Terraform Modules and Beyond
Before starting this course, please go through the Terraform Constructs course. Now, it is time to learn about Terraform in depth
Here is the list of topics that will be covered .
Introduction to Nested Modules
Now, you are familiar with the modules. It's time to learn about nested modules
Nested Modules:
Let's see the file structure which you will be following for creating nested modules.
File Structure
In this topic, you will learn about nested modules depending on the below file structure.
| |____main.tf
| |_main.tf
| |_vars.tf
You will create three folders with names modules, virtual_network, and storage account.
First, let's create a storage account and virtual network.
Create a Storage Account
Create stoacct.tf file in the folder and write the code to create a storage account. You can get the storage account code from here and modify the parameters as required.
resource "azurerm_storage_account""storageacct"
name = "${var.name}"
resource_group_name = "${var.rg}"
location = "${var.loc}"
account_replication_type = "${var.account_replication}"
account_tier = "${var.account_tier}"
variable "rg" {
default = "user-wmle"
variable "loc" {
default = "eastus"
variable "name" {
default ="storagegh"
variable "account_replication" {
default = "LRS"
variable "account_tier" {
default = "Basic"
Create virtual network using terraform configuration as you have already learned them in terraform constructs course.
root module
main.tf file under checking_modules will look like this
module "vnet"
source = "../virtual_network"
name = "mymodvnet"
module "stoacct"
source = "../storage_account"
name = "mymodstorageaccount"
Now, append this file to the root module, and you can pass the parameters from the root module and create the required infrastructure.
Not only the parameters mentioned above, but you can also pass any parameter from root module to the child modules.
You can pass the parameters from the module to avoid the duplicity between them.
Terraform Module Registry
You know that HashiCorp terraform is a tool to build the infrastructure using consistent workflow.
HashiCorp Terraform Module Registry consists of templates that help in setting and running the infrastructure with verified community modules.
Terraform registry makes the work easy on how to deal with modules.
You can access the terraform module registry by clicking here.
There are two kinds of modules available in the terraform registry:
You can also contribute to the community by publishing your own modules by signing from Github.
Creating vnet and subnet using terraform module registry
You got a requirement to create a virtual network and subnet of azure using terraform. Instead of creating them on your own. you can clone the registry from GitHub and use them
Step: Go to Terraform Module Registry and click on browse verified.
Within minutes, virtual network and subnet are up and running.
You will learn how to pass the inputs to the modules in the following cards.
Terraform can read json files too. Save the files with .tf.json extension and run them.
In this topic, you are going to learn about:
Then how to maintain a state file? Terraform has a feature of backend which helps to solve this issue. Read further to know about the backend.
Backend in terraform explains how the state file is loaded and operations are executed.
Backend can get initialize only after running terraform init command.
So, terraform init is required to be run every time
terraform will auto-detect when the initialization is required and errors out in that situation.
Terraform cannot perform auto-initialize because it may require additional info from the user, to perform state migrations, etc..
Creating Backend
In this topic, you will learn how to create backend in azure using terraform.
You can get the code snippet to create backend from here.
Below are the steps which you will be maintaining for creating backend.
Proceed further to know how to create backend in azure using terraform
File Structure for Creating Backend
Below is the complete file structure for backend. You will create backend.tf in the end.
Note: It is not mandatory to create the files and folder with the same name you can give the names on your own
However, make sure that you are adding an extension of (.tf) terraform files. Because terraform loads only .tf files.
Proceed further to create a storage account and storage container in Azure.
storage account and storage container
Create stoacct.tf file in the folder and write the code to create a storage account. You can get the storage account code from here and modify the parameters as required.
resource "azurerm_storage_account" "storageaccount" {
name = "storageaccountname"
resource_group_name = "${var.resourcegroup}"
location = "${var.location}"
account_tier = "${var.accounttier}"
account_replication_type = "GRS"
tags {
environment = "staging"
You can do the same thing to create a storage container and get the code from here.
resource "azurerm_storage_container" "storagecontainer" {
name = "vhds"
resource_group_name = "${var.resourcegroup}"
storage_account_name = "${azurerm_storage_account.storageaccount.name}"
container_access_type = "private"
Modify the storage container and storage account parameters as per your requirement.
Creating vars.tf file
You will pass the variables from vars.tf file, and your variables.tf file will look somewhat like this
variable "resourcegroup"
default = "user-abcd"
variable "location"
default = "eastus"
variable "accounttier"
default = "Basic"
You can pass the variables in run time, and you can give the description of why it is used as shown above.
output.tf file
Here are some of the output parameters which you can get from the storage account and storage container.
output "storageacctname"
value = "${azurerm_storage_account.storageaccount.name}"
output "storageacctcontainer"
value = "${azurerm_storage_account.storagecontainer.name}"
output "access_key"
value = "${azurerm_storage_account.storageaccount.primary_access_key"
Not only them, but you can also get the output for other parameters too.
There may be sensitive parameters which should be shown only when running the terraform plan but not terraform apply.
output "sensitiveoutput" {
sensitive = true
value = VALUE
When you run terraform apply, the output is labeled as sensitive. If there is any sensitive information, then you can protect it by using a sensitive parameter.
terraform plan and terraform apply
Successfully, you have created a storage account and storage container. Now, it's time to create backend.
Before creating backend, run the command to get the storage account keys list(az storage account keys list --account-name storageacctname) and copy one of the key somewhere. It is useful for configuring the backend.
Points to Remember
Terragrunt is referred to as a thin wrapper for Terraform which provides extra tools to keep the terraform configurations DRY, manage remote state and to work with multiple terraform modules.
Below are the commands for terragrunt.
In the following cards, you will learn how to utilize remote state using Terragrunt.
In the previous topics, you have learned creating backend in Azure. Now let's learn how to store the state file in AWS.
In AWS, the state file is stored in amazon s3 bucket.
Even though the state file is stored in the remote backend, there is a problem that multiple users may modify the state file.
There is an open source tool called terragrunt, which manages the remote state automatically and provides locking with the help of Amazon DynamoDB.
Creating S3
The below code is used to configure the backend in AWS.
terraform {
backend "s3" {
bucket = "mybucket"
key = "my/keybucket"
region = "us-east-2"
In AWS, the above format is used to store the state file in S3 bucket. Now, you will learn how locking is achieved in the upcoming cards.
Now, install terragrunt, create a file with the name .terragrunt and fill it with your configuration values.
lock = {
backend = "dynamodb"
config {
state_file_id = "app-name"
remote_state = {
backend = "s3"
config {
encrypt = "true"
bucket = "mybucket"
key = "terraform.tfstate"
region = "us-east-2"
.terragrunt files follow the same syntax as HCL.
Running Files
Once the file is saved, you can run the commands related to terragrunt like terragrunt plan, terragrunt apply, and check how it is working.
Proceed further to know how it is performed in action.
terragrunt apply
> terragrunt apply
[terragrunt] Configuring remote state for the s3 backend
[terragrunt] Running command: terraform remote config
[terragrunt] Attempting to acquire lock in DynamoDB
[terragrunt] Attempting to create lock item table terragrunt_locks
[terragrunt] Lock acquired!
[terragrunt] Running command: terraform apply
terraform apply
aws_instance.example: Creating…
ami: “” => “ami-0d729a...”
instance_type: “” => “t2.mi...”
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
[terragrunt] Attempting to release lock
[terragrunt] Lock released!
From the above output, you can know that terragrunt automatically configures the remote backend as described in .terragrunt file.
It uses DynamoDB for locking purpose and then run terraform apply.
If any other person is already having a lock, terragrunt will wait until the lock is released to prevent race conditions.
Advantages of Using Terragrunt
Below are the advantages of using terragrunt:
service_name = "Fresco"
owner = "Team"
Here is an other example for you:
locals {
instance_ids = "${concat(aws_instance.blue.*.id, aws_instance.green.*.id)}"
You will learn what is the use of concat in the following cards.
When to Use Locals?
If a single value or a result is used in many places and it is likely to be changed in the future, then you can go with locals.
It is recommended to not use many local values because it makes the read configurations hard to the future maintainers.
Data Source
It combines two or more lists into a single list.
contains(list, element)
It returns true if the element is present in the list or else false.
E.g.: contains(var.list_of_strings, "an_element")
Terraform Concepts
In the following cards, you will learn how to create and work with workspaces.
Terraform Workspace Commands
Below are the commands related to Terraform in workspace.
Now, let's see something practical on how to create and use this workspace.
Creating Workspace
You can go to any terraform directory which you have created before and run the commands.
If you run below command, you will get the output as default. The * indicates the current directory.
terraform workspace list
Now, create a workspace with the name myworkspace by executing the below command.
terraform workspace new myworkspace
You can switch to the default workspace by terraform workspace select default.
Points to Remember
You cannot delete the default directory that throws an error.
You cannot delete your active workspace (the workspace in which you are currently working).
How Workspaces are Useful?
Suppose, you have multiple environments - development, staging and production. You want to create the infrastructure for all of them by using terraform workspaces.
Let's learn how.
terraform workspace new dev
After executing this command, a folder with name terraform.tfstate.d is created and in that dev subdirectory is created.
terraform workspace new prod
After executing this command, a subdirectory of name prod is created in terraform.tfstate.d.
You can configure the development environment in dev and production environment can be configured in prod.
For each environment separate state files are created.
Hands-on scenario
| |__main.tf
| |__providers.tf
provider "azurerm" { version = ">= 1.25, < 1.26" }
Run the commands 'terraform init' , 'terraform plan', and 'terraform apply' to configure the infrastructure.
provider "azurerm" { version = ">= 1.25, < 1.26" }
Note:Use variable names as given above. Two virtual networks should be up and running.
Launch azure CLI and install terraform using the below commands
sudo wget https://releases.hashicorp.com/terraform/0.11.10/terraform_0.11.10_linux_amd64.zip
sudo unzip terraform_0.11.10_linux_amd64.zip
sudo mv terraform /usr/local/bin/
terraform -version
Multiple Providers
Multiple Providers
The above picture represents some of the cloud providers.
Terraform manages multiple providers by making proper API calls to the respective cloud provider.
The image explains how terraform can manage multiple clouds.
In the previous card, you learned how to check official providers. You can get the official repositories of cloud providers from here.
Configuring Multiple Providers
Let's proceed and create configure multiple providers using terraform.
resource "aws_s3_bucket" "b" {
bucket = "my-tf-test-bucket-21"
acl = "private"
tags = {
Name = "My bucket test"
Environment = "Dev"
Creating awsmain.tf file
Creating azuremain.tf file
In this card, you will learn how to create storage account in Azure using Terraform.
resource "azurerm_storage_account""storageacct"
name = "storageacct21"
resource_group_name = "${var.rg}"
location = "${var.loc}"
account_replication_type = "LRS"
account_tier = "Standard"
You can get the format of how to create a storage account from here.
name - It indicates the name of the storage account.
resource_group_name and location- name of the resource group and location.
account_replication_type - Type of the account replication.
account_tier - Account tier type
output "account_tier"
value = "azurerm_storage_Account.storagecct.account_tier"
You can check the output by using terraform output command.
terraform plan and terraform apply
In the same way, you can configure multiple service providers and run them.
