Quick Recipes Terraform Archives - For all your terraform needs

Resource Shutdown via terraform

anuj — Tue, 22 Aug 2023 13:31:40 +0000

Terraform is often used to destroy environments – which keeps the state file consistent, when the next create event needs to occur.

However, sometimes, instead of destroying resources, all you want to do is shut them down or disable them. This is also doable using remote-exec in terraform

Shutting down an EC2 instance on aws

resource "aws_instance" "app" {
  # ...

  provisioner "remote-exec" {
    when    = "destroy"
    inline = [ "systemctl stop service" ]
  }
}

The post Resource Shutdown via terraform appeared first on For all your terraform needs.

Manual Drift and terraform

anuj — Thu, 19 May 2022 05:29:36 +0000

Also read – Preventing accidental deletion of resources

Prevent_Destroy in Terraform

Terraform has a few options for detecting and managing drift of resources.

 lifecycle {
    prevent_destroy = true
  }

However, these options only work with terraform – i.e. terraform only prevents and detects it’s own drifts…

Say you mark a resource as prevent_destory, it will respect that. However, it doesn’t stop an admin from deleting the resource through the console (of course, how would it know about that)?

Enter Terraform Refresh

Just need to remember to run refresh every time. From their documentation:

Terraform plan and apply operations run an implicit in-memory refresh as part of their functionality, reconciling any drift from your state file before suggesting infrastructure changes.

The post Manual Drift and terraform appeared first on For all your terraform needs.

Custom script from within a terraform module

anuj — Wed, 11 Nov 2020 03:49:31 +0000

What if you wanted to execute a python script or a bash / powershell script from within your terraform module?

Note that this is a different use case from that of executing a bash / powershell script on a VM spin up. On AWS, you would use Systems Manager or the user data field on EC2. On GCP, you would use the metadata_startup_script (I wrote a couple of posts around GCP’s metadata startup script here)

Also read, Reusable Modules and calling modules from the public terraform registry

Step 1 – Your main.tf needs a special resource (a NULL resource) definition as shown below:

(Say you created a scripts folder that contained hello.sh . Keeping it simple, hello.sh just has echo “Hello Terraform”)

resource "null_resource" "execfile" 
{ provisioner "local-scripts" 
  { 
    command = "${path.module}/hello.sh" interpreter = ["/bin/bash"] 
  }
}

Tip 1 – Note the interpreter (bash). You could also do powershell in there or python.

Tip 2 – To configure the path relative to your shell file, we use path.module

Step 2 – Call the execfile resource module from your terraform config

module "execfile" {
  source = "../Modules/scripts"
}

Step 3 – Run the terraform (after editing the configuration as shown above).

terraform init
terraform plan -out="app.tfplan"
terraform apply app.tfplan

Summary

That’s it. It is straightforward to run a custom script from within a module. Also, keep in mind that this is a different use case than executing VM startup scripts (bash or powershell).

This use case is used to perform one-off tasks – for e.g. – you may want to reach out and fetch credentials from an external system, before running your terraform module. That fetching code would go into your shell script and called using the technique above.

Need Assistance with your DevSecOps Projects?

Need an experienced Cloud Security Expert? Anuj has successfully delivered over a dozen deployments on each of the public clouds (AWS/GCP/Azure) including several DevSecOps engagements. Set up a time with Anuj Varma.

Set up a consultation – Start the conversation today.

The post Custom script from within a terraform module appeared first on For all your terraform needs.

Multiple Identical Resources via Terraform

anuj — Sun, 01 Nov 2020 00:57:44 +0000

There isn’t really a looping construct, but there’s still a way to perform a type of a loop in terraform.

Btw – as a quick aside, the difference between a terraform.tfvars and a variables.tf file is simply one of providing default values (the tfvars is used to set all default values). If you set your default values within the .tf file itself, the tfvars is unnecessary.

Modified Looping in Terraform

Step 1 – Add an f5_app_count variable, which will contain the number of F5 instances.

Step 2 – The actual value is instantiated in step 2 in the terraform.tfvars file – as such

f5_count = 3

Step 3 – In the google_compute_instance_template resource, add the count property (which is available for all resources and data Terraform blocks).

To further clarify resource names, the name of the compute_instance resource, we add the suffix with the current index of the count that we increment by 1.

resource "google_compute_instance_template" "f5-template" {
  count = var.f5_app_count   
  name         = "${var.environment}-f5-${count.index+1}"
  machine_type = "${var.instance_type}"
  ...
 }

Summary

That’s it. The count built in property in Terraform simplifies things. This is a common use case (spin up 3 of these resource types or 5 of those…).

Next Steps?

Need help with your Terraform or PowerShell or other automation effort? Set up a free consultation – Start the conversation today.

Need an experienced Cloud Networking or a Cloud Data Protection Expert? Anuj has successfully delivered over a dozen deployments on each of the public clouds (AWS/GCP/Azure) including several DevSecOps engagements. Set up a time with Anuj Varma.

The post Multiple Identical Resources via Terraform appeared first on For all your terraform needs.