Forem: Bhaskara teja Bulusu The latest articles on Forem by Bhaskara teja Bulusu (@bhaskara_tejabulusu_b4bf). https://forem.com/bhaskara_tejabulusu_b4bf https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3627862%2F71c75d80-9a16-4a6a-9a0a-202c79bc7fcf.png Forem: Bhaskara teja Bulusu https://forem.com/bhaskara_tejabulusu_b4bf en Day-15: VPC Peering using AWS Terraform Bhaskara teja Bulusu Thu, 11 Dec 2025 18:15:22 +0000 https://forem.com/bhaskara_tejabulusu_b4bf/day-15-vpc-peering-using-aws-terraform-2j75 https://forem.com/bhaskara_tejabulusu_b4bf/day-15-vpc-peering-using-aws-terraform-2j75 <h2> Day 15: VPC Peering with Terraform </h2> <h2> Introduction </h2> <p>Today, we're diving into one of the most powerful networking concepts in AWS: <strong>VPC Peering</strong>. This tutorial will guide you through creating a complete, production-ready setup that connects two VPCs across different AWS regions, enabling seamless communication between resources in geographically distributed environments.</p> <h2> What is VPC Peering? </h2> <p>VPC Peering is a networking connection between two Virtual Private Clouds that enables you to route traffic between them using private IP addresses. When implemented across regions, it becomes an invaluable tool for:</p> <ul> <li> <strong>Disaster Recovery</strong>: Distribute workloads across regions for high availability</li> <li> <strong>Low Latency Access</strong>: Route traffic directly between regions without internet gateways</li> <li> <strong>Data Replication</strong>: Securely replicate data between regional databases</li> <li> <strong>Global Applications</strong>: Build truly global applications with regional presence</li> </ul> <h2> Architecture Overview </h2> <p>Our infrastructure will consist of:</p> <ul> <li> <strong>Primary VPC</strong> in <code>us-east-1</code> (10.0.0.0/16)</li> <li> <strong>Secondary VPC</strong> in <code>us-west-1</code> (10.1.0.0/16)</li> <li>EC2 instances in both VPCs running Apache web servers</li> <li>Bi-directional VPC peering connection</li> <li>Security groups configured for cross-region communication</li> <li>Complete networking stack (subnets, route tables, internet gateways)</li> </ul> <h2> Step 1: Multi-Region Provider Configuration </h2> <p>The foundation of multi-region deployment lies in configuring multiple AWS provider aliases:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">terraform</span> <span class="p">{</span> <span class="nx">required_providers</span> <span class="p">{</span> <span class="nx">aws</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">version</span> <span class="p">=</span> <span class="s2">"~&gt;6.0"</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="nx">provider</span> <span class="s2">"aws"</span> <span class="p">{</span> <span class="nx">alias</span> <span class="p">=</span> <span class="s2">"primary"</span> <span class="nx">region</span> <span class="p">=</span> <span class="s2">"us-east-1"</span> <span class="p">}</span> <span class="nx">provider</span> <span class="s2">"aws"</span> <span class="p">{</span> <span class="nx">alias</span> <span class="p">=</span> <span class="s2">"secondary"</span> <span class="nx">region</span> <span class="p">=</span> <span class="s2">"us-west-1"</span> <span class="p">}</span> </code></pre> </div> <p><strong>Key Takeaway</strong>: Using provider aliases allows you to manage resources in multiple regions from a single Terraform configuration. Each resource references its target region using the <code>provider</code> argument.</p> <h2> Step 2: Defining Variables </h2> <p>We define our network configuration using variables for flexibility:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">variable</span> <span class="s2">"primary_region"</span> <span class="p">{</span> <span class="nx">type</span> <span class="p">=</span> <span class="nx">string</span> <span class="nx">default</span> <span class="p">=</span> <span class="s2">"us-east-1"</span> <span class="p">}</span> <span class="nx">variable</span> <span class="s2">"secondary_region"</span> <span class="p">{</span> <span class="nx">type</span> <span class="p">=</span> <span class="nx">string</span> <span class="nx">default</span> <span class="p">=</span> <span class="s2">"us-west-1"</span> <span class="p">}</span> <span class="nx">variable</span> <span class="s2">"primary_vpc_cidr"</span> <span class="p">{</span> <span class="nx">type</span> <span class="p">=</span> <span class="nx">string</span> <span class="nx">default</span> <span class="p">=</span> <span class="s2">"10.0.0.0/16"</span> <span class="p">}</span> <span class="nx">variable</span> <span class="s2">"secondary_vpc_cidr"</span> <span class="p">{</span> <span class="nx">type</span> <span class="p">=</span> <span class="nx">string</span> <span class="nx">default</span> <span class="p">=</span> <span class="s2">"10.1.0.0/16"</span> <span class="p">}</span> <span class="nx">variable</span> <span class="s2">"primary_sn_cidr"</span> <span class="p">{</span> <span class="nx">type</span> <span class="p">=</span> <span class="nx">string</span> <span class="nx">default</span> <span class="p">=</span> <span class="s2">"10.0.14.0/24"</span> <span class="p">}</span> <span class="nx">variable</span> <span class="s2">"secondary_sn_cidr"</span> <span class="p">{</span> <span class="nx">type</span> <span class="p">=</span> <span class="nx">string</span> <span class="nx">default</span> <span class="p">=</span> <span class="s2">"10.1.12.0/24"</span> <span class="p">}</span> </code></pre> </div> <p><strong>Pro Tip</strong>: Non-overlapping CIDR blocks are crucial for VPC peering. Our primary (10.0.x.x) and secondary (10.1.x.x) ranges ensure no conflicts.</p> <h2> Step 3: Data Sources for Dynamic Configuration </h2> <p>We use data sources to fetch the latest Ubuntu AMIs and available availability zones:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">data</span> <span class="s2">"aws_availability_zones"</span> <span class="s2">"primary"</span> <span class="p">{</span> <span class="nx">provider</span> <span class="p">=</span> <span class="nx">aws</span><span class="p">.</span><span class="nx">primary</span> <span class="nx">state</span> <span class="p">=</span> <span class="s2">"available"</span> <span class="p">}</span> <span class="nx">data</span> <span class="s2">"aws_availability_zones"</span> <span class="s2">"secondary"</span> <span class="p">{</span> <span class="nx">provider</span> <span class="p">=</span> <span class="nx">aws</span><span class="p">.</span><span class="nx">secondary</span> <span class="nx">state</span> <span class="p">=</span> <span class="s2">"available"</span> <span class="p">}</span> <span class="nx">data</span> <span class="s2">"aws_ami"</span> <span class="s2">"primary_ami"</span> <span class="p">{</span> <span class="nx">provider</span> <span class="p">=</span> <span class="nx">aws</span><span class="p">.</span><span class="nx">primary</span> <span class="nx">most_recent</span> <span class="p">=</span> <span class="kc">true</span> <span class="nx">owners</span> <span class="p">=</span> <span class="p">[</span> <span class="s2">"amazon"</span> <span class="p">]</span> <span class="nx">filter</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"name"</span> <span class="nx">values</span> <span class="p">=</span> <span class="p">[</span> <span class="s2">"ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*"</span> <span class="p">]</span> <span class="p">}</span> <span class="p">}</span> <span class="nx">data</span> <span class="s2">"aws_ami"</span> <span class="s2">"secondary_ami"</span> <span class="p">{</span> <span class="nx">provider</span> <span class="p">=</span> <span class="nx">aws</span><span class="p">.</span><span class="nx">secondary</span> <span class="nx">most_recent</span> <span class="p">=</span> <span class="kc">true</span> <span class="nx">owners</span> <span class="p">=</span> <span class="p">[</span> <span class="s2">"amazon"</span> <span class="p">]</span> <span class="nx">filter</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"name"</span> <span class="nx">values</span> <span class="p">=</span> <span class="p">[</span> <span class="s2">"ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*"</span> <span class="p">]</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p><strong>Why Data Sources?</strong> Instead of hardcoding AMI IDs (which vary by region), we dynamically query for the latest Ubuntu 22.04 image in each region.</p> <h2> Step 4: Creating VPCs in Multiple Regions </h2> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="c1">// Primary VPC</span> <span class="nx">resource</span> <span class="s2">"aws_vpc"</span> <span class="s2">"primary_vpc"</span> <span class="p">{</span> <span class="nx">provider</span> <span class="p">=</span> <span class="nx">aws</span><span class="p">.</span><span class="nx">primary</span> <span class="nx">cidr_block</span> <span class="p">=</span> <span class="nx">var</span><span class="p">.</span><span class="nx">primary_vpc_cidr</span> <span class="nx">enable_dns_hostnames</span> <span class="p">=</span> <span class="kc">true</span> <span class="nx">enable_dns_support</span> <span class="p">=</span> <span class="kc">true</span> <span class="nx">tags</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">Name</span> <span class="p">=</span> <span class="s2">"VPC"</span> <span class="nx">type</span> <span class="p">=</span> <span class="s2">"Primary"</span> <span class="p">}</span> <span class="p">}</span> <span class="c1">// Secondary VPC</span> <span class="nx">resource</span> <span class="s2">"aws_vpc"</span> <span class="s2">"secondary_vpc"</span> <span class="p">{</span> <span class="nx">provider</span> <span class="p">=</span> <span class="nx">aws</span><span class="p">.</span><span class="nx">secondary</span> <span class="nx">cidr_block</span> <span class="p">=</span> <span class="nx">var</span><span class="p">.</span><span class="nx">secondary_vpc_cidr</span> <span class="nx">instance_tenancy</span> <span class="p">=</span> <span class="s2">"default"</span> <span class="nx">enable_dns_hostnames</span> <span class="p">=</span> <span class="kc">true</span> <span class="nx">enable_dns_support</span> <span class="p">=</span> <span class="kc">true</span> <span class="nx">tags</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">Name</span> <span class="p">=</span> <span class="s2">"VPC"</span> <span class="nx">type</span> <span class="p">=</span> <span class="s2">"Secondary"</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p><strong>Important</strong>: Both VPCs have DNS support enabled, which is essential for resources within the VPC to resolve domain names.</p> <h2> Step 5: Network Infrastructure </h2> <h3> Subnets </h3> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="c1">// Subnet in Primary VPC</span> <span class="nx">resource</span> <span class="s2">"aws_subnet"</span> <span class="s2">"primary_sn"</span> <span class="p">{</span> <span class="nx">provider</span> <span class="p">=</span> <span class="nx">aws</span><span class="p">.</span><span class="nx">primary</span> <span class="nx">vpc_id</span> <span class="p">=</span> <span class="nx">aws_vpc</span><span class="p">.</span><span class="nx">primary_vpc</span><span class="p">.</span><span class="nx">id</span> <span class="nx">cidr_block</span> <span class="p">=</span> <span class="nx">var</span><span class="p">.</span><span class="nx">primary_sn_cidr</span> <span class="nx">map_public_ip_on_launch</span> <span class="p">=</span> <span class="kc">true</span> <span class="nx">availability_zone</span> <span class="p">=</span> <span class="nx">data</span><span class="p">.</span><span class="nx">aws_availability_zones</span><span class="p">.</span><span class="nx">primary</span><span class="p">.</span><span class="nx">names</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span> <span class="nx">tags</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">Name</span> <span class="p">=</span> <span class="s2">"Primary subnet"</span> <span class="p">}</span> <span class="p">}</span> <span class="c1">// Subnet in Secondary VPC</span> <span class="nx">resource</span> <span class="s2">"aws_subnet"</span> <span class="s2">"secondary_sn"</span> <span class="p">{</span> <span class="nx">provider</span> <span class="p">=</span> <span class="nx">aws</span><span class="p">.</span><span class="nx">secondary</span> <span class="nx">vpc_id</span> <span class="p">=</span> <span class="nx">aws_vpc</span><span class="p">.</span><span class="nx">secondary_vpc</span><span class="p">.</span><span class="nx">id</span> <span class="nx">cidr_block</span> <span class="p">=</span> <span class="nx">var</span><span class="p">.</span><span class="nx">secondary_sn_cidr</span> <span class="nx">map_public_ip_on_launch</span> <span class="p">=</span> <span class="kc">true</span> <span class="nx">availability_zone</span> <span class="p">=</span> <span class="nx">data</span><span class="p">.</span><span class="nx">aws_availability_zones</span><span class="p">.</span><span class="nx">secondary</span><span class="p">.</span><span class="nx">names</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span> <span class="nx">tags</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">Name</span> <span class="p">=</span> <span class="s2">"Secondary subnet"</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> Internet Gateways </h3> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="c1">// IGW for primary VPC</span> <span class="nx">resource</span> <span class="s2">"aws_internet_gateway"</span> <span class="s2">"primary_igw"</span> <span class="p">{</span> <span class="nx">provider</span> <span class="p">=</span> <span class="nx">aws</span><span class="p">.</span><span class="nx">primary</span> <span class="nx">vpc_id</span> <span class="p">=</span> <span class="nx">aws_vpc</span><span class="p">.</span><span class="nx">primary_vpc</span><span class="p">.</span><span class="nx">id</span> <span class="nx">tags</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">Name</span> <span class="p">=</span> <span class="s2">"Primary IGW"</span> <span class="p">}</span> <span class="p">}</span> <span class="c1">// IGW for secondary VPC</span> <span class="nx">resource</span> <span class="s2">"aws_internet_gateway"</span> <span class="s2">"secondary_igw"</span> <span class="p">{</span> <span class="nx">provider</span> <span class="p">=</span> <span class="nx">aws</span><span class="p">.</span><span class="nx">secondary</span> <span class="nx">vpc_id</span> <span class="p">=</span> <span class="nx">aws_vpc</span><span class="p">.</span><span class="nx">secondary_vpc</span><span class="p">.</span><span class="nx">id</span> <span class="nx">tags</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">Name</span> <span class="p">=</span> <span class="s2">"Secondary IGW"</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> Route Tables </h3> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="c1">// Route table for primary VPC</span> <span class="nx">resource</span> <span class="s2">"aws_route_table"</span> <span class="s2">"primary_rt"</span> <span class="p">{</span> <span class="nx">provider</span> <span class="p">=</span> <span class="nx">aws</span><span class="p">.</span><span class="nx">primary</span> <span class="nx">vpc_id</span> <span class="p">=</span> <span class="nx">aws_vpc</span><span class="p">.</span><span class="nx">primary_vpc</span><span class="p">.</span><span class="nx">id</span> <span class="nx">route</span> <span class="p">{</span> <span class="nx">cidr_block</span> <span class="p">=</span> <span class="s2">"0.0.0.0/0"</span> <span class="nx">gateway_id</span> <span class="p">=</span> <span class="nx">aws_internet_gateway</span><span class="p">.</span><span class="nx">primary_igw</span><span class="p">.</span><span class="nx">id</span> <span class="p">}</span> <span class="nx">tags</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">Name</span> <span class="p">=</span> <span class="s2">"Primary VPC Route Table"</span> <span class="p">}</span> <span class="p">}</span> <span class="c1">// Route table for secondary VPC</span> <span class="nx">resource</span> <span class="s2">"aws_route_table"</span> <span class="s2">"secondary_rt"</span> <span class="p">{</span> <span class="nx">provider</span> <span class="p">=</span> <span class="nx">aws</span><span class="p">.</span><span class="nx">secondary</span> <span class="nx">vpc_id</span> <span class="p">=</span> <span class="nx">aws_vpc</span><span class="p">.</span><span class="nx">secondary_vpc</span><span class="p">.</span><span class="nx">id</span> <span class="nx">route</span> <span class="p">{</span> <span class="nx">cidr_block</span> <span class="p">=</span> <span class="s2">"0.0.0.0/0"</span> <span class="nx">gateway_id</span> <span class="p">=</span> <span class="nx">aws_internet_gateway</span><span class="p">.</span><span class="nx">secondary_igw</span><span class="p">.</span><span class="nx">id</span> <span class="p">}</span> <span class="nx">tags</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">Name</span> <span class="p">=</span> <span class="s2">"Secondary VPC Route Table"</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h2> Step 6: The Heart of It - VPC Peering </h2> <p>This is where the magic happens! Creating a cross-region VPC peering connection involves two steps:</p> <h3> 1. Creating the Peering Connection (Requester) </h3> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">resource</span> <span class="s2">"aws_vpc_peering_connection"</span> <span class="s2">"primary_to_secondary"</span> <span class="p">{</span> <span class="nx">provider</span> <span class="p">=</span> <span class="nx">aws</span><span class="p">.</span><span class="nx">primary</span> <span class="nx">vpc_id</span> <span class="p">=</span> <span class="nx">aws_vpc</span><span class="p">.</span><span class="nx">primary_vpc</span><span class="p">.</span><span class="nx">id</span> <span class="nx">peer_vpc_id</span> <span class="p">=</span> <span class="nx">aws_vpc</span><span class="p">.</span><span class="nx">secondary_vpc</span><span class="p">.</span><span class="nx">id</span> <span class="nx">peer_region</span> <span class="p">=</span> <span class="nx">var</span><span class="p">.</span><span class="nx">secondary_region</span> <span class="nx">auto_accept</span> <span class="p">=</span> <span class="kc">false</span> <span class="nx">tags</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">Name</span> <span class="p">=</span> <span class="s2">"Primary to secondary peering"</span> <span class="nx">Side</span> <span class="p">=</span> <span class="s2">"Requestor"</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> 2. Accepting the Peering Connection (Acceptor) </h3> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">resource</span> <span class="s2">"aws_vpc_peering_connection_accepter"</span> <span class="s2">"secondary_vpc_accepter"</span> <span class="p">{</span> <span class="nx">provider</span> <span class="p">=</span> <span class="nx">aws</span><span class="p">.</span><span class="nx">secondary</span> <span class="nx">vpc_peering_connection_id</span> <span class="p">=</span> <span class="nx">aws_vpc_peering_connection</span><span class="p">.</span><span class="nx">primary_to_secondary</span><span class="p">.</span><span class="nx">id</span> <span class="nx">auto_accept</span> <span class="p">=</span> <span class="kc">true</span> <span class="nx">tags</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">Side</span> <span class="p">=</span> <span class="s2">"Accepter"</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p><strong>Critical Note</strong>: For cross-region peering, you must set <code>auto_accept = false</code> on the requester and use the <code>aws_vpc_peering_connection_accepter</code> resource in the target region.</p> <h3> 3. Updating Route Tables </h3> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="c1">// Route from primary to secondary</span> <span class="nx">resource</span> <span class="s2">"aws_route"</span> <span class="s2">"primary_to_secondary"</span> <span class="p">{</span> <span class="nx">provider</span> <span class="p">=</span> <span class="nx">aws</span><span class="p">.</span><span class="nx">primary</span> <span class="nx">route_table_id</span> <span class="p">=</span> <span class="nx">aws_route_table</span><span class="p">.</span><span class="nx">primary_rt</span><span class="p">.</span><span class="nx">id</span> <span class="nx">destination_cidr_block</span> <span class="p">=</span> <span class="nx">aws_vpc</span><span class="p">.</span><span class="nx">secondary_vpc</span><span class="p">.</span><span class="nx">cidr_block</span> <span class="nx">vpc_peering_connection_id</span> <span class="p">=</span> <span class="nx">aws_vpc_peering_connection</span><span class="p">.</span><span class="nx">primary_to_secondary</span><span class="p">.</span><span class="nx">id</span> <span class="nx">depends_on</span> <span class="p">=</span> <span class="p">[</span><span class="nx">aws_vpc_peering_connection_accepter</span><span class="p">.</span><span class="nx">secondary_vpc_accepter</span><span class="p">]</span> <span class="p">}</span> <span class="c1">// Route from secondary to primary</span> <span class="nx">resource</span> <span class="s2">"aws_route"</span> <span class="s2">"secondary_to_primary"</span> <span class="p">{</span> <span class="nx">provider</span> <span class="p">=</span> <span class="nx">aws</span><span class="p">.</span><span class="nx">secondary</span> <span class="nx">route_table_id</span> <span class="p">=</span> <span class="nx">aws_route_table</span><span class="p">.</span><span class="nx">secondary_rt</span><span class="p">.</span><span class="nx">id</span> <span class="nx">destination_cidr_block</span> <span class="p">=</span> <span class="nx">aws_vpc</span><span class="p">.</span><span class="nx">primary_vpc</span><span class="p">.</span><span class="nx">cidr_block</span> <span class="nx">vpc_peering_connection_id</span> <span class="p">=</span> <span class="nx">aws_vpc_peering_connection</span><span class="p">.</span><span class="nx">primary_to_secondary</span><span class="p">.</span><span class="nx">id</span> <span class="nx">depends_on</span> <span class="p">=</span> <span class="p">[</span><span class="nx">aws_vpc_peering_connection_accepter</span><span class="p">.</span><span class="nx">secondary_vpc_accepter</span><span class="p">]</span> <span class="p">}</span> </code></pre> </div> <p><strong>Essential</strong>: The <code>depends_on</code> ensures routes are only created after the peering connection is accepted.</p> <h2> Step 7: Security Groups for Cross-Region Traffic </h2> <p>Security groups control the traffic flow between our regions:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="c1">// Primary VPC Security Group</span> <span class="nx">resource</span> <span class="s2">"aws_security_group"</span> <span class="s2">"primary_sg"</span> <span class="p">{</span> <span class="nx">provider</span> <span class="p">=</span> <span class="nx">aws</span><span class="p">.</span><span class="nx">primary</span> <span class="nx">vpc_id</span> <span class="p">=</span> <span class="nx">aws_vpc</span><span class="p">.</span><span class="nx">primary_vpc</span><span class="p">.</span><span class="nx">id</span> <span class="nx">ingress</span> <span class="p">{</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"SSH from anywhere"</span> <span class="nx">from_port</span> <span class="p">=</span> <span class="mi">22</span> <span class="nx">to_port</span> <span class="p">=</span> <span class="mi">22</span> <span class="nx">protocol</span> <span class="p">=</span> <span class="s2">"tcp"</span> <span class="nx">cidr_blocks</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"0.0.0.0/0"</span><span class="p">]</span> <span class="p">}</span> <span class="nx">ingress</span> <span class="p">{</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"Allow traffic from secondary vpc"</span> <span class="nx">from_port</span> <span class="p">=</span> <span class="mi">0</span> <span class="nx">to_port</span> <span class="p">=</span> <span class="mi">65535</span> <span class="nx">protocol</span> <span class="p">=</span> <span class="s2">"tcp"</span> <span class="nx">cidr_blocks</span> <span class="p">=</span> <span class="p">[</span><span class="nx">var</span><span class="p">.</span><span class="nx">primary_vpc_cidr</span><span class="p">]</span> <span class="p">}</span> <span class="nx">ingress</span> <span class="p">{</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"allow icmp from secondary vpc"</span> <span class="nx">from_port</span> <span class="p">=</span> <span class="nx">-1</span> <span class="nx">to_port</span> <span class="p">=</span> <span class="nx">-1</span> <span class="nx">cidr_blocks</span> <span class="p">=</span> <span class="p">[</span><span class="nx">var</span><span class="p">.</span><span class="nx">secondary_vpc_cidr</span><span class="p">]</span> <span class="nx">protocol</span> <span class="p">=</span> <span class="s2">"icmp"</span> <span class="p">}</span> <span class="nx">egress</span> <span class="p">{</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"allow all outbound traffic"</span> <span class="nx">from_port</span> <span class="p">=</span> <span class="mi">0</span> <span class="nx">to_port</span> <span class="p">=</span> <span class="mi">0</span> <span class="nx">cidr_blocks</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"0.0.0.0/0"</span><span class="p">]</span> <span class="nx">protocol</span> <span class="p">=</span> <span class="s2">"-1"</span> <span class="p">}</span> <span class="nx">tags</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">Name</span> <span class="p">=</span> <span class="s2">"Primary SG"</span> <span class="p">}</span> <span class="p">}</span> <span class="c1">// Secondary VPC Security Group</span> <span class="nx">resource</span> <span class="s2">"aws_security_group"</span> <span class="s2">"secondary_sg"</span> <span class="p">{</span> <span class="nx">provider</span> <span class="p">=</span> <span class="nx">aws</span><span class="p">.</span><span class="nx">secondary</span> <span class="nx">vpc_id</span> <span class="p">=</span> <span class="nx">aws_vpc</span><span class="p">.</span><span class="nx">secondary_vpc</span><span class="p">.</span><span class="nx">id</span> <span class="nx">ingress</span> <span class="p">{</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"allow ssh from anywhere"</span> <span class="nx">from_port</span> <span class="p">=</span> <span class="mi">22</span> <span class="nx">to_port</span> <span class="p">=</span> <span class="mi">22</span> <span class="nx">protocol</span> <span class="p">=</span> <span class="s2">"tcp"</span> <span class="nx">cidr_blocks</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"0.0.0.0/0"</span><span class="p">]</span> <span class="p">}</span> <span class="nx">ingress</span> <span class="p">{</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"allow all traffic from primary vpc"</span> <span class="nx">from_port</span> <span class="p">=</span> <span class="mi">0</span> <span class="nx">to_port</span> <span class="p">=</span> <span class="mi">65535</span> <span class="nx">protocol</span> <span class="p">=</span> <span class="s2">"tcp"</span> <span class="nx">cidr_blocks</span> <span class="p">=</span> <span class="p">[</span><span class="nx">var</span><span class="p">.</span><span class="nx">primary_vpc_cidr</span><span class="p">]</span> <span class="p">}</span> <span class="nx">ingress</span> <span class="p">{</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"allow ICMP from primary"</span> <span class="nx">from_port</span> <span class="p">=</span> <span class="nx">-1</span> <span class="nx">to_port</span> <span class="p">=</span> <span class="nx">-1</span> <span class="nx">protocol</span> <span class="p">=</span> <span class="s2">"icmp"</span> <span class="nx">cidr_blocks</span> <span class="p">=</span> <span class="p">[</span><span class="nx">var</span><span class="p">.</span><span class="nx">primary_vpc_cidr</span><span class="p">]</span> <span class="p">}</span> <span class="nx">egress</span> <span class="p">{</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"allow all outbound traffic"</span> <span class="nx">from_port</span> <span class="p">=</span> <span class="mi">0</span> <span class="nx">to_port</span> <span class="p">=</span> <span class="mi">0</span> <span class="nx">protocol</span> <span class="p">=</span> <span class="s2">"-1"</span> <span class="nx">cidr_blocks</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"0.0.0.0/0"</span><span class="p">]</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p><strong>Security Best Practice</strong>: Notice how we allow ICMP (ping) between VPCs for connectivity testing and all TCP traffic between the VPC CIDR ranges.</p> <h2> Step 8: EC2 Instances with User Data </h2> <h3> Local Values for User Data </h3> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">locals</span> <span class="p">{</span> <span class="nx">primary_user_data</span> <span class="p">=</span> <span class="o">&lt;&lt;-</span><span class="no">EOF</span><span class="sh"> #!/bin/bash # Update packages apt-get update -y # Install Apache apt-get install apache2 -y # Start Apache systemctl start apache2 systemctl enable apache2 # Create a sample HTML page echo "&lt;h1&gt;Hello from Terraform EC2 Local Variable!&lt;/h1&gt;" &gt; /var/www/html/index.html </span><span class="no"> EOF </span> <span class="nx">secondary_user_data</span> <span class="p">=</span> <span class="o">&lt;&lt;-</span><span class="no">EOF</span><span class="sh"> #!/bin/bash # Update packages apt-get update -y # Install Apache apt-get install apache2 -y # Start Apache systemctl start apache2 systemctl enable apache2 # Create a sample HTML page echo "&lt;h1&gt;Hello from Terraform EC2 Local Variable!&lt;/h1&gt;" &gt; /var/www/html/index.html </span><span class="no"> EOF </span><span class="p">}</span> </code></pre> </div> <h3> EC2 Instances </h3> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="c1">// EC2 instance in primary region</span> <span class="nx">resource</span> <span class="s2">"aws_instance"</span> <span class="s2">"primary_instance"</span> <span class="p">{</span> <span class="nx">provider</span> <span class="p">=</span> <span class="nx">aws</span><span class="p">.</span><span class="nx">primary</span> <span class="nx">ami</span> <span class="p">=</span> <span class="nx">data</span><span class="p">.</span><span class="nx">aws_ami</span><span class="p">.</span><span class="nx">primary_ami</span><span class="p">.</span><span class="nx">id</span> <span class="nx">instance_type</span> <span class="p">=</span> <span class="s2">"t3.micro"</span> <span class="nx">count</span> <span class="p">=</span> <span class="mi">1</span> <span class="nx">subnet_id</span> <span class="p">=</span> <span class="nx">aws_subnet</span><span class="p">.</span><span class="nx">primary_sn</span><span class="p">.</span><span class="nx">id</span> <span class="nx">key_name</span> <span class="p">=</span> <span class="nx">var</span><span class="p">.</span><span class="nx">primary_key_pair</span> <span class="nx">security_groups</span> <span class="p">=</span> <span class="p">[</span> <span class="nx">aws_security_group</span><span class="p">.</span><span class="nx">primary_sg</span><span class="p">.</span><span class="nx">id</span> <span class="p">]</span> <span class="nx">user_data</span> <span class="p">=</span> <span class="nx">local</span><span class="p">.</span><span class="nx">primary_user_data</span> <span class="nx">tags</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">Name</span> <span class="p">=</span> <span class="s2">"Primary Instance"</span> <span class="p">}</span> <span class="p">}</span> <span class="c1">// EC2 instance in secondary region</span> <span class="nx">resource</span> <span class="s2">"aws_instance"</span> <span class="s2">"secondary_instance"</span> <span class="p">{</span> <span class="nx">provider</span> <span class="p">=</span> <span class="nx">aws</span><span class="p">.</span><span class="nx">secondary</span> <span class="nx">ami</span> <span class="p">=</span> <span class="nx">data</span><span class="p">.</span><span class="nx">aws_ami</span><span class="p">.</span><span class="nx">secondary_ami</span><span class="p">.</span><span class="nx">id</span> <span class="nx">count</span> <span class="p">=</span> <span class="mi">1</span> <span class="nx">instance_type</span> <span class="p">=</span> <span class="s2">"t3.micro"</span> <span class="nx">key_name</span> <span class="p">=</span> <span class="nx">var</span><span class="p">.</span><span class="nx">secondary_key_pair</span> <span class="nx">subnet_id</span> <span class="p">=</span> <span class="nx">aws_subnet</span><span class="p">.</span><span class="nx">secondary_sn</span><span class="p">.</span><span class="nx">id</span> <span class="nx">security_groups</span> <span class="p">=</span> <span class="p">[</span><span class="nx">aws_security_group</span><span class="p">.</span><span class="nx">secondary_sg</span><span class="p">.</span><span class="nx">id</span><span class="p">]</span> <span class="nx">user_data</span> <span class="p">=</span> <span class="nx">local</span><span class="p">.</span><span class="nx">secondary_user_data</span> <span class="nx">tags</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">Name</span> <span class="p">=</span> <span class="s2">"Secondary Instance"</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h2> Deployment Steps </h2> <h3> 1. Initialize Terraform </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>terraform init </code></pre> </div> <p>This downloads the AWS provider and initializes the backend.</p> <h3> 2. Review the Execution Plan </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>terraform plan </code></pre> </div> <p>This shows you exactly what resources Terraform will create across both regions.</p> <h3> 3. Apply the Configuration </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>terraform apply </code></pre> </div> <p>Type <code>yes</code> when prompted. Terraform will create approximately 20+ resources across two AWS regions!</p> <h3> 4. Verify the Deployment </h3> <p>After successful deployment, you can:</p> <ol> <li> <strong>Test connectivity via SSH</strong>: Connect to instances in both regions</li> <li> <strong>Test VPC peering</strong>: Ping the private IP of one instance from the other</li> <li> <strong>Test web server</strong>: Access Apache on both instances via their public IPs</li> </ol> <h2> Testing Cross-Region Connectivity </h2> <p>Once deployed, SSH into the primary instance and try pinging the secondary instance's private IP:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># From primary instance</span> ping &lt;secondary-instance-private-ip&gt; </code></pre> </div> <p>You should see successful responses, proving the VPC peering is working!</p> <p>To avoid ongoing charges, destroy the infrastructure when done:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>terraform destroy </code></pre> </div> <h2> Conclusion </h2> <p>Congratulations! You've successfully built a multi-region infrastructure with VPC peering using Terraform. This architecture pattern is foundational for enterprise-grade AWS deployments requiring high availability, disaster recovery, and global reach.</p> <p>The power of Infrastructure as Code truly shines when managing complex, multi-region setups like this. What would take hours of manual clicking in the AWS console is now reproducible, version-controlled, and automated!</p> <h2> Next Steps </h2> <ul> <li>Experiment with adding more subnets and availability zones</li> <li>Implement Transit Gateway for hub-and-spoke topology</li> <li>Add VPC Flow Logs for network monitoring</li> <li>Configure AWS PrivateLink for service-to-service communication</li> <li>Implement cross-region load balancing</li> </ul> <p><a class="mentioned-user" href="https://dev.to/piyushsachdeva">@piyushsachdeva</a> </p> <p><a href="https://youtu.be/WGt000THDmQ?si=mBJ36uPnPvBAISii" rel="noopener noreferrer">https://youtu.be/WGt000THDmQ?si=mBJ36uPnPvBAISii</a></p> 30daysofawsterraform aws terraform Day-14: Project - Deploying a Static website using Terraform Bhaskara teja Bulusu Tue, 09 Dec 2025 08:39:49 +0000 https://forem.com/bhaskara_tejabulusu_b4bf/day-14-project-deploying-a-static-website-using-terraform-pjd https://forem.com/bhaskara_tejabulusu_b4bf/day-14-project-deploying-a-static-website-using-terraform-pjd <h2> Project - Deploy a Static Website with AWS S3 and CloudFront using Terraform </h2> <h3> Objective </h3> <p>Deploy a static website using AWS S3 for storage and CloudFront for content delivery.</p> <h3> Architecture Diagram </h3> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fst0ts6dth2idooguwvyk.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fst0ts6dth2idooguwvyk.png" alt=" "></a></p> <h3> Prerequisites </h3> <ul> <li>Basic knowledge of Terraform</li> <li>AWS account with necessary permissions</li> <li>Terraform installed on your local machine</li> <li>AWS CLI configured with your credentials</li> </ul> <h3> Steps </h3> <ol> <li> <strong>Set Up Your Terraform Configuration</strong> <ul> <li>Create a new directory for your project and navigate into it.</li> <li>Create a <code>main.tf</code> file to define your Terraform configuration.</li> </ul> </li> <li> <strong>Define the AWS Provider</strong> </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code> <span class="nx">provider</span> <span class="s2">"aws"</span> <span class="p">{</span> <span class="nx">region</span> <span class="p">=</span> <span class="s2">"us-east-1"</span> <span class="c1"># Change to your preferred region</span> <span class="p">}</span> </code></pre> </div> <ol> <li> <strong>Create variables.tf</strong> </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code> <span class="nx">variable</span> <span class="s2">"bucket_name"</span> <span class="p">{</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"The name of the S3 bucket to create"</span> <span class="nx">type</span> <span class="p">=</span> <span class="nx">string</span> <span class="p">}</span> </code></pre> </div> <ol> <li> <strong>Create an S3 Bucket</strong> </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code> <span class="nx">resource</span> <span class="s2">"aws_s3_bucket"</span> <span class="s2">"static_website"</span> <span class="p">{</span> <span class="nx">bucket</span> <span class="p">=</span> <span class="nx">var</span><span class="p">.</span><span class="nx">bucket_name</span> <span class="c1"># Change to a unique bucket name</span> <span class="p">}</span> </code></pre> </div> <ol> <li> <strong>Make the Bucket Private</strong> make the bucket private by blocking all public access </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code> <span class="c1">// Block all public access to the S3 bucket.</span> <span class="nx">resource</span> <span class="s2">"aws_s3_bucket_public_access_block"</span> <span class="s2">"block_public_access"</span> <span class="p">{</span> <span class="nx">bucket</span> <span class="p">=</span> <span class="nx">aws_s3_bucket</span><span class="p">.</span><span class="nx">static_website</span><span class="p">.</span><span class="nx">id</span> <span class="nx">block_public_acls</span> <span class="p">=</span> <span class="kc">true</span> <span class="nx">block_public_policy</span> <span class="p">=</span> <span class="kc">true</span> <span class="nx">ignore_public_acls</span> <span class="p">=</span> <span class="kc">true</span> <span class="nx">restrict_public_buckets</span> <span class="p">=</span> <span class="kc">true</span> <span class="p">}</span> </code></pre> </div> <ol> <li> <strong>Create a Bucket Policy to Allow Access from CloudFront</strong> </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code> <span class="c1">// main.tf</span> <span class="c1">// Add bucket policy to allow access from another CloudFront </span> <span class="nx">resource</span> <span class="s2">"aws_s3_bucket_policy"</span> <span class="s2">"allow_access_from_another_account"</span> <span class="p">{</span> <span class="nx">bucket</span> <span class="p">=</span> <span class="nx">aws_s3_bucket</span><span class="p">.</span><span class="nx">static_bucket</span><span class="p">.</span><span class="nx">id</span> <span class="c1">// implicit dependency on S3 bucket</span> <span class="nx">depends_on</span> <span class="p">=</span> <span class="p">[</span><span class="nx">aws_s3_bucket_public_access_block</span><span class="p">.</span><span class="nx">block_public_access</span><span class="p">]</span> <span class="nx">policy</span> <span class="p">=</span> <span class="nx">local</span><span class="p">.</span><span class="nx">s3_bucket_policy</span> <span class="p">}</span> <span class="c1">// locals.tf</span> <span class="c1">// local variables</span> <span class="nx">locals</span> <span class="p">{</span> <span class="nx">s3_bucket_policy</span> <span class="p">=</span> <span class="nx">templatefile</span><span class="p">(</span><span class="nx">var</span><span class="p">.</span><span class="nx">bucket_policy_file</span><span class="p">,</span> <span class="p">{</span> <span class="nx">bucket_arn</span> <span class="p">=</span> <span class="nx">aws_s3_bucket</span><span class="p">.</span><span class="nx">static_bucket</span><span class="p">.</span><span class="nx">arn</span><span class="p">,</span> <span class="nx">cloudfront_arn</span> <span class="p">=</span> <span class="nx">aws_cloudfront_distribution</span><span class="p">.</span><span class="nx">s3_distribution</span><span class="p">.</span><span class="nx">arn</span> <span class="p">})</span> <span class="p">}</span> <span class="c1">//variables.tf</span> <span class="c1">// Read bucket policy from json file</span> <span class="nx">variable</span> <span class="s2">"bucket_policy_file"</span> <span class="p">{</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"The file name that contains the bucket policy in JSON format"</span> <span class="nx">type</span> <span class="p">=</span> <span class="nx">string</span> <span class="nx">default</span> <span class="p">=</span> <span class="s2">"bucket_policy.json.tmpl"</span> <span class="p">}</span> <span class="c1">// bucket_policy.json.tmpl</span> <span class="p">{</span> <span class="s2">"Version"</span><span class="err">:</span> <span class="s2">"2012-10-17"</span><span class="p">,</span> <span class="s2">"Statement"</span><span class="err">:</span> <span class="p">[</span> <span class="p">{</span> <span class="s2">"Sid"</span><span class="err">:</span> <span class="s2">"AllowCloudFrontService"</span><span class="p">,</span> <span class="s2">"Effect"</span><span class="err">:</span> <span class="s2">"Allow"</span><span class="p">,</span> <span class="s2">"Principal"</span><span class="err">:</span> <span class="p">{</span> <span class="s2">"Service"</span><span class="err">:</span> <span class="s2">"cloudfront.amazonaws.com"</span> <span class="p">},</span> <span class="s2">"Action"</span><span class="err">:</span> <span class="p">[</span> <span class="s2">"s3:GetObject"</span> <span class="p">],</span> <span class="s2">"Resource"</span><span class="err">:</span> <span class="s2">"${bucket_arn}/*"</span><span class="p">,</span> <span class="s2">"Condition"</span><span class="err">:</span> <span class="p">{</span> <span class="s2">"StringEquals"</span><span class="err">:</span> <span class="p">{</span> <span class="s2">"AWS:SourceArn"</span><span class="err">:</span> <span class="s2">"${cloudfront_arn}"</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="p">]</span> <span class="p">}</span> </code></pre> </div> <ol> <li> <strong>Upload Static Website Files</strong> <ul> <li>Create a folder named <code>www</code> in your project directory and add your static website files (e.g., <code>index.html</code>, <code>styles.css</code>).</li> <li>Use the <code>aws_s3_object</code> resource to upload these files to the S3 bucket. </li> </ul> </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code> <span class="c1">// Add files to the S3 bucket</span> <span class="nx">resource</span> <span class="s2">"aws_s3_object"</span> <span class="s2">"static_files"</span> <span class="p">{</span> <span class="nx">bucket</span> <span class="p">=</span> <span class="nx">aws_s3_bucket</span><span class="p">.</span><span class="nx">static_bucket</span><span class="p">.</span><span class="nx">id</span> <span class="nx">for_each</span> <span class="p">=</span> <span class="nx">fileset</span><span class="p">(</span><span class="s2">"${path.module}/www"</span><span class="p">,</span><span class="s2">"**"</span><span class="p">)</span> <span class="nx">key</span> <span class="p">=</span> <span class="nx">each</span><span class="p">.</span><span class="nx">value</span> <span class="nx">source</span> <span class="p">=</span> <span class="s2">"${path.module}/www/${each.value}"</span> <span class="nx">etag</span> <span class="p">=</span> <span class="nx">filemd5</span><span class="p">(</span><span class="s2">"${path.module}/www/${each.value}"</span><span class="p">)</span> <span class="nx">content_type</span> <span class="p">=</span> <span class="nx">lookup</span><span class="p">({</span> <span class="nx">html</span> <span class="p">=</span> <span class="s2">"text/html"</span><span class="p">,</span> <span class="nx">css</span> <span class="p">=</span> <span class="s2">"text/css"</span><span class="p">,</span> <span class="nx">js</span> <span class="p">=</span> <span class="s2">"application/javascript"</span><span class="p">,</span> <span class="nx">png</span> <span class="p">=</span> <span class="s2">"image/png"</span><span class="p">,</span> <span class="nx">jpg</span> <span class="p">=</span> <span class="s2">"image/jpeg"</span><span class="p">,</span> <span class="nx">jpeg</span> <span class="p">=</span> <span class="s2">"image/jpeg"</span><span class="p">,</span> <span class="nx">gif</span> <span class="p">=</span> <span class="s2">"image/gif"</span><span class="p">,</span> <span class="nx">svg</span> <span class="p">=</span> <span class="s2">"image/svg+xml"</span> <span class="p">},</span> <span class="nx">split</span><span class="p">(</span><span class="s2">"."</span><span class="p">,</span> <span class="nx">each</span><span class="p">.</span><span class="nx">value</span><span class="p">)[</span><span class="nx">length</span><span class="p">(</span><span class="nx">split</span><span class="p">(</span><span class="s2">"."</span><span class="p">,</span> <span class="nx">each</span><span class="p">.</span><span class="nx">value</span><span class="p">))</span> <span class="nx">-</span> <span class="mi">1</span><span class="p">],</span> <span class="s2">"application/octet-stream"</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <ol> <li><strong>Create Origin Access Identity for CloudFront</strong></li> </ol> <p>It is an IAM to the resource (example: s3 bucket) where it provides access control to specific origin. <br> OAC is related to cloudfront which blocks direct access to the content in s3 bucket ensuring that all the requests are made through designated cloudfront CDN.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code> <span class="c1">// origin access control for CloudFront</span> <span class="nx">resource</span> <span class="s2">"aws_cloudfront_origin_access_control"</span> <span class="s2">"cloudfront_oac"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"CloudFront-OAC"</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"OAC for accessing S3 bucket"</span> <span class="nx">origin_access_control_origin_type</span> <span class="p">=</span> <span class="s2">"s3"</span> <span class="nx">signing_behavior</span> <span class="p">=</span> <span class="s2">"always"</span> <span class="nx">signing_protocol</span> <span class="p">=</span> <span class="s2">"sigv4"</span> <span class="p">}</span> </code></pre> </div> <ol> <li> <strong>Create a CloudFront Distribution</strong> In this step, we will create a cloudfront distribution to serve the content from the S3 bucket. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code> <span class="c1">// create CloudFront distribution</span> <span class="nx">resource</span> <span class="s2">"aws_cloudfront_distribution"</span> <span class="s2">"s3_distribution"</span> <span class="p">{</span> <span class="nx">origin</span> <span class="p">{</span> <span class="nx">domain_name</span> <span class="p">=</span> <span class="nx">aws_s3_bucket</span><span class="p">.</span><span class="nx">static_bucket</span><span class="p">.</span><span class="nx">bucket_regional_domain_name</span> <span class="nx">origin_access_control_id</span> <span class="p">=</span> <span class="nx">aws_cloudfront_origin_access_control</span><span class="p">.</span><span class="nx">cloudfront_oac</span><span class="p">.</span><span class="nx">id</span> <span class="nx">origin_id</span> <span class="p">=</span> <span class="nx">var</span><span class="p">.</span><span class="nx">s3_origin_id</span> <span class="p">}</span> <span class="nx">enabled</span> <span class="p">=</span> <span class="kc">true</span> <span class="nx">is_ipv6_enabled</span> <span class="p">=</span> <span class="kc">true</span> <span class="nx">comment</span> <span class="p">=</span> <span class="s2">"Some comment"</span> <span class="nx">default_root_object</span> <span class="p">=</span> <span class="s2">"index.html"</span> <span class="c1">// specify the default root object (home page)</span> <span class="nx">default_cache_behavior</span> <span class="p">{</span> <span class="nx">allowed_methods</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"GET"</span><span class="p">,</span> <span class="s2">"HEAD"</span><span class="p">]</span> <span class="c1">// specify allowed methods from users</span> <span class="nx">cached_methods</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"GET"</span><span class="p">,</span> <span class="s2">"HEAD"</span><span class="p">]</span> <span class="c1">// specify cached methods</span> <span class="nx">target_origin_id</span> <span class="p">=</span> <span class="nx">var</span><span class="p">.</span><span class="nx">s3_origin_id</span> <span class="c1">// reference to origin id</span> <span class="nx">forwarded_values</span> <span class="p">{</span> <span class="nx">query_string</span> <span class="p">=</span> <span class="kc">false</span> <span class="c1">// do not forward query strings</span> <span class="nx">cookies</span> <span class="p">{</span> <span class="nx">forward</span> <span class="p">=</span> <span class="s2">"none"</span> <span class="c1">// do not forward cookies</span> <span class="p">}</span> <span class="p">}</span> <span class="nx">viewer_protocol_policy</span> <span class="p">=</span> <span class="s2">"redirect-to-https"</span> <span class="c1">// enforce HTTPS</span> <span class="nx">min_ttl</span> <span class="p">=</span> <span class="mi">0</span> <span class="nx">default_ttl</span> <span class="p">=</span> <span class="mi">3600</span> <span class="nx">max_ttl</span> <span class="p">=</span> <span class="mi">86400</span> <span class="p">}</span> <span class="nx">price_class</span> <span class="p">=</span> <span class="s2">"PriceClass_200"</span> <span class="c1">// use price class 200 for cost optimization</span> <span class="nx">restrictions</span> <span class="p">{</span> <span class="nx">geo_restriction</span> <span class="p">{</span> <span class="nx">restriction_type</span> <span class="p">=</span> <span class="s2">"none"</span> <span class="c1">// allow access from all geographic locations</span> <span class="p">}</span> <span class="p">}</span> <span class="nx">viewer_certificate</span> <span class="p">{</span> <span class="nx">cloudfront_default_certificate</span> <span class="p">=</span> <span class="kc">true</span> <span class="c1">// use default CloudFront certificate for HTTPS</span> <span class="p">}</span> <span class="p">}</span> <span class="c1">// variables.tf</span> <span class="nx">variable</span> <span class="s2">"s3_origin_id"</span> <span class="p">{</span> <span class="nx">default</span> <span class="p">=</span> <span class="s2">"S3-StaticWebsiteOrigin"</span> <span class="p">}</span> </code></pre> </div> <ol> <li> <strong>Output the CloudFront Domain Name</strong> </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code> <span class="nx">output</span> <span class="s2">"cloudfront_domain_name"</span> <span class="p">{</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"The domain name of the CloudFront distribution"</span> <span class="nx">value</span> <span class="p">=</span> <span class="nx">aws_cloudfront_distribution</span><span class="p">.</span><span class="nx">s3_distribution</span><span class="p">.</span><span class="nx">domain_name</span> <span class="p">}</span> </code></pre> </div> <ol> <li> <strong>Initialize and Apply Terraform Configuration</strong> <ul> <li>Run <code>terraform init</code> to initialize the Terraform configuration.</li> <li>Run <code>terraform apply</code> to create the resources. Review the plan and confirm the apply.</li> <li>After the apply is complete, note the CloudFront domain name from the output.</li> </ul> </li> <li> <strong>Access Your Static Website</strong> <ul> <li>Open a web browser and navigate to the CloudFront domain name to see your static website in action.</li> <li>It will automatically redirect to HTTPS.</li> </ul> </li> </ol> <h3> Conclusion </h3> <p>This mini project demonstrated how to deploy a static website using AWS S3 and CloudFront with Terraform. You can further enhance this setup by adding custom domains using Route 53, SSL certificates using AWS Certificate Manager (ACM), and additional security measures as needed.</p> <p><strong>Terminal Output:</strong></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fv96f2829w7b6268mc0bg.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fv96f2829w7b6268mc0bg.png" alt=" "></a></p> <p><strong>Static Website Accessed via CloudFront:</strong></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fskd0k2cifgnfmofc33vn.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fskd0k2cifgnfmofc33vn.png" alt=" "></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzent556c8x9hnfioi9u7.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzent556c8x9hnfioi9u7.png" alt=" "></a></p> <p>Congratulations! You have successfully deployed a static website using AWS S3 and CloudFront with Terraform.</p> <p> <iframe src="https://www.youtube.com/embed/bK6RimAv2nQ"> </iframe> </p> <p><a class="mentioned-user" href="https://dev.to/piyushsachdeva">@piyushsachdeva</a> </p> 30daysofawsterraform aws terraform Day-13: Data sources in Terraform Bhaskara teja Bulusu Sun, 07 Dec 2025 18:43:11 +0000 https://forem.com/bhaskara_tejabulusu_b4bf/day-13-data-sources-in-terraform-3gha https://forem.com/bhaskara_tejabulusu_b4bf/day-13-data-sources-in-terraform-3gha <p><strong>What are Data Sources?</strong><br> Data source in terraform refers to a way to read existing resources instead of creating new ones. Data sources lookup and use the data from things that already exist in your cloud or other services. This is useful when you want to reference information about resources that are not managed by your terraform configuration.</p> <p>example: You can use data sources to fetch information about existing VPCs, subnets, AMIs, security groups, etc.</p> <p>syntax:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">data</span> <span class="s2">"data_source_type"</span> <span class="s2">"data_source_name"</span> <span class="p">{</span> <span class="c1"># Configuration arguments</span> <span class="p">}</span> </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ftnu6v0buswo6vh8fhr5l.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ftnu6v0buswo6vh8fhr5l.png" alt=" "></a></p> <p><strong>Filters:</strong><br> Filters are used in data sources to narrow down the results based on specific criteria. They help you to find the exact resource you are looking for by applying conditions just like search queries.</p> <p>syntax:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">filter</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"filter_name"</span> <span class="nx">values</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"value1"</span><span class="p">,</span> <span class="s2">"value2"</span><span class="p">]</span> <span class="p">}</span> </code></pre> </div> <h3> Task : Use Data Sources in Terraform AWS Provider to fetch existing resources information. </h3> <p><strong>Creating an EC2 instance by fetching the AMI ID using Data Source and Subnet ID using Data Source</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="c1">// main.tf</span> <span class="c1"># Fetch the latest Ubuntu AMI</span> <span class="nx">data</span> <span class="s2">"aws_ami"</span> <span class="s2">"ubuntu"</span> <span class="p">{</span> <span class="nx">most_recent</span> <span class="p">=</span> <span class="kc">true</span> <span class="nx">filter</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"name"</span> <span class="nx">values</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"</span><span class="p">]</span> <span class="p">}</span> <span class="nx">owners</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"amazon"</span><span class="p">]</span> <span class="c1">// Canonical</span> <span class="p">}</span> <span class="c1"># Fetch existing VPC by Name tag</span> <span class="nx">data</span> <span class="s2">"aws_vpc"</span> <span class="s2">"selected"</span> <span class="p">{</span> <span class="nx">filter</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"tag:Name"</span> <span class="nx">values</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"shared-primary-vpc"</span><span class="p">]</span> <span class="p">}</span> <span class="p">}</span> <span class="c1"># Fetch existing Subnet by Name tag within the selected VPC</span> <span class="nx">data</span> <span class="s2">"aws_subnet"</span> <span class="s2">"selected"</span> <span class="p">{</span> <span class="nx">filter</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"tag:Name"</span> <span class="nx">values</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"shared-primary-subnet"</span><span class="p">]</span> <span class="p">}</span> <span class="nx">vpc_id</span> <span class="p">=</span> <span class="nx">data</span><span class="p">.</span><span class="nx">aws_vpc</span><span class="p">.</span><span class="nx">selected</span><span class="p">.</span><span class="nx">id</span> <span class="p">}</span> <span class="c1"># Create an EC2 instance using the fetched AMI and Subnet</span> <span class="nx">resource</span> <span class="s2">"aws_instance"</span> <span class="s2">"example"</span> <span class="p">{</span> <span class="nx">ami</span> <span class="p">=</span> <span class="nx">data</span><span class="p">.</span><span class="nx">aws_ami</span><span class="p">.</span><span class="nx">ubuntu</span><span class="p">.</span><span class="nx">id</span> <span class="nx">instance_type</span> <span class="p">=</span> <span class="s2">"t2.micro"</span> <span class="nx">subnet_id</span> <span class="p">=</span> <span class="nx">data</span><span class="p">.</span><span class="nx">aws_subnet</span><span class="p">.</span><span class="nx">selected</span><span class="p">.</span><span class="nx">id</span> <span class="nx">tags</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">Name</span> <span class="p">=</span> <span class="s2">"day-13-instance"</span> <span class="p">}</span> <span class="p">}</span> <span class="nx">---</span> </code></pre> </div> <p><br> <strong>Output:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code> <span class="c1">// outputs.tf</span> <span class="nx">output</span> <span class="s2">"instance_id"</span> <span class="p">{</span> <span class="nx">value</span> <span class="p">=</span> <span class="nx">aws_instance</span><span class="p">.</span><span class="nx">example</span><span class="p">.</span><span class="nx">id</span> <span class="p">}</span> <span class="nx">output</span> <span class="s2">"instance_public_ip"</span> <span class="p">{</span> <span class="nx">value</span> <span class="p">=</span> <span class="nx">aws_instance</span><span class="p">.</span><span class="nx">example</span><span class="p">.</span><span class="nx">public_ip</span> <span class="p">}</span> </code></pre> </div> <p>Now, the terraform configuration uses data sources to fetch the latest Ubuntu AMI and existing subnet information to create an EC2 instance.</p> <p> <iframe src="https://www.youtube.com/embed/MSr67lWCyD8?start=13"> </iframe> </p> <p><a class="mentioned-user" href="https://dev.to/piyushsachdeva">@piyushsachdeva</a> </p> 30daysofawsterraform aws terraform Day-12: AWS Terraform Functions Bhaskara teja Bulusu Fri, 05 Dec 2025 17:48:06 +0000 https://forem.com/bhaskara_tejabulusu_b4bf/day-12-aws-terraform-functions-mhn https://forem.com/bhaskara_tejabulusu_b4bf/day-12-aws-terraform-functions-mhn <p><strong>Advanced Functions in Terraform:</strong></p> <p>Building upon the foundational functions covered in Day 11, today we explore more specialized functions that enhance Terraform's capability to handle complex data transformations, validations, and operations. These functions are essential for creating robust, production-ready infrastructure as code.</p> <p><strong>Types of Advanced Functions:</strong></p> <p><strong>Numeric Functions:</strong><br> Numeric functions are used to perform mathematical operations and manipulate numeric values. These functions allow you to perform calculations, absolute value operations, statistical operations, and other numeric transformations.</p> <ul> <li>Examples: <code>abs()</code>, <code>ceil()</code>, <code>floor()</code>, <code>max()</code>, <code>min()</code>, <code>sum()</code>, <code>sqrt()</code> </li> </ul> <p><strong>Validation Functions:</strong><br> Validation functions are used to validate input values and ensure they meet specific criteria. These functions help enforce data integrity and prevent configuration errors by checking conditions and formats.</p> <ul> <li>Examples: <code>can()</code>, <code>regex()</code>, <code>length()</code>, <code>startswith()</code>, <code>endswith()</code>, <code>contains()</code> </li> </ul> <p><strong>Date/Time Functions:</strong><br> Date and time functions are used to manipulate and format date and time values. These functions allow you to perform operations such as parsing, formatting, timestamping, and calculating time differences.</p> <ul> <li>Examples: <code>formatdate()</code>, <code>timeadd()</code>, <code>timestamp()</code>, <code>timecmp()</code> </li> </ul> <p><strong>File Functions:</strong><br> File functions are used to read, manipulate, and check file contents and properties. These functions allow you to read files, check file existence, work with file paths, and perform other file-related operations.</p> <ul> <li>Examples: <code>file()</code>, <code>fileexists()</code>, <code>dirname()</code>, <code>basename()</code>, <code>jsondecode()</code>, <code>jsonencode()</code> </li> </ul> <h2> Examples from DAY-12: </h2> <h3> 1. Numeric Functions - Cost Analysis and Management </h3> <p><strong>Absolute Values and Statistical Operations:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight terraform"><code><span class="c1">// variables.tf</span> <span class="k">variable</span> <span class="s2">"monthly_cost"</span> <span class="p">{</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"The estimated monthly cost"</span> <span class="nx">type</span> <span class="p">=</span> <span class="nx">list</span><span class="p">(</span><span class="nx">number</span><span class="p">)</span> <span class="nx">default</span> <span class="p">=</span> <span class="p">[</span><span class="nx">-100</span><span class="p">.</span><span class="mi">5</span><span class="p">,</span> <span class="mf">200.75</span><span class="p">,</span> <span class="mf">300.0</span><span class="p">]</span> <span class="p">}</span> <span class="c1">// main.tf</span> <span class="nx">locals</span> <span class="p">{</span> <span class="c1">// Convert negative costs to absolute values</span> <span class="nx">absolute_monthly_cost</span> <span class="p">=</span> <span class="p">[</span><span class="nx">for</span> <span class="nx">cost</span> <span class="nx">in</span> <span class="kd">var</span><span class="p">.</span><span class="nx">monthly_cost</span> <span class="err">:</span> <span class="nx">abs</span><span class="p">(</span><span class="nx">cost</span><span class="p">)]</span> <span class="c1">// Find maximum cost using max() function</span> <span class="nx">maximum_monthly_cost</span> <span class="p">=</span> <span class="nx">max</span><span class="p">(</span><span class="kd">local</span><span class="p">.</span><span class="nx">absolute_monthly_cost</span><span class="p">...)</span> <span class="c1">// Calculate total cost using sum() function</span> <span class="nx">total_monthly_cost</span> <span class="p">=</span> <span class="nx">sum</span><span class="p">(</span><span class="kd">local</span><span class="p">.</span><span class="nx">absolute_monthly_cost</span><span class="p">)</span> <span class="p">}</span> <span class="c1">// outputs.tf</span> <span class="k">output</span> <span class="s2">"absolute_monthly_cost"</span> <span class="p">{</span> <span class="nx">value</span> <span class="p">=</span> <span class="kd">local</span><span class="p">.</span><span class="nx">absolute_monthly_cost</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"The absolute values of the estimated monthly costs"</span> <span class="p">}</span> <span class="k">output</span> <span class="s2">"maximum_monthly_cost"</span> <span class="p">{</span> <span class="nx">value</span> <span class="p">=</span> <span class="kd">local</span><span class="p">.</span><span class="nx">maximum_monthly_cost</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"The maximum estimated monthly cost"</span> <span class="p">}</span> <span class="k">output</span> <span class="s2">"total_monthly_cost"</span> <span class="p">{</span> <span class="nx">value</span> <span class="p">=</span> <span class="kd">local</span><span class="p">.</span><span class="nx">total_monthly_cost</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"The total estimated monthly cost"</span> <span class="p">}</span> </code></pre> </div> <h3> 2. Validation Functions - Input Validation and Quality Control </h3> <p><strong>Regex Validation and Length Checking:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight terraform"><code><span class="c1">// variables.tf</span> <span class="k">variable</span> <span class="s2">"instance_type"</span> <span class="p">{</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"The type of instance to use"</span> <span class="nx">type</span> <span class="p">=</span> <span class="nx">string</span> <span class="nx">default</span> <span class="p">=</span> <span class="s2">"t2.micro"</span> <span class="nx">validation</span> <span class="p">{</span> <span class="nx">condition</span> <span class="p">=</span> <span class="nx">can</span><span class="p">(</span><span class="nx">regex</span><span class="p">(</span><span class="s2">"^t[2-3]</span><span class="se">\\</span><span class="s2">."</span> <span class="p">,</span> <span class="kd">var</span><span class="p">.</span><span class="nx">instance_type</span><span class="p">))</span> <span class="nx">error_message</span> <span class="p">=</span> <span class="s2">"instance type must start with 't2.' or 't3.'"</span> <span class="p">}</span> <span class="nx">validation</span> <span class="p">{</span> <span class="nx">condition</span> <span class="p">=</span> <span class="nx">length</span><span class="p">(</span><span class="kd">var</span><span class="p">.</span><span class="nx">instance_type</span><span class="p">)</span> <span class="err">&gt;</span> <span class="mi">2</span> <span class="err">&amp;&amp;</span> <span class="nx">length</span><span class="p">(</span><span class="kd">var</span><span class="p">.</span><span class="nx">instance_type</span><span class="p">)</span> <span class="err">&lt;</span> <span class="mi">20</span> <span class="nx">error_message</span> <span class="p">=</span> <span class="s2">"length of instance type must be between 2 and 20 characters"</span> <span class="p">}</span> <span class="p">}</span> <span class="k">variable</span> <span class="s2">"backup_file_name"</span> <span class="p">{</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"The name of the backup file"</span> <span class="nx">type</span> <span class="p">=</span> <span class="nx">string</span> <span class="nx">default</span> <span class="p">=</span> <span class="s2">"bucket_backup"</span> <span class="nx">validation</span> <span class="p">{</span> <span class="nx">condition</span> <span class="p">=</span> <span class="nx">endswith</span><span class="p">(</span><span class="kd">var</span><span class="p">.</span><span class="nx">backup_file_name</span><span class="p">,</span> <span class="s2">"_backup"</span><span class="p">)</span> <span class="nx">error_message</span> <span class="p">=</span> <span class="s2">"backup file must end with '_backup'"</span> <span class="p">}</span> <span class="p">}</span> <span class="c1">// main.tf</span> <span class="nx">locals</span> <span class="p">{</span> <span class="nx">instance_type</span> <span class="p">=</span> <span class="kd">var</span><span class="p">.</span><span class="nx">instance_type</span> <span class="nx">backup_file_name</span> <span class="p">=</span> <span class="kd">var</span><span class="p">.</span><span class="nx">backup_file_name</span> <span class="p">}</span> <span class="c1">// outputs.tf</span> <span class="k">output</span> <span class="s2">"instance_type"</span> <span class="p">{</span> <span class="nx">value</span> <span class="p">=</span> <span class="kd">local</span><span class="p">.</span><span class="nx">instance_type</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"The type of instance being used"</span> <span class="p">}</span> <span class="k">output</span> <span class="s2">"backup_file_name"</span> <span class="p">{</span> <span class="nx">value</span> <span class="p">=</span> <span class="kd">local</span><span class="p">.</span><span class="nx">backup_file_name</span> <span class="p">}</span> </code></pre> </div> <h3> 3. Date/Time Functions - Timestamp Management </h3> <p><strong>Current Timestamp and Date Formatting:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight terraform"><code><span class="c1">// main.tf</span> <span class="nx">locals</span> <span class="p">{</span> <span class="c1">// Get current timestamp</span> <span class="nx">current_time</span> <span class="p">=</span> <span class="nx">timestamp</span><span class="p">()</span> <span class="c1">// Format timestamp to YYYY-MM-DD format</span> <span class="nx">formatted_time</span> <span class="p">=</span> <span class="nx">formatdate</span><span class="p">(</span><span class="s2">"YYYY-MM-DD"</span><span class="p">,</span> <span class="kd">local</span><span class="p">.</span><span class="nx">current_time</span><span class="p">)</span> <span class="c1">// Create timestamped bucket name</span> <span class="nx">bucket_name_with_timestamp</span> <span class="p">=</span> <span class="s2">"bhaskaratejabulusu-s3-bucket-</span><span class="k">${</span><span class="kd">local</span><span class="p">.</span><span class="nx">formatted_time</span><span class="k">}</span><span class="s2">"</span> <span class="p">}</span> <span class="c1">// outputs.tf</span> <span class="k">output</span> <span class="s2">"bucket_name_with_timestamp"</span> <span class="p">{</span> <span class="nx">value</span> <span class="p">=</span> <span class="kd">local</span><span class="p">.</span><span class="nx">bucket_name_with_timestamp</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"The S3 bucket name appended with the current timestamp"</span> <span class="p">}</span> </code></pre> </div> <h3> 4. File Functions - Configuration File Management </h3> <p><strong>File Existence Checking and JSON Processing:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight terraform"><code><span class="c1">// main.tf</span> <span class="nx">locals</span> <span class="p">{</span> <span class="c1">// Check if config file exists</span> <span class="nx">config_file_exists</span> <span class="p">=</span> <span class="nx">fileexists</span><span class="p">(</span><span class="s2">"./config.json"</span><span class="p">)</span> <span class="c1">// Conditionally load file content based on existence</span> <span class="nx">file_config</span> <span class="p">=</span> <span class="kd">local</span><span class="p">.</span><span class="nx">config_file_exists</span> <span class="err">?</span> <span class="nx">jsondecode</span><span class="p">(</span><span class="nx">file</span><span class="p">(</span><span class="s2">"./config.json"</span><span class="p">))</span> <span class="err">:</span> <span class="p">{</span> <span class="p">}</span> <span class="c1">// Get directory name from file path</span> <span class="nx">directory_name_of_file</span> <span class="p">=</span> <span class="nx">dirname</span><span class="p">(</span><span class="s2">"./config.json"</span><span class="p">)</span> <span class="c1">// Read specific value from JSON file</span> <span class="nx">username</span> <span class="p">=</span> <span class="nx">jsondecode</span><span class="p">(</span><span class="nx">file</span><span class="p">(</span><span class="s2">"./config.json"</span><span class="p">)).</span><span class="nx">username</span> <span class="p">}</span> <span class="c1">// Create JSON file from variable data</span> <span class="k">resource</span> <span class="s2">"local_file"</span> <span class="s2">"my_json_file"</span> <span class="p">{</span> <span class="nx">content</span> <span class="p">=</span> <span class="nx">jsonencode</span><span class="p">(</span><span class="kd">var</span><span class="p">.</span><span class="nx">my_data</span><span class="p">)</span> <span class="nx">filename</span> <span class="p">=</span> <span class="s2">"my_data.json"</span> <span class="p">}</span> <span class="c1">// variables.tf</span> <span class="k">variable</span> <span class="s2">"my_data"</span> <span class="p">{</span> <span class="nx">type</span> <span class="p">=</span> <span class="nx">map</span><span class="p">(</span><span class="nx">any</span><span class="p">)</span> <span class="nx">default</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"bhaskara"</span> <span class="nx">age</span> <span class="p">=</span> <span class="mi">30</span> <span class="nx">is_active</span> <span class="p">=</span> <span class="kc">true</span> <span class="p">}</span> <span class="p">}</span> <span class="c1">// outputs.tf</span> <span class="k">output</span> <span class="s2">"file_config"</span> <span class="p">{</span> <span class="nx">value</span> <span class="p">=</span> <span class="kd">local</span><span class="p">.</span><span class="nx">file_config</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"The configuration loaded from config.json file"</span> <span class="p">}</span> <span class="k">output</span> <span class="s2">"directory_name_of_file"</span> <span class="p">{</span> <span class="nx">value</span> <span class="p">=</span> <span class="kd">local</span><span class="p">.</span><span class="nx">directory_name_of_file</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"The directory name of the config.json file"</span> <span class="p">}</span> <span class="k">output</span> <span class="s2">"username"</span> <span class="p">{</span> <span class="nx">value</span> <span class="p">=</span> <span class="kd">local</span><span class="p">.</span><span class="nx">username</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"The username from the config file or default"</span> <span class="p">}</span> </code></pre> </div> <h3> 5. Collection Functions with Type Conversion - Region Management </h3> <p><strong>Set Operations and List Concatenation:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight terraform"><code><span class="c1">// variables.tf</span> <span class="k">variable</span> <span class="s2">"default_regions"</span> <span class="p">{</span> <span class="nx">type</span> <span class="p">=</span> <span class="nx">list</span><span class="p">(</span><span class="nx">string</span><span class="p">)</span> <span class="nx">default</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"us-east-1"</span><span class="p">,</span> <span class="s2">"us-west-2"</span><span class="p">,</span> <span class="s2">"us-east-1"</span><span class="p">]</span> <span class="p">}</span> <span class="k">variable</span> <span class="s2">"new_regions"</span> <span class="p">{</span> <span class="nx">type</span> <span class="p">=</span> <span class="nx">list</span><span class="p">(</span><span class="nx">string</span><span class="p">)</span> <span class="nx">default</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"eu-west-1"</span><span class="p">,</span> <span class="s2">"ap-south-1"</span><span class="p">,</span> <span class="s2">"sa-east-1"</span><span class="p">]</span> <span class="p">}</span> <span class="c1">// main.tf</span> <span class="nx">locals</span> <span class="p">{</span> <span class="c1">// Combine regions and remove duplicates using toset()</span> <span class="nx">combined_regions</span> <span class="p">=</span> <span class="nx">toset</span><span class="p">(</span><span class="nx">concat</span><span class="p">(</span><span class="kd">var</span><span class="p">.</span><span class="nx">default_regions</span><span class="p">,</span> <span class="kd">var</span><span class="p">.</span><span class="nx">new_regions</span><span class="p">))</span> <span class="p">}</span> <span class="c1">// outputs.tf</span> <span class="k">output</span> <span class="s2">"regions"</span> <span class="p">{</span> <span class="nx">value</span> <span class="p">=</span> <span class="kd">local</span><span class="p">.</span><span class="nx">combined_regions</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"The combined unique regions from default and new regions"</span> <span class="p">}</span> </code></pre> </div> <h2> Best Practices: </h2> <ol> <li> <strong>Always validate inputs</strong> using validation blocks with appropriate functions</li> <li> <strong>Handle file existence</strong> gracefully using <code>fileexists()</code> before reading files</li> <li> <strong>Use appropriate numeric functions</strong> for calculations to avoid precision issues</li> <li> <strong>Format timestamps consistently</strong> across your infrastructure</li> <li> <strong>Combine functions effectively</strong> to create robust data transformation pipelines</li> </ol> <p> <iframe src="https://www.youtube.com/embed/ZYCCu9rZkU8"> </iframe> </p> <p><a class="mentioned-user" href="https://dev.to/piyushsachdeva">@piyushsachdeva</a> </p> 30daysofawsterraform aws terraform Day-11: AWS Terraform Functions Bhaskara teja Bulusu Thu, 04 Dec 2025 17:56:18 +0000 https://forem.com/bhaskara_tejabulusu_b4bf/day-11-aws-terraform-functions-20dg https://forem.com/bhaskara_tejabulusu_b4bf/day-11-aws-terraform-functions-20dg <h2> Functions in Terraform </h2> <p><strong>Functions:</strong><br> A function is a predefined operation that takes one or more input values (arguments) and returns a single output value. Functions are used to perform common tasks, manipulate data, and transform values within Terraform configurations.<br> functions increse the reusability and modularity of Terraform code, making it easier to manage and maintain infrastructure as code.</p> <ul> <li>In terraform, we cannot create our own functions but we can use the built-in functions provided by terraform.</li> </ul> <p><strong>Types of Functions in Terraform:</strong></p> <p><strong>Validation Functions:</strong><br> Validation functions are used to validate input values and ensure they meet specific criteria. These functions help enforce<br> data integrity and prevent configuration errors.</p> <ul> <li>Examples: <code>can()</code>, <code>contains()</code>, <code>length()</code>, <code>regex()</code>, <code>alltrue()</code>, <code>anytrue()</code> </li> </ul> <p><strong>String Functions:</strong><br> String functions are used to manipulate and transform string values. These functions allow you to perform operations such as concatenation, substring extraction, and case conversion.</p> <ul> <li>Examples: <code>concat()</code>, <code>join()</code>, <code>lower()</code>, <code>upper()</code>, <code>replace()</code>, <code>split()</code>, <code>trimspace()</code> </li> </ul> <p><strong>Numeric Functions:</strong><br> Numeric functions are used to perform mathematical operations and manipulate numeric values. These functions allow you to perform calculations, rounding, and other numeric transformations.</p> <ul> <li>Examples: <code>abs()</code>, <code>ceil()</code>, <code>floor()</code>, <code>max()</code>, <code>min()</code>, <code>round()</code>, <code>sqrt()</code> </li> </ul> <p><strong>Collection Functions:</strong><br> Collection functions are used to manipulate and transform collections such as lists, maps, and sets. These functions allow you to perform operations such as filtering, mapping, and aggregating values within collections.</p> <ul> <li>Examples: <code>length()</code>, <code>contains()</code>, <code>distinct()</code>, <code>flatten()</code>, <code>join()</code>, <code>lookup()</code>, <code>merge()</code>, <code>slice()</code> </li> </ul> <p><strong>Type Conversion Functions:</strong><br> Type conversion functions are used to convert values from one data type to another. These functions allow you to change the type of a value to ensure compatibility with other operations or functions.</p> <ul> <li>Examples: <code>tostring()</code>, <code>tonumber()</code>, <code>tolist()</code>, <code>tomap()</code>, <code>toset()</code> </li> </ul> <p><strong>Date and Time Functions:</strong><br> Date and time functions are used to manipulate and format date and time values. These functions allow you to perform operations such as parsing, formatting, and calculating time differences.</p> <ul> <li>Examples: <code>formatdate()</code>, <code>timeadd()</code>, <code>timestamp()</code>, <code>timecmp()</code> </li> </ul> <p><strong>Lookup Functions:</strong><br> Lookup functions are used to retrieve values from maps or other data structures based on specified keys. These functions allow you to access specific values within complex data structures.</p> <ul> <li>Examples: <code>lookup()</code>, <code>element()</code>, <code>index()</code> </li> </ul> <p><strong>Validation Functions:</strong><br> Validation functions are used to validate input values and ensure they meet specific criteria. These functions help enforce data integrity and prevent configuration errors.</p> <ul> <li>Examples: <code>can()</code>, <code>contains()</code>, <code>length()</code>, <code>regex()</code>, <code>alltrue()</code>, <code>anytrue()</code> </li> </ul> <p><strong>File Functions:</strong><br> File functions are used to read and manipulate file contents. These functions allow you to read files, encode/decode file contents, and perform other file-related operations.</p> <ul> <li>Examples: <code>file()</code>, <code>filebase64()</code>, <code>filesha256()</code>, <code>templatefile()</code> </li> </ul> <p>Examples:</p> <ol> <li>Transform "Project ALPHA Resource" → "project-alpha-resource" </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>// variables.tf variable "project_name" { default = "Project ALPHA Resource" } // main.tf locals { formatted_name = lower(replace(var.project_name, " ", "-")) } //outputs.tf output "formatted_name" { value = local.formatted_name } </code></pre> </div> <ol> <li>Resource Tagging - Merge default and environment tags </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>// variables.tf variable "org_tags" { type = map(string) default = { "org" = "haschicorp" "project" = "automation" } } variable "default_tags" { type = map(string) default = { "env" = "dev" "name" = "env_tags" } } // main.tf locals{ tags = merge(var.default_tags, var.org_tags) } // outputs.tf output "merged_tags" { value = local.tags } </code></pre> </div> <ol> <li>Sanitize bucket names for AWS compliance </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>// variables.tf variable "inconsistent_bucket_name" { type = string default = "My.Project_ALPHA.Bucket." } // main.tf locals { sanitized_bucket_name = lower(replace(replace(trimspace(var.inconsistent_bucket_name), "_", "-"), ".", "-")) } // outputs.tf output "sanitized_bucket_name" { value = local.sanitized_bucket_name } </code></pre> </div> <ol> <li>Security Group Ports - Transform "80,443,8080" into security group rules </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>// variables.tf variable "allowed_ports" { type = string default = "80,443,8080" } // main.tf port_list = (split(",",var.ports)) sg_rules = [ for port in local.port_list : { name = "port-${port}" port = tonumber(port) } ] // outputs.tf output "sg_rules" { value = local.sg_rules } </code></pre> </div> <ol> <li>Environment Lookup - Select instance size by environment </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>// variables.tf variable "environment" { type = string default = "development" } variable "env_instances" { type = map(string) default = { "dev" = "t2.medium" "stage" = "t2.small" "prod" = "t2.large" } } // main.tf locals { instance_size = lookup(var.env_instances, var.environment, "t2.micro") } // outputs.tf output "instance_size" { value = local.instance_size } </code></pre> </div> <p> <iframe src="https://www.youtube.com/embed/-dKsmU4Z1hM"> </iframe> </p> <p><a class="mentioned-user" href="https://dev.to/piyushsachdeva">@piyushsachdeva</a> </p> 30daysofawsterraform aws terraform Day-10: Conditional expressions, Dynamic blocks, Splat expressions in terraform Bhaskara teja Bulusu Wed, 03 Dec 2025 16:08:21 +0000 https://forem.com/bhaskara_tejabulusu_b4bf/day-10-conditional-expressions-dynamic-blocks-splat-expressions-in-terraform-4j0c https://forem.com/bhaskara_tejabulusu_b4bf/day-10-conditional-expressions-dynamic-blocks-splat-expressions-in-terraform-4j0c <p><strong>Conditional Expressions:</strong><br> Conditional expressions in Terraform allow you to choose between two values based on a condition. The syntax is <code>condition ? true_value : false_value</code>. This is useful for setting resource attributes based on variable values or other conditions.</p> <ul> <li>chose instances based on the environment (dev/prod)</li> <li>enable monitoring based on the configurations</li> <li>select different AMIs based on region</li> </ul> <p>example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>// main.tf resource "aws_instance" "instance" { ami = "ami-0fa3fe0fa7920f68e" region = "us-east-1" instance_type = var.environment == "dev" ? "t3.micro" : "t3.small" count = var.instance_count tags = var.tags } // variables.tf variable "environment" { type = string default = "dev" } </code></pre> </div> <p><strong>Splat Expressions:</strong><br> Splat expressions allow you to extract multiple values from a list of objects. The syntax is <code>resource_type.resource_name[*].attribute</code>. This is useful for retrieving attributes from multiple instances of a resource.</p> <p>example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>// main.tf resource "aws_instance" "instance" { ami = "ami-0fa3fe0fa7920f68e" region = "us-east-1" instance_type = var.environment == "dev" ? "t3.micro" : "t3.small" count = var.instance_count tags = var.tags } // splat expression example in Terraform output "instance_ids" { value = aws_instance.instance[*].id } </code></pre> </div> <p><strong>Dynamic Blocks:</strong><br> Dynamic blocks in Terraform allow you to generate multiple nested blocks within a resource based on a list or map variable. The syntax is <code>dynamic "block_name" { for_each = var.list_variable ... }</code>. This is useful for creating multiple similar configurations without duplicating code.</p> <p>example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>// variables.tf # ingress values variable "ingress_values" { type = list(object({ from_port = number to_port = number protocol = string cidr_blocks = list(string) })) default = [ { from_port = 80 to_port = 80 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] }, { from_port = 443 to_port = 443 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } ] } // main.tf // Dynamic block example in Terraform resource "aws_security_group" "security_group" { name = "sg" dynamic "ingress" { for_each = var.ingress_values content { from_port = ingress.value.from_port to_port = ingress.value.to_port protocol = ingress.value.protocol cidr_blocks = ingress.value.cidr_blocks } } egress { from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] } } </code></pre> </div> <p>So, by using conditional expressions, splat expressions, and dynamic blocks, you can create more flexible, reusable, and maintainable Terraform configurations.</p> <p> <iframe src="https://www.youtube.com/embed/R4ShnFDJwI8"> </iframe> </p> <p><a class="mentioned-user" href="https://dev.to/piyushsachdeva">@piyushsachdeva</a> </p> 30daysofawsterraform aws terraform Day-09: Lifecycle management rules in terraform Bhaskara teja Bulusu Wed, 03 Dec 2025 04:21:12 +0000 https://forem.com/bhaskara_tejabulusu_b4bf/day-09-lifecycle-management-rules-in-terraform-5fai https://forem.com/bhaskara_tejabulusu_b4bf/day-09-lifecycle-management-rules-in-terraform-5fai <p><strong>Lifecycle rules:</strong><br> In terraform lifecycle rules are the ones that actually controls how the resource is created/updated/destroyed.</p> <ul> <li>improve security</li> <li>Better maintenance of resources</li> <li>control over the resources</li> </ul> <p>There are 6 rules to manage the lifecycle </p> <ol> <li>ignore_changes</li> <li>prevent_destroy</li> <li>replace_triggered_by</li> <li>create_before_destroy</li> <li>precondition</li> <li>postcondition</li> </ol> <p><strong>1. Create before destroy:</strong><br> If there is any change in the resource, this rule ensures that the resource with updated changes is created and then the old resource will be destroyed</p> <ul> <li>This reduces the downtime while making changes (Zero-downtime deployment)</li> </ul> <p>example:<br> create an instance before destroying<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>// main.tf // Create before destroy to avoid downtime resource "aws_instance" "instance" { ami = "ami-0f64121fa59598bf7" instance_type = "t3.micro" region = tolist(var.allowed_region)[0] tags = var.tags lifecycle { create_before_destroy = true } } </code></pre> </div> <p><strong>2. Prevent destroy:</strong><br> This rule prevents the resource from being destroyed accidentally.<br> example:<br> prevent destroy for s3 bucket<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>// main.tf // prevent destroy to avoid accidental deletion resource "aws_s3_bucket" "bucket" { bucket = "${var.username}-bucket-${var.environment}-day-09" lifecycle { prevent_destroy = true } } </code></pre> </div> <p><strong>3. Ignore changes:</strong><br> This rule ignores the changes made to the resource outside terraform.<br> example:<br> ignore changes to tags<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>// main.tf // Ignore changes to tags resource "aws_instance" "instance" { ami = "ami-0f64121fa59598bf7" instance_type = "t3.micro" region = tolist(var.allowed_region)[0] tags = var.tags lifecycle { ignore_changes = [tags] } } </code></pre> </div> <p><strong>4. Replace triggered by:</strong><br> This rule replaces the resource when there is a change in the specified attribute.<br> example:<br> replace resource when there is a change in instance_type<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>// main.tf // Replace instance when there is a change in instance_type resource "aws_instance" "instance" { ami = "ami-0f64121fa59598bf7" instance_type = "t3.micro" region = tolist(var.allowed_region)[0] tags = var.tags lifecycle { replace_triggered_by = [instance_type] } } </code></pre> </div> <p><strong>5. Precondition:</strong><br> This rule checks the condition before creating/updating the resource.<br> example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>// main.tf // Precondition to check instance type resource "aws_instance" "instance" { ami = "ami-0f64121fa59598bf7" instance_type = "t3.micro" region = tolist(var.allowed_region)[0] tags = var.tags lifecycle { precondition { condition = var.instance_type == "t3.micro" error_message = "Instance type must be t3.micro" } } } </code></pre> </div> <p><strong>6. Postcondition:</strong><br> This rule checks the condition after creating/updating the resource.<br> example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>// main.tf // Postcondition to check instance state resource "aws_instance" "instance" { ami = "ami-0f64121fa59598bf7" instance_type = "t3.micro" region = tolist(var.allowed_region)[0] tags = var.tags lifecycle { postcondition { condition = aws_instance.instance.instance_state == "running" error_message = "Instance is not in running state" } } } </code></pre> </div> <h2> Best practices: </h2> <ul> <li>Use lifecycle rules to manage resources effectively.</li> <li>Always test the lifecycle rules in a non-production environment before applying them to production.</li> <li>Document the lifecycle rules used in the terraform code for better understanding and maintenance.</li> <li>Regularly review and update the lifecycle rules as per the changing requirements and best practices.</li> <li>Be cautious while using ignore_changes - it can hide important changes.</li> <li>Use create_before_destroy for critical resources to avoid downtime.</li> </ul> <p> <iframe src="https://www.youtube.com/embed/60tOSwpvldY"> </iframe> </p> <p><a class="mentioned-user" href="https://dev.to/piyushsachdeva">@piyushsachdeva</a> </p> 30daysofawsterraform aws terraform Day-08: Meta Arguments in terraform Bhaskara teja Bulusu Tue, 02 Dec 2025 06:04:40 +0000 https://forem.com/bhaskara_tejabulusu_b4bf/day-08-meta-arguments-in-terraform-4gc6 https://forem.com/bhaskara_tejabulusu_b4bf/day-08-meta-arguments-in-terraform-4gc6 <h2> Meta arguments </h2> <p>In terraform, the meta arguments are classified into 5 types</p> <ul> <li>depends_on</li> <li>count</li> <li>for_each</li> <li>provider</li> <li>lifecycle</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdydrm9ur0mf6y4ax9bcy.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdydrm9ur0mf6y4ax9bcy.png" alt=" "></a></p> <p><strong>count:</strong><br> An argument used to create multiple resources with numeric indexing.<br> Usually, this is the length of the list.</p> <ul> <li>used for iterating over a list</li> </ul> <p>example code:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>// variables.tf variable "bucket_count_list" { type = list(string) default = [ "bhaskaratejabulusu-bucket-day-08-list-1", "bhaskaratejabulusu-bucket-day-08-list-2" ] } // main.tf resource "aws_s3_bucket" "bucket1" { count = length(var.bucket_count_list) bucket = var.bucket_count_list[count.index] // iterates over a list from 0 to [count-1] } </code></pre> </div> <p><strong>for_each</strong><br> An argument in terraform to create multiple resources with map/sets</p> <ul> <li>iterates over values / key-value pairs</li> <li>used in maps and sets</li> </ul> <p>to use for_each the datatype must be either map or a set</p> <p>example for set and map:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>// variables.tf // set variable "bucket_count_set" { type = set(string) default = [ "bhaskaratejabulusu-bucket-day-08-set-1", "bhaskaratejabulusu-bucket-day-08-set-2" ] } // map variable "bucket_count_map" { type = map(string) default = { "bucket1" = "bhaskaratejabulusu-bucket-day-08-map-1", "bucket2" = "bhaskaratejabulusu-bucket-day-08-map-2" } } // main.tf // using set resource "aws_s3_bucket" "bucket2" { for_each = var.bucket_count_set bucket = each.value // iterates over the set using a for loop internally and retrieves every value } // using map resource "aws_s3_bucket" "bucket3" { for_each = var.bucket_count_map bucket = each.value } </code></pre> </div> <p><strong>depends_on</strong><br> An argument used to explicitly specify that a resource or module must be created or updated after one or more other resources or modules. It establishes a manual dependency, ensuring the correct order of operations, even when there’s no direct reference between the resources.</p> <p>example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>// main.tf resource "aws_s3_bucket" "bucket1" { count = length(var.bucket_count_list) bucket = var.bucket_count_list[count.index] } resource "aws_s3_bucket" "bucket2" { for_each = var.bucket_count_set bucket = each.value depends_on = [ aws_s3_bucket.bucket1 ] } </code></pre> </div> <p>In the above code, the bucket2 is dependent on bucket1 so terraform will wait for bucket1 to be created and then bucket2 will be created ensuring the correct order.</p> <p> <iframe src="https://www.youtube.com/embed/XMMsnkovNX4?start=1473"> </iframe> </p> <p><a class="mentioned-user" href="https://dev.to/piyushsachdeva">@piyushsachdeva</a> </p> 30daysofawsterraform aws terraform Day-07: AWS Terraform Type constraints Bhaskara teja Bulusu Mon, 01 Dec 2025 17:23:13 +0000 https://forem.com/bhaskara_tejabulusu_b4bf/day-07-aws-terraform-type-constraints-5ad https://forem.com/bhaskara_tejabulusu_b4bf/day-07-aws-terraform-type-constraints-5ad <h2> Terraform Variable Type Constraint Tasks </h2> <p>The variables in terraform are classified into two types</p> <ul> <li>Based on Purpose</li> <li>Based on value (Type Constraints)</li> </ul> <p>The Type constraints are again classified into three types</p> <ul> <li>Primitive --&gt; String, Number, Bool</li> <li>Complex --&gt; List, Set, Tuple, Map, Object</li> <li>Null and Any</li> </ul> <p>Let's see one by one</p> <p><strong>String:</strong><br> Combination of characters is known as a string. in terraform the string is enclosed between quotes<br> example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>environment - "development" </code></pre> </div> <p>example code:</p> <p><strong>Objective:</strong> Use the simple <code>string</code> type variables to set the AWS Provider configuration and apply a basic naming convention.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>// variables.tf variable "environment" { type = string description = "The environment for the resources" default = "dev" } // main.tf resource "aws_s3_bucket" "bucket" { bucket = "${local.bucket_name}-bucket-${var.environment}" region = var.region tags = { Name = "My S3 bucket" Environment = var.environment } } </code></pre> </div> <p><strong>Number:</strong><br> The number type constraint in terrraform is just a simple numeric value.<br> example:<br> count=1</p> <p>example code:</p> <p><strong>Objective:</strong> Use the <code>number</code> constraint to define the desired quantity of a resource using Terraform’s <code>count</code> argument.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> // variables.tf variable "instance_count" { type = number description = "Number of EC2 instances to create" default = 1 } //main.tf resource "aws_instance" "ec2_instance" { ami = "ami-0fa3fe0fa7920f68e" count = var.instance_count } </code></pre> </div> <p><strong>Boolean:</strong><br> The boolean constraint in terraform is defined as the value which is either true or false<br> example:<br> monitoring = true</p> <p>example code:<br> <strong>Objective:</strong> Use <code>bool</code> variables to control binary configuration settings (true/false flags) for AWS resources.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>// variables.tf variable "monitoring_enabled" { type = bool default = true } variable "associate_public_ip" { type = bool default = true } // main.tf # Create an ec2 instance resource "aws_instance" "ec2_instance" { ami = "ami-0fa3fe0fa7920f68e" count = var.instance_count monitoring = var.config.monitoring associate_public_ip_address = var.associate_public_ip } </code></pre> </div> <p><strong>List:</strong><br> The list in terraform is an ordered collection of elements of same type</p> <ul> <li>duplicates are allowed</li> <li>elements in list are accessed using index example: regions = ["us-east-1","us-west-1","eu-west-1"]</li> </ul> <p>example code:<br> <strong>Objective:</strong> Use a <code>list(string)</code> to define multiple, ordered values of the same type for sequential use.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>// variables.tf # CIDR block variable "cidr_block" { type = list(string) default = [ "10.0.0.0/8", "192.168.0.0/16", "172.16.0.0/12" ] } # Allowed VM Types variable "allowed_vm_types" { type = list(string) default = [ "t2.micro", "t2.small", "t3.micro", "t3.small" ] } // main.tf # Create an ec2 instance resource "aws_instance" "ec2_instance" { ami = "ami-0fa3fe0fa7920f68e" instance_type = var.allowed_vm_types[2] count = var.instance_count monitoring = var.config.monitoring associate_public_ip_address = var.associate_public_ip tags = var.tags } # Create a VPC resource "aws_vpc" "myvpc" { cidr_block = var.cidr_block[1] tags = { Name = "Default VPC" } } </code></pre> </div> <p><strong>Set:</strong><br> A set in terraform is an unordered collection of unique elements of same type.</p> <ul> <li>duplicate values are not allowed</li> <li>should be accessed using values (no index)</li> <li>tolist(): method that converts a set to list</li> </ul> <p>example:<br> [ "us-east-1", "us-west-2", "eu-west-1" ]</p> <p>example code:</p> <p><strong>Objective:</strong> Use a <code>set(string)</code> to define a collection of unique, unordered values, typically for validation purposes.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>// variables.tf # Allowed regions variable "allowed_region" { type = set(string) default = [ "us-east-1", "us-west-2", "eu-west-1" ] } // providers.tf provider "aws" { region = var.config.region } </code></pre> </div> <p><strong>Map:</strong><br> Map in terraform is the collection of key-value pairs.</p> <ul> <li>accessed using keys</li> </ul> <p>example code:<br> <strong>Objective:</strong> Use a <code>map(string)</code> to pass dynamic key-value pairs, primarily for resource metadata and cost allocation.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>// variables.tf # tags variable variable "tags" { type = map(string) default = { Environment = "dev", Name = "dev-Instance", created_by = "terraform" } } //main.tf resource "aws_instance" "ec2_instance" { ami = "ami-0fa3fe0fa7920f68e" tags = var.tags // using map } </code></pre> </div> <p><strong>Tuple:</strong><br> Tuple is an ordered collection of elements where each element can be of different type</p> <ul> <li>accessed through index</li> </ul> <p>example code:<br> <strong>Objective:</strong> Use a <code>tuple</code> to enforce a rigid structure where the position and type of elements are strictly defined.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>// variables.tf # Ingress values variable "ingress_values" { type = tuple([ number, string, number ]) default = [ 443, "tcp", 443 ] } //main.tf # Create Security Group to allow TLS traffic resource "aws_security_group" "allow_tls" { name = "allow_tls" description = "Allow TLS inbound traffic and all outbound traffic" vpc_id = aws_vpc.myvpc.id tags = { Name = "allow_tls" } } resource "aws_vpc_security_group_ingress_rule" "allow_tls_ipv4" { security_group_id = aws_security_group.allow_tls.id cidr_ipv4 = var.cidr_block[1] from_port = var.ingress_values[0] ip_protocol = var.ingress_values[1] to_port = var.ingress_values[2] description = "Allow TLS inbound traffic from specific CIDR block" } </code></pre> </div> <p><strong>Object:</strong><br> Object is a collection of named attributes, where each attribute has a defined type.</p> <ul> <li>accessed via dot notation</li> </ul> <p>example code:<br> <strong>Objective:</strong> Use an <code>object</code> to group multiple configuration values of different types under a single variable, improving code organization.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>// variables.tf variable "config" { type = object({ region = string monitoring = bool instance_count = number }) default = { region = "us-east-1" monitoring = true instance_count = 1 } } // main.tf resource "aws_instance" "ec2_instance" { ami = "ami-0fa3fe0fa7920f68e" count = var.config.instance_count monitoring = var.config.monitoring region = var.config.region } </code></pre> </div> <p>In this way we use the type constraints in different use cases.</p> <p> <iframe src="https://www.youtube.com/embed/gu2oCJ9DQiQ"> </iframe> </p> <p><a class="mentioned-user" href="https://dev.to/piyushsachdeva">@piyushsachdeva</a> </p> 30daysofawsterraform aws terraform Day-06: AWS Terraform Project Structure Best practices Bhaskara teja Bulusu Sat, 29 Nov 2025 17:58:07 +0000 https://forem.com/bhaskara_tejabulusu_b4bf/day-06-aws-terraform-project-structure-best-practices-2a76 https://forem.com/bhaskara_tejabulusu_b4bf/day-06-aws-terraform-project-structure-best-practices-2a76 <p><strong>File Structure</strong><br> Keeping everything such as variables, locals, providers, backend, outputs, resources related code in one file isn't a best practice and becomes an overhead as infrastructure grows and unmanageable.</p> <p>There is a standard structure that needs to be followed by every DevOps engineer which is essential for scalability and maintainability and one of the recommended project structure is:</p> <p>project-root/<br> ├── backend.tf # Backend configuration<br> ├── provider.tf # Provider configurations<br> ├── variables.tf # Input variable definitions<br> ├── locals.tf # Local value definitions<br> ├── main.tf # Main resource definitions<br> ├── vpc.tf # VPC-related resources<br> ├── security.tf # Security groups, NACLs<br> ├── compute.tf # EC2, Auto Scaling, etc.<br> ├── storage.tf # S3, EBS, EFS resources<br> ├── database.tf # RDS, DynamoDB resources<br> ├── outputs.tf # Output definitions<br> ├── terraform.tfvars # Variable values<br> └── README.md # Documentation</p> <p><strong>Terraform File Loading</strong></p> <ul> <li>Terraform loads all the files with .tf extension in the current directory</li> <li>Terraform loads the files in lexicographical order (Alphabetical)</li> <li><p>File names doesn't affect any code inside them</p></li> <li><p>The above file structure is just an example and recommended by Hashicorp and this varies from organization and their use case</p></li> <li><p>Another approach is to separate the files based on the environments or based on the resources as well</p></li> </ul> <p><strong>File organization principles</strong></p> <ul> <li>Separation of concerns</li> <li>Logical Grouping</li> <li>Consistent naming</li> <li>Modular Approach</li> <li>Documentation</li> </ul> <p><strong>Best practices</strong></p> <ul> <li>Consistent naming of file names</li> <li>Split the files based on functionality</li> <li>Size management - keep files manageable (&lt;500 lines)</li> <li>Documentation</li> <li>Logical Grouping</li> </ul> <p>A well organized structure not only improves readability but also streamlines collaboration and long term maintenance </p> <p> <iframe src="https://www.youtube.com/embed/QMsJholPkDY"> </iframe> </p> <p><a class="mentioned-user" href="https://dev.to/piyushsachdeva">@piyushsachdeva</a> </p> 30daysofawsterraform aws terraform Day-05: Terraform variables in AWS Bhaskara teja Bulusu Fri, 28 Nov 2025 15:39:40 +0000 https://forem.com/bhaskara_tejabulusu_b4bf/day-05-terraform-variables-in-aws-aa1 https://forem.com/bhaskara_tejabulusu_b4bf/day-05-terraform-variables-in-aws-aa1 <p><strong>Why do we need variables ?</strong><br> To use the specific value repeatedly such as environment, tag names, bucket names etc., instead of writing the same value everywhere we just store them and use when needed which increases reusability in the code. </p> <p><strong>Variables</strong><br> Variables are classified into two types</p> <ol> <li>Based on purpose</li> <li>Based on Value</li> </ol> <p><strong>Based on Purpose</strong></p> <ul> <li>Input</li> <li>Output</li> <li>Local</li> </ul> <p><strong>Based on value</strong></p> <ul> <li>Primitive --&gt; String, number, bool</li> <li>Complex --&gt; list, tuple, set, map, object</li> <li>ANY and NULL</li> </ul> <p><strong>Input Variables</strong><br> variables which are used in the code when needed<br> Syntax:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>variable "variable_name"{ default = "dev" type = string //this is not mandatory. if you don't mention the type of the variable, the terraform will autodetect and use ANY type } # Accessing the Variable var.variable_name ${} // for concatenation of string #Example: Name = "${var.variable_name} - Bucket" </code></pre> </div> <p><strong>Local variables</strong><br> variables declared in the locals block and accessed anywhere in the code<br> Syntax:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>locals{ env = "value" bucket_name="value" } #Accessing locals local.local_variable_name </code></pre> </div> <p><strong>Output Variable</strong><br> the variable which gives output once the resource has been provisioned and the output variables are generally printed on the console<br> Syntax:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>output "variable_name"{ value = value // Value of the variable you want as output description = "description_about_the_output_variable" } </code></pre> </div> <p><strong>Ways to declare variables</strong><br> we can declare variables in many ways:</p> <ol> <li>Using the default</li> <li>Environment variables <code>export TF_VAR_variable_name="variable_value"</code> </li> <li>using terraform.tfvars file <code>variable = "variable_value"</code> </li> <li>using terraform.tfvars.json file (similar to terraform.tfvars file but in json format)</li> <li>*auto.tfvars (or) *.auto.tfvars.json files</li> <li>ANY -var in CLI <code>terraform plan -var="variable=variable_value"</code> </li> <li>ANY -var-file (variable files) </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># In variables.tfvars variable "variable_name"{ default = "variable_value" } # Use this file in command line terraform plan -var-file=variables.tfvars </code></pre> </div> <p><strong>Commands</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>terraform output #show all outputs terraform output variable_name # show the output of specific variable terraform output -json #show the outputs in json format # Clean up unset TF_VAR_variable_name </code></pre> </div> <p>In this way we create variables in different ways.</p> <p> <iframe src="https://www.youtube.com/embed/V-2yC39BONc"> </iframe> <br> <a class="mentioned-user" href="https://dev.to/piyushsachdeva">@piyushsachdeva</a> </p> 30daysofawsterraform aws terraform Day-04: Terraform state file management using S3 Bucket Bhaskara teja Bulusu Thu, 27 Nov 2025 13:40:24 +0000 https://forem.com/bhaskara_tejabulusu_b4bf/day-04-terraform-state-file-management-using-s3-bucket-1jll https://forem.com/bhaskara_tejabulusu_b4bf/day-04-terraform-state-file-management-using-s3-bucket-1jll <h2> How terraform updates Infrastructure ? </h2> <p>When we run the terraform apply command, some files are created such as terraform.tfstate, terraform.tfstate.backup and terraform compares desired state with the actual state and provision the resources and update the infrastructure accordingly.</p> <p>Desired state: The infrastructure we wish to create<br> Actual state: The current infrastructure we are having</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffnr8fki41xq36cwdq9d1.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffnr8fki41xq36cwdq9d1.png" alt=" "></a></p> <p><strong>State file management</strong><br> In the terraform.tfstate, terraform.tfstate.backup files, sensitive information such as account Id's and resource names are present and in addition to that, modifying these files makes the state files corrupted. So, we shouldn't store in the production server or locally. To overcome this we store the state files in the remote backend instead of storing directly in the server</p> <p>Storing the state files in the remote backend such as AWS S3 secures and stores separately which is easy to manage.</p> <p>State file Best practices:</p> <ol> <li>Store file to Remote backend</li> <li>Don't update/delete the files</li> <li>State locking --&gt; a process which locks the file making the file inaccessible for others</li> <li>Isolation of state file --&gt; separate state files for different environments</li> <li>Regular backup</li> </ol> <p><strong>Code for storing state files in the Remote backend (S3 Bucket)</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>terraform { backend "s3" { bucket = "bhaskaratejabulusu-state-files-day04" key = "dev/terraform.tfstate" region = "us-east-1" encrypt = true use_lockfile = true } } </code></pre> </div> <p>Make sure that the remote backend in this case S3 bucket is already created/available before running the terraform commands.<br> Usually this is done by CI/CD pipeline before terraform provisions resources</p> <p>Security in S3 bucket:</p> <ol> <li>S3 versioning enable</li> <li>IAM minimal to S3</li> <li>S3 Bucket Policy</li> <li>Encryption (Server Side Encryption)</li> <li>Access Logging</li> </ol> <p><code>terraform state list</code><br> You can use the above command to list resources in state</p> <p> <iframe src="https://www.youtube.com/embed/YsEdrl9O5os"> </iframe> </p> <p><a class="mentioned-user" href="https://dev.to/piyushsachdeva">@piyushsachdeva</a> </p> 30daysofawsterraform aws terraform