Terraform:set resource Parameters by checking values of variable - Stack Overflow

admin管理员组

文章数量:1023738

Newbie on terraform .I am doing something like this as of now .

  module "vote_service_sg" {
  source = "terraform-aws-modules/security-group/aws"
  for_each = var.inpparameter
 // count       = length(local.mergesubnets)
  name        = "user-service"
  description = "Security group"
  vpc_id      = each.value.name=="vpc2"?"vpc-03fca892776900aa1":"vpc-07a77da5bec5f9583"

  ingress_cidr_blocks      = ["0.0.0.0/0"]
  ingress_rules            = ["all-tcp"]
  egress_cidr_blocks       = each.value.name=="vpc1"?["0.0.0.0/0"]:[]
  egress_rules             = each.value.name=="vpc1"?["all-tcp","ssh-tcp"]:[]
}

Is there a way to do check if my vpc is vpc1 then I assign all the resource attributes to a set of values and if it isn't another set of values ,instead of checking the condition on each of the parameters?

Newbie on terraform .I am doing something like this as of now .

  module "vote_service_sg" {
  source = "terraform-aws-modules/security-group/aws"
  for_each = var.inpparameter
 // count       = length(local.mergesubnets)
  name        = "user-service"
  description = "Security group"
  vpc_id      = each.value.name=="vpc2"?"vpc-03fca892776900aa1":"vpc-07a77da5bec5f9583"

  ingress_cidr_blocks      = ["0.0.0.0/0"]
  ingress_rules            = ["all-tcp"]
  egress_cidr_blocks       = each.value.name=="vpc1"?["0.0.0.0/0"]:[]
  egress_rules             = each.value.name=="vpc1"?["all-tcp","ssh-tcp"]:[]
}

Is there a way to do check if my vpc is vpc1 then I assign all the resource attributes to a set of values and if it isn't another set of values ,instead of checking the condition on each of the parameters?

• terraform

Share Improve this question Follow asked Nov 19, 2024 at 14:33 satya18948satya18948 1733 bronze badges 3

• Are there any errors with the code you have? If so, please add it to the question. – Marko E Commented Nov 19, 2024 at 15:13
• 2 You should probably avoid this entirely by managing the vpc security groups with separate module declarations. This will likely cause issues for you otherwise. – Matthew Schuchard Commented Nov 19, 2024 at 15:15
• There are no Errors .As i am learning I wanted to know if there are ways to do the stuff. – satya18948 Commented Nov 19, 2024 at 16:10

Add a comment  | 

1 Answer 1

Sorted by: Reset to default 0

The most typical way to do this would be to include the values that vary between instances of your module as attributes in the elements of your var.inppararameter.

For example:

variable "inpparameter" {
  type = map(object({
    vpc_id             = optional(string, "vpc-07a77da5bec5f9583")
    egress_cidr_blocks = optional(set(string), [])
    egress_rules       = optional(set(string), [])
  }))
}

module "vote_service_sg" {
  source = "terraform-aws-modules/security-group/aws"
  for_each = var.inpparameter

  name        = "user-service"
  description = "Security group"
  vpc_id      = each.value.vpc_id

  ingress_cidr_blocks      = ["0.0.0.0/0"]
  ingress_rules            = ["all-tcp"]
  egress_cidr_blocks       = each.value.egress_cidr_blocks
  egress_rules             = each.value.egress_rules
}

To match your example as closely as possible I made all of the attributes optional with the default set to whatever your conditional expressions would've returned for any non-matching VPC. Therefore you could get the same result as your example by populating this input variable like this:

  inpparameter = {
    "vpc1" = {
      egress_cidr_blocks = ["0.0.0.0/0"]
      egress_rules       = ["all-tcp","ssh-tcp"]
      # (vpc_id defaults to "vpc-07a77da5bec5f9583")
    }
    "vpc2" = {
      vpc_id = "vpc-03fca892776900aa1"
      # (the other two arguments default to empty)
    }
  }

Newbie on terraform .I am doing something like this as of now .

  module "vote_service_sg" {
  source = "terraform-aws-modules/security-group/aws"
  for_each = var.inpparameter
 // count       = length(local.mergesubnets)
  name        = "user-service"
  description = "Security group"
  vpc_id      = each.value.name=="vpc2"?"vpc-03fca892776900aa1":"vpc-07a77da5bec5f9583"

  ingress_cidr_blocks      = ["0.0.0.0/0"]
  ingress_rules            = ["all-tcp"]
  egress_cidr_blocks       = each.value.name=="vpc1"?["0.0.0.0/0"]:[]
  egress_rules             = each.value.name=="vpc1"?["all-tcp","ssh-tcp"]:[]
}

Is there a way to do check if my vpc is vpc1 then I assign all the resource attributes to a set of values and if it isn't another set of values ,instead of checking the condition on each of the parameters?

Newbie on terraform .I am doing something like this as of now .

  module "vote_service_sg" {
  source = "terraform-aws-modules/security-group/aws"
  for_each = var.inpparameter
 // count       = length(local.mergesubnets)
  name        = "user-service"
  description = "Security group"
  vpc_id      = each.value.name=="vpc2"?"vpc-03fca892776900aa1":"vpc-07a77da5bec5f9583"

  ingress_cidr_blocks      = ["0.0.0.0/0"]
  ingress_rules            = ["all-tcp"]
  egress_cidr_blocks       = each.value.name=="vpc1"?["0.0.0.0/0"]:[]
  egress_rules             = each.value.name=="vpc1"?["all-tcp","ssh-tcp"]:[]
}

Is there a way to do check if my vpc is vpc1 then I assign all the resource attributes to a set of values and if it isn't another set of values ,instead of checking the condition on each of the parameters?

• terraform

Share Improve this question Follow asked Nov 19, 2024 at 14:33 satya18948satya18948 1733 bronze badges 3

• Are there any errors with the code you have? If so, please add it to the question. – Marko E Commented Nov 19, 2024 at 15:13
• 2 You should probably avoid this entirely by managing the vpc security groups with separate module declarations. This will likely cause issues for you otherwise. – Matthew Schuchard Commented Nov 19, 2024 at 15:15
• There are no Errors .As i am learning I wanted to know if there are ways to do the stuff. – satya18948 Commented Nov 19, 2024 at 16:10

Add a comment  | 

1 Answer 1

Sorted by: Reset to default 0

The most typical way to do this would be to include the values that vary between instances of your module as attributes in the elements of your var.inppararameter.

For example:

variable "inpparameter" {
  type = map(object({
    vpc_id             = optional(string, "vpc-07a77da5bec5f9583")
    egress_cidr_blocks = optional(set(string), [])
    egress_rules       = optional(set(string), [])
  }))
}

module "vote_service_sg" {
  source = "terraform-aws-modules/security-group/aws"
  for_each = var.inpparameter

  name        = "user-service"
  description = "Security group"
  vpc_id      = each.value.vpc_id

  ingress_cidr_blocks      = ["0.0.0.0/0"]
  ingress_rules            = ["all-tcp"]
  egress_cidr_blocks       = each.value.egress_cidr_blocks
  egress_rules             = each.value.egress_rules
}

To match your example as closely as possible I made all of the attributes optional with the default set to whatever your conditional expressions would've returned for any non-matching VPC. Therefore you could get the same result as your example by populating this input variable like this:

  inpparameter = {
    "vpc1" = {
      egress_cidr_blocks = ["0.0.0.0/0"]
      egress_rules       = ["all-tcp","ssh-tcp"]
      # (vpc_id defaults to "vpc-07a77da5bec5f9583")
    }
    "vpc2" = {
      vpc_id = "vpc-03fca892776900aa1"
      # (the other two arguments default to empty)
    }
  }

本文标签： Terraformset resource Parameters by checking values of variableStack Overflow