I have a file fsx.tf with 2 resource blocks and a file prod.tfvars:
My fsx.tf looks like:
resource "aws_fsx_ontap_storage_virtual_machine" "fsx_svm" {
for_each = var.fsx_svm
file_system_id = aws_fsx_ontap_file_system.fsx.id
name = each.value.name
}
resource "aws_fsx_ontap_volume" "fsx_volumes" {
for_each = var.fsx_volumes
name = var.name
storage_virtual_machine_id = each.value.storage_virtual_machine_id
My prod.tfvars looks like:
fsx_svm = {
svm01 = {
name = "svm01-single-az"
}
}
fsx_volumes = {
vol01 = {
name = "FS"
storage_virtual_machine_id = fsx_svm.svm01.id
}
}
I get the following error:
Error: expected length of storage_virtual_machine_id to be in the range (21 - 21), got fsx_svm.svm01.id
OR
Variables not allowed here
How to set the attribute id of resource aws_fsx_ontap_storage_virtual_machine in the variable of fsx_volumes ? My goal is to be able to reuse the resource block for other .tfvars files.
In this case the best way to do this may be resource chaining with for_each [1]. This means instead of having to rely on variables you can just do this:
resource "aws_fsx_ontap_storage_virtual_machine" "fsx_svm" {
for_each = var.fsx_svm
file_system_id = aws_fsx_ontap_file_system.fsx.id
name = each.value.name
}
resource "aws_fsx_ontap_volume" "fsx_volumes" {
for_each = aws_fsx_ontap_storage_virtual_machine.fsx_svm
name = "${each.key}-${var.name}"
storage_virtual_machine_id = each.value.id
}
[1] https://developer.hashicorp.com/terraform/language/meta-arguments/for_each#chaining-for_each-between-resources
Related
I have created 2 modules. One for SQS and another for SSM. My SQS creates 4 queues and i am trying to create corresponding entries in the parameter store for their url and arn. I am importing the SSM module inside my SQS module such that it creates the parameters right after SQS creation is done.
This is what my SQS module looks like :-
resource "aws_sqs_queue" "FirstStandardSQSQueue" {
name = "sqs-${var.stage}-one"
message_retention_seconds = var.SQSMsgRetention
redrive_policy = jsonencode({
deadLetterTargetArn = aws_sqs_queue.FirstDeadLetterQueue.arn
maxReceiveCount = 2
})
}
resource "aws_sqs_queue" "FirstDeadLetterQueue" {
name = "sqs-dead-letter-${var.stage}-one"
receive_wait_time_seconds = var.SQSRecvMsgWaitTime
}
resource "aws_sqs_queue" "SecondStandardSQSQueue" {
name = "sqs-${var.stage}-two"
message_retention_seconds = var.SQSMsgRetention
redrive_policy = jsonencode({
deadLetterTargetArn = aws_sqs_queue.SecondDeadLetterQueue.arn
maxReceiveCount = 3
})
}
resource "aws_sqs_queue" "SecondDeadLetterQueue" {
name = "sqs-dead-letter-${var.stage}-two"
receive_wait_time_seconds = var.SQSRecvMsgWaitTime
}
module "ssm" {
source = "../ssm/"
// How do i create a dynamic map???
for_each = var.Queues
name = "/new/${var.stage}/${each.key}"
type = "SecureString"
value = "${each.value}"
}
My SSM module looks like this :-
resource "aws_ssm_parameter" "main" {
name = var.name
type = var.type
value = var.value
}
I am trying to create either a map or somehow dynamically be able to pass values in my ssm module using for_each? I tried setting up something like this :-
variable "Queues" {
type = map
default = {
"FirstStandardSQSQueueUrl" = aws_sqs_queue.FirstStandardSQSQueue.url
"FirstStandardSQSQueueArn" = aws_sqs_queue.FirstStandardSQSQueue.arn
"SecondStandardSQSQueueUrl" = aws_sqs_queue.SecondStandardSQSQueue.url
"SecondStandardSQSQueueArn" = aws_sqs_queue.SecondStandardSQSQueue.arn
}
}
But this is invalid because i keep running into
Error: Variables not allowed line 40: Variables may not be used here.
Can someone suggest a better/right way to do it? Thank you.
As the error msg writes, you can't have dynamic variables. locals should be used instead.
locals {
Queues = {
"FirstStandardSQSQueueUrl" = aws_sqs_queue.FirstStandardSQSQueue.url
"FirstStandardSQSQueueArn" = aws_sqs_queue.FirstStandardSQSQueue.arn
"SecondStandardSQSQueueUrl" = aws_sqs_queue.SecondStandardSQSQueue.url
"SecondStandardSQSQueueArn" = aws_sqs_queue.SecondStandardSQSQueue.arn
}
}
Then you refer to the value as local.Queues in other parts of your code.
I'd like to iterate over a map variable and concatenate individual strings to a single string for an S3 subfolder.
My expected output is:
s3://my-bucket/name1/k1/abc/
s3://my-bucket/name1/k2/def/
s3://my-bucket/name2/k3/xyz/
But with the current setup I get a Cannot include the given value in a string template: string required. Is there another way to loop over my source_names variable or should I set it up differently?
main.tf s3_buckets modules
resource "aws_s3_bucket" "bucket" {
bucket = var.bucket_name
acl = "private"
tags = {
Name = var.tag
}
}
resource "aws_s3_object" "new_folders" {
for_each = var.source_names
bucket = aws_s3_bucket.bucket.id
acl = "private"
key = "${each.key}/${each.value.key_name}/${each.value.key_value}"
}
resource "aws_s3_bucket_public_access_block" "example" {
bucket = aws_s3_bucket.bucket.id
block_public_acls = true
block_public_policy = true
}
variables.tf s3_buckets_module
variable "bucket_name" {
description = "Name of the bucket"
type = string
}
variable "tag" {
description = "Resource tag"
type = string
}
variable "source_names" {
description = "key"
type = map(object({
key_name = list(string)
key_value = list(string)
}))
}
main.tf pipeline module
module "s3_bucket" {
source = "../s3_buckets"
bucket_name = "tf-list-keys-bucket"
tag = "tf"
source_names = {"name1" = {"key_name" = ["k1", "k2"], "key_value" = ["abc/", "def/"]},
"name2" = {"key_name" = ["k3"], "key_value" = ["xyz/"]}
}
}
main.tf
module "pipeline" {
source = "../modules/pipeline"
}
Iterating over your source_names requires you to have 2 embedder for loops:
resource "aws_s3_object" "new_folders" {
for_each = toset(flatten([
for key, value in var.source_names : [
for key_name, key_values in value : [
for key_value in key_values :
"${key}/${key_name}/${key_value}"
]]
]))
bucket = aws_s3_bucket.bucket.id
acl = "private"
key = each.value
}
You have to flatten out your data structure, otherwise Terraform wont know how many resources to provision. You cannot just put an array in a string and expecting Terraform to iterate over it (example: key = "${each.key}/${each.value.key_name}/${each.value.key_value}" - each.value.key_value is an array).
I am trying to use a map variable(which has 2 lambda names). Also, I want to pass a local variable inside the key values, as shown in the example below.However, I get an error as variable not allowed here. Any suggestions/advice?
variables.tf:
variable "lambdas" {
type = map(string)
default = {
"lambda1_name-${local.global_suffix}" = "lambda_function1",
"lambda2_name-${local.global_suffix}" = "lambda_function2"
}
}
locals{
global_suffix = "${var.env}-${var.project}${var.branch_hash}"
}
main.tf:
resource "aws_lambda_function" "main" {
for_each = var.lambdas
function_name = each.key
handler = "${each.value}.${var.handler}"
filename = "${path.module}/modules/lambda-main/${each.value}.zip"
source_code_hash = data.archive_file.init[each.key].output_base64sha256
role = module.lambda_iam_role.arn
runtime = "python3.6"
memory_size = "2048"
timeout = "900"
tags = local.tags
description = "${var.project} Lambda Function"
}
I am trying to use one lambda resource block to create 2 lambda functions(hence using the map variable)
Your variable default values can't by dynamic. They must be static values. Thus, instead of having var.lambdas, in your case it would be better to use locals:
variable "lambdas" {
type = map(string)
default = {
"lambda1_name" = "lambda_function1",
"lambda2_name" = "lambda_function2"
}
}
locals {
lambdas = {for key, value in var.lambdas: "${key}-${local.global_suffix}" => value}
}
Them you would:'
resource "aws_lambda_function" "main" {
for_each = local.lambdas
....
}
I have an issue with my terragrunt/terraform code as below.
I don't know the right way to retrieve my both crawlers created by my for_each loop.
Normally I create it with for and count.
I can't retrieve the correct values in my action triggers (main.tf).
terragrunt file (input):
inputs = {
glue_crawler = {
crawler = {
crawler_name = "test",
description = "test crawler"
},
crawler1 = {
crawler_name = "test2",
description = "test2 crawler"
}
}
}
main.tf
#crawler declaration
resource "aws_glue_crawler" "default" {
for_each = var.glue_crawler
database_name = aws_glue_catalog_database.database.name
name = "Crawler_${each.value.crawler_name}"
description = each.value.description
role = aws_iam_role.svc-glue-crawler.id
table_prefix = "raw_"
tags = var.tags
s3_target {
path = "${var.s3_glue_name}/${each.value.crawler_name}"
}
configuration = jsonencode(var.crawler_configuration)
}
...
#trigger
resource "aws_glue_trigger" "my_trigger" {
name = var.trigger_name
schedule = "cron(00 01 * * ? *)"
type = "SCHEDULED"
enabled = "false"
tags = var.tags
actions {
job_name = aws_glue_crawler.default[0].name
}
actions {
job_name = aws_glue_crawler.default[1].name
}
variable.tf
variable "glue_crawler" {
type = map(object({
crawler_name = string
description = string
}))
default = {}
description = "glue crawler definitions."
}
When i run this code i have the following errors:
Error: Invalid index
on main.tf line 294, in resource "aws_glue_trigger" "my_trigger": 294: job_name = aws_glue_crawler.default[0].name
|----------------
| aws_glue_crawler.default is object with 2 attributes
The given key does not identify an element in this collection value.
Error: Invalid index
on main.tf line 298, in resource "aws_glue_trigger" "my_trigger": 298: job_name = aws_glue_crawler.default[1].name
|----------------
| aws_glue_crawler.default is object with 2 attributes
The given key does not identify an element in this collection value.
When you use for_each instead of count you need to access the specific element with the key and not the index. So this will be crawler and crawler1 instead of 0 and 1 in your example:
resource "aws_glue_crawler" "default" {
for_each = var.glue_crawler
database_name = aws_glue_catalog_database.database.name
name = "Crawler_${each.value.crawler_name}"
description = each.value.description
role = aws_iam_role.svc-glue-crawler.id
table_prefix = "raw_"
tags = var.tags
s3_target {
path = "${var.s3_glue_name}/${each.value.crawler_name}"
}
configuration = jsonencode(var.crawler_configuration)
}
...
#trigger
resource "aws_glue_trigger" "my_trigger" {
name = var.trigger_name
schedule = "cron(00 01 * * ? *)"
type = "SCHEDULED"
enabled = "false"
tags = var.tags
actions {
job_name = aws_glue_crawler.default["crawler"].name
}
actions {
job_name = aws_glue_crawler.default["crawler1"].name
}
}
But of course that only works that specific input. Instead you should consider making the actions parameter dynamic and using for_each over the crawlers here too:
resource "aws_glue_trigger" "my_trigger" {
name = var.trigger_name
schedule = "cron(00 01 * * ? *)"
type = "SCHEDULED"
enabled = "false"
tags = var.tags
dynamic "actions" {
for_each = aws_glue_crawler.default
content {
job_name = actions.name
}
}
}
I am creating a bunch of Route 53 resolver rules in each region and this works great with for_each loop:
resource "aws_route53_resolver_rule" "resolver-rule" {
for_each = var.resolver-rules
domain_name = each.value.domain-name
name = format("core-%s", each.value.domain-label)
rule_type = "FORWARD"
resolver_endpoint_id = aws_route53_resolver_endpoint.outbound-endpoint.id
target_ip {
ip = each.value.forwarder1
}
target_ip {
ip = each.value.forwarder2
}
tags = merge(var.tags, map("Name", format("core-%s-%s-%s", var.team_name, var.environment, each.value.domain-label)))
}
My var looks like this:
variable "resolver-rules" {
description = "A map of parameters needed for each resolver rule"
type = map(object({
domain-name = string
domain-label = string
forwarder1 = string
forwarder2 = string
}))
}
resolver-rules = {
"resolver-rule1" = {
domain-name = "10.in-addr.arpa."
domain-label = "10-in-addr-arpa"
forwarder1 = "10.10.1.100"
forwarder2 = "10.10.2.100"
}
"resolver-rule2" = {
domain-name = "mycompany.com."
domain-label = "mycompany-com"
forwarder1 = "10.10.1.100"
forwarder2 = "10.10.2.100"
}
}
Now I need to associate those rules with resource share (not posting here):
resource "aws_ram_resource_association" "rule-association" {
for_each = var.resolver-rules
resource_arn = aws_route53_resolver_rule.resolver-rule.arn
resource_share_arn = aws_ram_resource_share.rte53-resolver-share.arn
}
Question: how do I modify (enumerate) my resource association part, so that each association would be created for each rule I define (it has to be 1 to 1 association). I just can't wrap my head around it :)
Your aws_route53_resolver_rule.resolver-rule will be a map with keys of resolver-rule1 and resolver-rule2.
Therefore to access its arn in your rule-association you could do the following:
resource "aws_ram_resource_association" "rule-association" {
for_each = var.resolver-rules
resource_arn = aws_route53_resolver_rule.resolver-rule[each.key].arn
resource_share_arn = aws_ram_resource_share.rte53-resolver-share.arn
}
In your question, aws_ram_resource_share.rte53-resolver-share.arn is not shown, thus I don't know if you also require some changes to it or not.