Kunal Singh's blog

Dynamic Operations in Terraform with Functions

Dynamic Operations in Terraform with Functions

Streamline Your Infrastructure Management: Learn How to Perform Dynamic Operations in Terraform with Functions

Kunal Singh's photo
Kunal Singh

Table of contents

Introduction

The Terraform configuration language allows you to write declarative expressions to create infrastructure. While the configuration language is not a programming language, you can use several built-in functions to perform operations dynamically.

In this blog, you will:

  • use the templatefile function to create an EC2 instance user data script dynamically.

  • use the lookup function to reference values from a map.

  • use the file function to read the contents of a file.

Prerequisites

You can complete this tutorial using the same workflow with Terraform OSS or Terraform Cloud. Terraform Cloud is a platform that you can use to manage and execute your Terraform projects. It includes features like remote state and execution, structured plan output, workspace resource summaries, and more.

I am using Terraform Cloud

Use templatefile to dynamically generate a script

AWS lets you configure EC2 instances to run a user-provided script -- called a user-data script -- at boot time. You can use Terraform's templatefile function to interpolate values into the script at resource creation time. This makes the script more adaptable and reusable.

The user_data.tftpl file, which will be the user data script for your EC2 instance. This template file is a shell script to configure and deploy an application. Notice the ${department} and ${name} references -- Terraform will interpolate these values using the templatefile function.

user_data.tftpl

Next, the variables.tf file. This file includes definitions for the user_name and user_department input variables, which the configuration uses to set the values for the corresponding template file keys.

variable.tf

Now main.tf. Add the user_data attribute to the aws_instance resource block as shown below. The templatefile function takes two arguments: the template file name and a map of template value assignments.

main.tf

save your changes.

Create infrastructure

For Terraform Cloud users: Open terraform.tf file and uncomment the cloud block. Replace the organization name with your own Terraform Cloud organization.

Initialize your configuration. Terraform will automatically create the learn-terraform-functions workspace in your Terraform Cloud organization.

Apply your configuration.

terraform apply -auto-approve

Terraform provisions your network configuration, instance, and provisioning script necessary to launch the example web app. Your web_public_address output in your terminal is the address of your web app instance. Navigate to that address in your web browser to verify your configuration.

Use lookup function to select AMI

The lookup function retrieves the value of a single element from a map, given its key.

Add the following configuration to your variables.tf file to declare a new input variable.

variable.tf

This input variable includes a default value of a map of region-specific AMI IDs for three regions.

Now, remove the data source for your AMI ID from main.tf

In aws_instance resource, update the ami attribute to use the lookup function.

The ami is a required attribute for the aws_instance resource, so the lookup function must return a valid value for Terraform to apply your configuration. The lookup function arguments are a map, the key to access the map, and an optional default value in case the key does not exist.

Next, add the following configuration for an ami_value output to your outputs.tf file. This output lets you verify the AMI returned by the lookup function.

Now run terraform plan to review the execution plan for these changes, using a command-line variable flag to set the region to us-east-2. The output now includes the selected AMI ID, which Terraforms determined using the lookup function.

terraform plan -var "aws_region=us-east-2"

Use the file function

Create an SSH key and a security group resource

Generate a new SSH key called ssh-key. The argument provided with the -f flag creates the key in the current directory and creates two files called ssh_key and ssh_key.pub. Change the placeholder email address to your email address.

ssh-keygen -C "kunalsingh.sep21@gmail.com" -f ssh_key

Add the following configuration to main.tf to create a new security group and AWS key pair.

In main.tf, add a new aws_security_group resource.

This configuration uses the file function to read the contents of a file to configure an SSH key pair. The file function does not interpolate values into file contents, you should only use it with files that do not need modification.

Next, edit your aws_instance.web resource to use the new security group and key pair.

main.tf

Apply your configuration to create the resources.

terraform apply

To confirm that your instance now accepts traffic on port 22, SSH into it from your terminal.

ssh ubuntu@$(terraform output -raw web_public_ip) -i ssh_key

Clean up resources

terraform destroy

If you used Terraform Cloud for this tutorial, after destroying your resources, delete the learn-terraform-functions workspace from your Terraform Cloud organization.

Thank you so much for taking your valuable time for reading.

I took the initiative to learn in public and share my work with others. I tried my level best in squeezing as much information as possible in the easiest manner. Hope you learned something new today :)

Any feedback for further improvement will be highly appreciated!

via GIPHY

Terraformterraform-cloudterraform-statefunctionsTerraform workspace