Query data sources using state file in Terraform – 2

That is in continuation of the first article – Question knowledge sources utilizing state file in Terraform – 1, the place now we have configured VPC Infrastructure.

On this article, I’m going to deploy software infrastructure outlined by a separate Terraform configuration and use the terraform_remote_state knowledge supply to question details about your VPC.

Lastly, you’ll use the aws_ami knowledge supply to configure the proper AMI for the present area.

Please go to my GitHub Repository for Terraform articles on numerous matters being up to date on fixed foundation.

Let’s get began!

1. Create infrastructure for software block

2. Change to the Utility listing and Run terraform init to initialize Terraform.

3. Configure Terraform distant state

4. Scale EC2 cases

5. Configure region-specific AMIs

6. Configure EC2 subnet and safety teams

7. Run terraform apply to use the configuration

• AWS consumer account with admin entry, not a root account.
• Cloud9 IDE with AWS CLI.

Terraform documentation for AMI.

data source for pulling in an AMI ID.

1. Create infrastructure for software block

• Let’s create the next organizational construction as proven under.

• Create a listing – terraform-data-sources-app

• Create 4 information – terraform.tf, predominant.tf, variables.tf, outputs.tf file.

• Create a terraform.tf file.

# terraform-data-sources-app/terraform.tf
# PROVIDERS BLOCK
terraform {
  required_providers {
    aws = {
      supply  = "hashicorp/aws"
      model = "~> 4.23"
    }
  }
  required_version = ">= 1.2.0"
}

# terraform-data-sources-app/predominant.tf
# Utility BLOCK
supplier "aws" {
  area = "us-east-1"
}

useful resource "random_string" "lb_id" {
  size  = 3
  particular = false
}

module "elb_http" {
  supply  = "terraform-aws-modules/elb/aws"
  model = "4.0.0"

  # Guarantee load balancer identify is exclusive
  identify = "lb-${random_string.lb_id.outcome}-data-sources"

  inside = false

  security_groups = []
  subnets         = []

  number_of_instances = size(aws_instance.app)
  cases           = aws_instance.app.*.id

  listener = [{
    instance_port     = "80"
    instance_protocol = "HTTP"
    lb_port           = "80"
    lb_protocol       = "HTTP"
  }]

  health_check = {
    goal              = "HTTP:80/index.html"
    interval            = 10
    healthy_threshold   = 3
    unhealthy_threshold = 10
    timeout             = 5
  }
}


useful resource "aws_instance" "app" {
  ami = "ami-0b5eea76982371e91"

  instance_type = var.instance_type

  subnet_id              = ""
  vpc_security_group_ids = []

  user_data = <<-EOF
    #!/bin/bash
    sudo yum replace -y
    sudo yum set up httpd -y
    sudo systemctl allow httpd
    sudo systemctl begin httpd
    echo "<html><physique><div>Welcome to Information Sources Infrastructure!</div></physique></html>" > /var/www/html/index.html
    EOF
}

• Create a variables.tf file.

# terraform-data-sources-app/variables.tf
# VARIABLES BLOCK
variable "instances_per_subnet" {
  description = "Variety of EC2 cases in every non-public subnet"
  kind        = quantity
  default     = 2
}

variable "instance_type" {
  description = "Sort of EC2 occasion to make use of"
  kind        = string
  default     = "t2.micro"
}

• Create an outputs.tf file.

# terraform-data-sources-app/outputs.tf
# OUTPUTS BLOCK
output "lb_url" {
  description = "URL of load balancer"
  worth       = "http://${module.elb_http.elb_dns_name}/"
}

output "web_instance_count" {
  description = "Variety of EC2 cases"
  worth       = size(aws_instance.app)
}

2. Change to the Utility listing and run terraform init

cd ../terraform-data-sources-app

• Run terraform init to initialize Terraform.

3. Configure Terraform distant state

• Just like the VPC block, this configuration contains hard-coded values for the us-east-1 area. You should utilize the terraform_remote_state knowledge supply to make use of one other Terraform workspace’s output knowledge.

• Add a terraform_remote_state knowledge supply to the predominant.tf file contained in the terraform-data-sources-app listing, changing YOUR_ORG with your personal Terraform Cloud group identify.

• This distant state block makes use of the native backend to load state knowledge from the trail within the config part.

# terraform-data-sources-app/predominant.tf
knowledge "terraform_remote_state" "vpc" {
  backend = "native"

  config = {
    path = "../terraform-data-sources-vpc/terraform.tfstate"
  }
}

• Now, replace your aws supplier configuration in predominant.tf to make use of the identical area because the VPC configuration as a substitute of a hardcoded area.

# terraform-data-sources-app/predominant.tf
supplier "aws" {
  # area = "us-east-1"
  area = knowledge.terraform_remote_state.vpc.outputs.aws_region
}

• The VPC configuration additionally included outputs for subnet and safety group IDs. Configure the load balancer safety group and subnet arguments for the elb module with these values.

# terraform-data-sources-app/predominant.tf

module "elb_http" {
###...
  /*
  security_groups = []
  subnets         = []
  */

  security_groups = knowledge.terraform_remote_state.vpc.outputs.lb_security_group_ids
  subnets         = knowledge.terraform_remote_state.vpc.outputs.public_subnet_ids
###...
}

4. Scale EC2 cases

• You should utilize values from knowledge sources similar to every other Terraform values, together with by passing them to capabilities.

• The configuration in predominant.tf solely makes use of a single EC2 occasion.

• Replace the configuration to make use of the instances_per_subnet variable to provision a number of EC2 cases per subnet.

# terraform-data-sources-app/predominant.tf

useful resource "aws_instance" "app" {
###...
  depend = var.instances_per_subnet * size(knowledge.terraform_remote_state.vpc.outputs.private_subnet_ids)

  ami = "ami-0b5eea76982371e91"
###...
}

• Now once you apply this configuration, Terraform will provision var.instances_per_subnet cases for every non-public subnet configured in your VPC workspace.

5. Configure region-specific AMIs

• The AWS occasion configuration additionally makes use of a hard-coded AMI ID, which is simply legitimate for the us-east-1 area.

• Use an aws_ami knowledge supply to load the proper AMI ID for the present area.

• Add the next to predominant.tf.

# terraform-data-sources-app/predominant.tf
knowledge "aws_ami" "amazon_linux" {
  most_recent = true
  homeowners      = ["amazon"]

  filter {
    identify   = "identify"
    values = ["amzn2-ami-hvm-*-x86_64-gp2"]
  }
}

• Change the hard-coded AMI ID with the one loaded from the brand new knowledge supply.

# terraform-data-sources-app/predominant.tf

useful resource "aws_instance" "app" {
  depend = var.instances_per_subnet * size(knowledge.terraform_remote_state.vpc.outputs.private_subnet_ids)

  /*
  ami = "ami-0b5eea76982371e91"
  */
  ami = knowledge.aws_ami.amazon_linux.id

###...
}

6. Configure EC2 subnet and safety teams

• Lastly, replace the EC2 occasion configuration to make use of the subnet and safety group configuration from the VPC block.

# terraform-data-sources-app/predominant.tf

useful resource "aws_instance" "app" {
###...

  /*
  subnet_id              = ""
  vpc_security_group_ids = []
  */

  subnet_id              = knowledge.terraform_remote_state.vpc.outputs.private_subnet_ids[count.index % length(data.terraform_remote_state.vpc.outputs.private_subnet_ids)]
  vpc_security_group_ids = knowledge.terraform_remote_state.vpc.outputs.app_security_group_ids

###...
}

7. Run terraform apply to use the applying infrastructure

• Run terraform apply to use the configuration and sort sure when prompted.

• After a couple of minutes, the load balancer well being checks will go, and can return this response.

• Watch for 4-5 minutes for the load balancer to be energetic

• run this

curl $(terraform output -raw lb_url)

• Copy and paste the lb_url onto a browswer

http://lb-Dju-data-sources-551760788.us-west-1.elb.amazonaws.com/

• You’ll this profitable message

• You should destroy the applying infrastructure earlier than the VPC infrastructure.

• For the reason that sources within the software infrastructure rely on these within the VPC infrastructure, the AWS API will return an error in the event you destroy the VPC first.

• destroy the applying infrastructure, immediate with sure.

terraform destroy

• Now, change to the VPC listing.

cd ../terraform-data-sources-vpc

• Destroy this VPC infrastructure as effectively, prompted with sure.

terraform destroy -var aws_region=us-west-1

• We’ve got efficiently demonstrated how one can use knowledge sources to make your configuration extra dynamic.

• We deployed two separate configurations to your community (VPC) and software sources and used the terraform_remote_state knowledge supply to share knowledge between them.

• We additionally changed region-specific configuration with dynamic values from AWS supplier knowledge sources.