Harnessing Terraform rich features (Part-1)

In this article we will deep dive into some of the rich features of Terraform which significantly distinguish with other IAAC tools and cloud agnostic.

Implicit Dependencies :-

• As the name suggests, these are automatically detected by Terraform.
• They arise from the relationships between resources defined in your configuration.
• For example, when you create an EC2 instance that relies on a VPC, Terraform automatically understands that the EC2 instance cannot be created until the VPC is available.

Explicit Dependencies:

• These are declared using the depends_on attribute.
• By explicitly stating dependencies, you make it clear that one resource relies on another before it can be created or updated.
• For an instance if any EC2 instance must not be created until the VPC is available , you can use depends_on to create the resources in correct order.

Example :-

resource "aws_vpc" "my_vpc" {
  # VPC configuration...
}

resource "aws_subnet" "my_subnet" {
  # Subnet configuration...
  vpc_id = aws_vpc.my_vpc.id
}

resource "aws_security_group" "web_sg" {
  # Security group configuration...
  vpc_id = aws_vpc.my_vpc.id
}

resource "aws_instance" "web_instance" {
  # EC2 instance configuration...
  subnet_id = aws_subnet.my_subnet.id
  vpc_security_group_ids = [aws_security_group.web_sg.id]
}        

In this example, the EC2 instance implicitly depends on the VPC and subnet. Terraform ensures that the VPC and subnet are created before attempting to create the EC2 instance.

Explicit Dependency: S3 Bucket and EC2 Instance

resource "aws_s3_bucket" "my_bucket" {
  # S3 bucket configuration...
}

resource "aws_instance" "my_instance" {
  # EC2 instance configuration...
  depends_on = [aws_s3_bucket.my_bucket]
}        

By using depends_on, you ensure that the EC2 instance waits for the S3 bucket to be created before proceeding.

Data Source:

• Advantage: Data sources allow you to fetch information about existing resources (e.g., cloud provider metadata, databases) and incorporate it into your configuration.
• Example: Retrieving details about an existing AWS security group using a data source .

data "aws_security_group" "existing_sg" {
  name = "my-existing-sg"
}        

Fetching Existing Resources:

• Advantage: Data sources allow you to retrieve information about entities not managed by the current Terraform configuration.
• Example: Suppose you’re creating an EC2 instance that needs to be part of an existing security group. You can use the aws_security_group data source to fetch details about that security group by its name .

data "aws_security_group" "existing_sg" {
  name = "my-existing-sg"
}

resource "aws_instance" "my_instance" {
  # EC2 instance configuration...
  vpc_security_group_ids = [data.aws_security_group.existing_sg.id]
}        

Dynamic Configuration:

• Advantage: Data sources allow you to dynamically configure resources based on real-world data.
• Example:Suppose you want to launch an EC2 instance with the latest available Amazon Machine Image (AMI) tagged as “web.” You can use the aws_ami data source to find the most recent AMI matching your criteria .

data "aws_ami" "latest_web_ami" {
  most_recent = true
  filter {
    name   = "tag:Name"
    values = ["web"]
  }
}

resource "aws_instance" "web_instance" {
  ami           = data.aws_ami.latest_web_ami.id
  instance_type = "t2.micro"
  # Other configuration...
}        

Keeping Configurations Up-to-Date:

• Advantage: Data sources help you stay current without manual intervention.
• Example: If you always want to use the latest AMI for your EC2 instances, use a data source to ensure your launch configuration remains up-to-date .

data "aws_ami" "latest_ami" {
  most_recent = true
  # Other filters...
}

resource "aws_instance" "my_instance" {
  ami           = data.aws_ami.latest_ami.id
  instance_type = "t2.micro"
  # Other configuration...
}        

Avoiding Hardcoding:

• Advantage: Data sources allow dynamic fetching instead of hardcoding resource IDs.
• Example:Instead of specifying a fixed subnet ID, fetch the correct subnet ID based on criteria (e.g., subnet name or tags) .

data "aws_subnet" "my_subnet" {
  filter {
    name   = "tag:Name"
    values = ["my-subnet-name"]
  }
}

resource "aws_instance" "my_instance" {
  subnet_id = data.aws_subnet.my_subnet.id
  # Other configuration...
}        

Centralizing Data Retrieval:

• Advantage: Organize data sources alongside the resources that reference them.
• Example: Fetch an image to be used in launching an instance and place the data source alongside the instance configuration .

data "aws_ami" "my_image" {
  # Filters to find the desired image...
}

resource "aws_instance" "my_instance" {
  ami           = data.aws_ami.my_image.id
  instance_type = "t2.micro"
  # Other configuration...
}        

Managing Many Resources Efficiently:

• Advantage: Simplify management when dealing with numerous resources.
• Example: If multiple instances need to reference the same existing security group, use a data source to avoid redundancy .

data "aws_security_group" "existing_sg" {
  name = "my-existing-sg"
}

resource "aws_instance" "web_instances" {
  count = 3
  vpc_security_group_ids = [data.aws_security_group.existing_sg.id]
  # Other configuration...
}