Terraform Basics Archives - For all your terraform needs https://terraformarchitect.com/category/terraform-basics/ Automation cannot be an afterthought (TM) Tue, 09 May 2023 14:48:59 +0000 en-US hourly 1 https://wordpress.org/?v=6.5.5 Retrieving Resource IDs in Terraform – The Terraform Data Block https://terraformarchitect.com/terraform-basics/the-terraform-data-block/?utm_source=rss&utm_medium=rss&utm_campaign=the-terraform-data-block https://terraformarchitect.com/terraform-basics/the-terraform-data-block/#respond Mon, 13 Feb 2023 04:23:30 +0000 https://terraformarchitect.com/?p=327 Also read – Terraform external data querying The Terraform Data Block – Retrieving a Project Id for a GCP project data “google_project” “project” { } output "project_number" { value = […]

The post Retrieving Resource IDs in Terraform – The Terraform Data Block appeared first on For all your terraform needs.

]]>
Also read – Terraform external data querying

The Terraform Data Block – Retrieving a Project Id for a GCP project

data “google_project” “project” {
}

output "project_number" {
  value = data.google_project.project.number
}

Terraform Destroy and the Data Block

When executing the terraform destroy command on our Terraform configuration, Terraform does not perform a destroy action on the resource called by the data block. It is a read only block.

The data block is also called when executing the terraform plan command, so your external resource must be present before you execute the terraform plan and terraform apply commands.

Searching for Projects using the terraform data block

One can apply a filter to search for specific projects – e.g. projects about to be deleted

data "google_projects" "my-organization-projs" {
  filter = "parent.id:23232323 lifecycleState:DELETE_REQUESTED"
}

data "google_project" "deletion-candidate" {
  project_id = data.google_projects.my-organization-projs.projects[0].project_id
}

Summary

Instead of hard coding IDs of resources, the terraform data block allows dynamic retrieval of resource IDs. It also allows searching / filtering based a filter inside the data block.





Need an experienced Cloud Networking or a Cloud Data Protection Expert?  Anuj has successfully delivered over a dozen deployments on each of the public clouds (AWS/GCP/Azure) including several DevSecOps engagements. Set up a time with Anuj Varma.

The post Retrieving Resource IDs in Terraform – The Terraform Data Block appeared first on For all your terraform needs.

]]>
https://terraformarchitect.com/terraform-basics/the-terraform-data-block/feed/ 0
tfvars versus variables.tf https://terraformarchitect.com/terraform-basics/tfvars-versus-variables-tf/?utm_source=rss&utm_medium=rss&utm_campaign=tfvars-versus-variables-tf https://terraformarchitect.com/terraform-basics/tfvars-versus-variables-tf/#respond Tue, 31 Jan 2023 02:24:13 +0000 https://terraformarchitect.com/?p=322 Prompting a user for Input in Terraform To me, the primary use case is that I want to prompt a user to provide the value for the input variable. In […]

The post tfvars versus variables.tf appeared first on For all your terraform needs.

]]>
Prompting a user for Input in Terraform

To me, the primary use case is that I want to prompt a user to provide the value for the input variable. In that case, I HAVE to use variables.tf.. I simply define the variable and leave it’s value blank (of course, within the resource, this variable has to be a REQUIRED value).

 

The post tfvars versus variables.tf appeared first on For all your terraform needs.

]]>
https://terraformarchitect.com/terraform-basics/tfvars-versus-variables-tf/feed/ 0
Using -out with terraform plan – terraform plan -out https://terraformarchitect.com/terraform-basics/using-out-with-terraform-plan-terraform-plan-out/?utm_source=rss&utm_medium=rss&utm_campaign=using-out-with-terraform-plan-terraform-plan-out https://terraformarchitect.com/terraform-basics/using-out-with-terraform-plan-terraform-plan-out/#respond Sun, 18 Sep 2022 12:12:17 +0000 https://terraformarchitect.com/?p=260 This is a short post – always use the -out option. This saves the current plan – and will execute it exactly as saved (once you pass in the saved […]

The post Using -out with terraform plan – terraform plan -out appeared first on For all your terraform needs.

]]>
This is a short post – always use the -out option. This saves the current plan – and will execute it exactly as saved (once you pass in the saved plan to terraform apply).

 





Need an experienced Cloud Networking or a Cloud Data Protection Expert?  Anuj has successfully delivered over a dozen deployments on each of the public clouds (AWS/GCP/Azure) including several DevSecOps engagements. Set up a time with Anuj Varma.
 

 

 

 

The post Using -out with terraform plan – terraform plan -out appeared first on For all your terraform needs.

]]>
https://terraformarchitect.com/terraform-basics/using-out-with-terraform-plan-terraform-plan-out/feed/ 0
Data Block External Data – Querying External Resources in Terraform https://terraformarchitect.com/terraform-basics/data-block-external-data/?utm_source=rss&utm_medium=rss&utm_campaign=data-block-external-data https://terraformarchitect.com/terraform-basics/data-block-external-data/#comments Wed, 14 Sep 2022 16:38:32 +0000 https://terraformarchitect.com/?p=258 Retrieving External data Use either the data block or the terraform_remote_state block to retrieve external data. However, there are scenarios where the data block does not exist in the provider or terraform_remote_state cannot be used, such as […]

The post Data Block External Data – Querying External Resources in Terraform appeared first on For all your terraform needs.

]]>
Retrieving External data

Use either the data block or the terraform_remote_state block to retrieve external data.

However, there are scenarios where the data block does not exist in the provider or terraform_remote_state cannot be used, such as when we need to process with an external API or need to use a local tool and process its output.

# Read the JSON payload from stdin
$jsonpayload = [Console]::In.ReadLine()

# Convert JSON to a string
$json = ConvertFrom-Json $jsonpayload
$environment = $json.environment

if($environment -eq "Production"){
$location="westeurope"
}else{
$location="westus"
}

# Write output to stdout
Write-Output "{ ""location"" : ""$location""}"

Retrieving External data

data "external" "getlocation" {
program = ["Powershell.exe", "./GetLocation.ps1"]
query = {
environment = "${var.environment_name}"
  }
}

Summary

External data sources are extremely useful in terraform – the data ‘external’ is defined for just this use case.





Need an experienced Cloud Networking or a Cloud Data Protection Expert?  Anuj has successfully delivered over a dozen deployments on each of the public clouds (AWS/GCP/Azure) including several DevSecOps engagements. Set up a time with Anuj Varma. 

The post Data Block External Data – Querying External Resources in Terraform appeared first on For all your terraform needs.

]]>
https://terraformarchitect.com/terraform-basics/data-block-external-data/feed/ 1
Referencing outputs from one terraform file in another terraform file https://terraformarchitect.com/terraform-basics/referencing-outputs-from-one-terraform-file-in-another-terraform-file/?utm_source=rss&utm_medium=rss&utm_campaign=referencing-outputs-from-one-terraform-file-in-another-terraform-file https://terraformarchitect.com/terraform-basics/referencing-outputs-from-one-terraform-file-in-another-terraform-file/#respond Tue, 06 Sep 2022 16:21:28 +0000 https://terraformarchitect.com/?p=254 Split Configuration across multiple files You can (and should) split resources across multiple files (even folders, if you so desire). The entire deployment will have a single state file managing […]

The post Referencing outputs from one terraform file in another terraform file appeared first on For all your terraform needs.

]]>

Split Configuration across multiple files

You can (and should) split resources across multiple files (even folders, if you so desire). The entire deployment will have a single state file managing all the resources.

Accessing Resources across files 

When you split resources in such a way (e.g loadbalancer.tf and backend.tf), how do you actually access resources defined in one file from another?

All of this works, because these split configuration files are still part of a single module – the root module.

What if the configuration is split across modules?

You have two options here – simply use the module keyword to access any resources (or output values) in one module from another.

The second option is to use the statefile of the second module – and use IT as a data source! See the sample below:


Define output values in your first file
output “keyversion” {
  value = azurerm_key_vault_key.mykey.version
}

Define the state (state file) of the 1st file as a data source for the second file

data "terraform_remote_state" "firstfile_data" {
  backend = "local"

  config = {
    path = "../my_folders/terraform.tfstate"
  }
}
In your second file, you can retrieve the outputs
locals {
 keyversion = data.terraform_remote_state.firstfile_data.outputs.keyversion
}
Summary
That’s it. Using resources defined in one terraform file from another is easy. The trick is to either use the module keyword – or to use the state file of the first file to retrieve output values – to be used in the second file.

The post Referencing outputs from one terraform file in another terraform file appeared first on For all your terraform needs.

]]>
https://terraformarchitect.com/terraform-basics/referencing-outputs-from-one-terraform-file-in-another-terraform-file/feed/ 0
Terraform Basics https://terraformarchitect.com/terraform-basics/terraform-basics/?utm_source=rss&utm_medium=rss&utm_campaign=terraform-basics https://terraformarchitect.com/terraform-basics/terraform-basics/#respond Wed, 18 Aug 2021 18:14:40 +0000 https://terraformarchitect.com/?p=174 How do you apply to just a single resource? tf apply target How do you destroy without being prompted? terraform destroy --approval-true flag When would you use a null resource […]

The post Terraform Basics appeared first on For all your terraform needs.

]]>
How do you apply to just a single resource?

tf apply target

How do you destroy without being prompted?

terraform destroy --approval-true flag

When would you use a null resource in terraform?

To call an external script – e.g. to call  a provisioner script

resource "null_resource" "execfile" 
{ provisioner "local-scripts" 
  { command = "${path.module}/hello.sh" interpreter = ["/bin/bash"] 
  } 
}

Custom script from within a terraform module

What is the root module?

When you run Terraform commands directly from such a directory, it is considered the root module.

How do you plan before destroying?

terraform plan -destroy

How do you prevent a resource from being deleted by a subsequent tf script?

For resources that support it, the prevent_destroy attribute is what is needed.

What is Configuration management? How does it differ from provisioning?

Provisioning is Terraform. CM is tools such as Ansible and Jenkins which allow for actual VM configuration.They provide a consistent structure for folders, secrets etc. However, there is an overlap between these two areas. Mostly, you could use terraform (and some python) to do all your configuration management. user_data and Systems Manager in AWS or custom_script in GCP will allow

What is State File Locking?

State file locking is a mechanism in terraform where operation on a specific state file is blocked to avoid conflicts between multiple users performing the same operation.

The simplest workaround is to store the state in a remote bucket (s3 or cloud storage on gcp). See Multi Developer Terraform

How do you pass in a database password to a terraform resource?

TBD

How do you isolate the web tier from the database tier?

Separate Configuration Files and folders, so you can deploy the web tier independently of the db tier.

How do you prevent state file checkins?

In git, ensure you have a .gitignore that contains:

  •    .terraform (folder used as a scratch directory)
  •   .tfstate
  •   .tfstate.backup

How do you add a git repo as an origin for git?

git remote add origin git@github.com:USERNAME/REPONAME.git

What is the difference between git push and git commit?

commit is just to your branch.

git push pushes YOUR branch commits to the origin (so other team mates can access them).

Similarly, git pull pulls all the changes from the origin / master.

Count in Terraform

resource "ec2" instances
{
count = 3
name = ec2.${count.,index}
}

TF Lists and Indexing a List Element

element(LIST, INDEX)

Dynamic Data

Either returned from a data element or from the output of a created resource.

What is the null resource?

How do you ensure that a resource is deleted in TF?

What is a tainted resource in terraform?

When a resource declaration is modified, Terraform usually attempts to update the existing resource in place (although some changes can require destruction and re-creation, usually due to upstream API limitations).

In some cases, you might want a resource to be destroyed and re-created even when Terraform doesn’t think it’s necessary.

for example, a virtual machine that configures itself with cloud-init on startup might no longer meet your needs if the cloud-init configuration changes.

Why would you need to UNTAINT a TAINTED resource?

If Terraform currently considers a particular object as tainted but you’ve determined that it’s actually functioning correctly and need not be replaced, you can use terraform untaint to remove the taint marker from that object.

How do you pass the output of a module to another module?

  1. First, an output variable to be defined in a resource configuration. The scope is local and to the module.
  2. Now, you have to declare the output variable of module_A to be used in other module’s configuration. A brand new and latest key name should be created by you and the value should be kept equivalent to the module_A’s output variable.
  3. Now, for module_B you have to create a file variable.tf. Establish an input variable inside this file having exactly the same name as was in the key defined by you in module_B. In a module, this particular variable enables the resource’s dynamic configuration. For making this variable available to some other module also, replicate the process. This is because the particular variable established here have its scope restricted to module_B.

 

The post Terraform Basics appeared first on For all your terraform needs.

]]>
https://terraformarchitect.com/terraform-basics/terraform-basics/feed/ 0