACCESS_KEY_ID=X AWS_SECRET_ACCESS_KEY=Y Complete setup Then push a commit to your open MR to see if that works

cuddly-dentist-1090

07/04/2024, 4:38 PM

That's it! Estimate was created succesfully now 😄 Thanks Ali!

white-airport-8778

07/04/2024, 4:39 PM

Awesome - sorry about the confusion!

Open in Slack

Previous Next