How to loop through a list of variables to create a bunch of redundant AWS resources?

[mach...@gmail.com]

I'm new to TF. Spent the last week with high success getting things built. I've reached the point where I'm ready to take my TF relationship to the next level. 

My first order of business is to start reusing templates and loop over a variable list to create each one. For example take this list defined in my variables tf file.

variable "name" {
  default = {
    "0" = "john"
    "1" = "paul"
    "2" = "jones"
  }
}

Now I'd like to run a cloudfront resource template on each one. Here's a truncated cloudfront resource block from a tf file. 

resource "aws_cloudfront_distribution" "s3_distribution" {
  origin {
    domain_name = "${var.name}.company.com.s3.amazonaws.com"
    origin_id   = "s3alias-${name}.company.com"
  }


  enabled             = true
  comment             = "created by terraform using ${name}"


  logging_config {
    include_cookies = false
    bucket          = "${name}.company.com.s3.amazonaws.com"
    prefix          = "cloudfront_logs"
  }


  aliases = ["${name}.company.com"]


***** ... blah blah blah stuff....

So in the end I'd end up with 3 cloudfront distros in this case. I see some vague examples of others using count and index. Seems wonky tho and I'm not sure that's right. Or maybe this should be a module? And if so I'm still not sure how to call the module for each value in a list. Any pointers on the proper way to do this is appreciated.

[Lowe Schmidt]

There is not support for loops right now. 

For some resources you can emulate it with count and using count.index to look up values in a map for example. 

--

Lowe Schmidt | +46 723 867 157

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/hashicorp/terraform/issues
IRC: #terraform-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Terraform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to terraform-tool+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/cb257abb-8c7c-4dbf-891c-91e2643ee815%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[mach...@gmail.com]

Well, that explains why I'm lost then. I find this very surprising and expected TF to be a bit more mature as a project given all the hype. My AWS infrastructure has a boat load of redundant items like cloudfront/SQS/Cloudwatch/R53 subdomain entries... Writing each one out as it's own file isn't ideal. Hmmmm... I guess I'll just write a script to write the resource files out for me, or write a terraform wrapper that handles it. Not a good practice, and a bit messy, but it'll at least work. 

Thanks for the quick reply!

-m 

To unsubscribe from this group and stop receiving emails from it, send an email to terraform-too...@googlegroups.com.

[mach...@gmail.com]

I should add one more thing... TF is after all a descriptive language. Whereas I'm used to procedural. Perhaps my surprise has more to do with me getting use to the difference between the two. Thought I should add that so I don't seem like I'm attacking TF because it really is quite cool. I'm going to write some quick shell scripts to spit out the templates I need and just manage this as process outside of TF for the time being. 

[Lowe Schmidt]

The big thing for TF is that you can version and iterate on your
infrastructure for different environments, and only have the data be
different for each one, using a thought out structure and some
symlinks goes a long way of not duplicating resources declaration that
are identical.

If you haven't read Charity Majors blog about terraform, you should (
https://charity.wtf/2016/04/14/scrapbag-of-useful-terraform-tips/ )

Personally, right now I do something like this:

root
- providers
-- aws
--- eu_west_1_staging
---- main.tf (symlink to ../main.tf)
---- staging_specific.tf
---- terraform.tfvars

--- eu_west_1_production
---- main.tf (symlink to ../main.tf)
---- terraform.tfvars

--- global/ (IAM, DNS etc)
--- main.tf

- modules
-- aws
--- service specific modules (my_cool_app/{main,output,variables}.tf
or whatever)

All low level modules (think VPC, subnets, RDS, elasticache,
autoscaling groups &c) live in their own git repo.

And in the main repo you have your service specific modules (that
probably uses the low level modules under the hood)

This setup also expects that each region+environment has it's own
state file and doesn't share.

There is still a lot going on in how to structure and develop with
terraform, some use remote state extensively, I have not yet gone that
route myself so I can't comment on how well it works.

--
Lowe Schmidt | +46 723 867 157

> https://groups.google.com/d/msgid/terraform-tool/9bacec91-2b9a-482c-a072-9b029915ff12%40googlegroups.com.

[Franck Ratier]

Hi,

Check this, part 5 is about loops.

Cheers

[m@]

That makes complete sense. I'll give it a shot. Thank you for the info.

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/hashicorp/terraform/issues
IRC: #terraform-tool on Freenode
---

You received this message because you are subscribed to a topic in the Google Groups "Terraform" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/terraform-tool/FWtrlYI1tGc/unsubscribe.
To unsubscribe from this group and all its topics, send an email to terraform-tool+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/87c813d9-2743-4ce5-a7c0-5e60bdc3fbaf%40googlegroups.com.