1.Terraform Validate:
- Terraform validate primarily checks whether a configuration is synatically valid.
- It can check various aspects like unsupported arguments, undeclared variables and others
terraform validate
2.Terraform format: Formats the configuration files in the folder where you can ran terraform commands
2.1 Subfolder level
terraform fmt
2.2 Formatting at parent folder for all sub folders
terraform fmt -recursive
3. Destroy: The terraform destroy command is a convenient way to destroy all remote objects managed by a particular Terraform configuration.
Usage : Terraform destroy [options]
3.1 You can check destroy plan by running the below command
terraform plan -destroy
3.2 To apply the terraform destroy , run the command
terraform apply -destroy
Note : The -destroy option to terraform apply exists only in Terraform v0.15.2 and later. For older versions, you must use terraform destroy to get the effect of terraform apply -destroy.
4. Terraform functions:
The Terraform language includes a number of built-in functions that you can use to transform and combine values.
The general syntax for function calls is a function name followed by comma-separated arguments in parentheses:
function (argument1, argument2)
Example:
max(5, 12, 9)
12
Can be tested by the command โ terraform console
The Terraform language does not support user-defined functions, and so only the functions built into the language are available for use
- Numeric
- String
- Collection
- Encoding
- Filesystem
- Date and Time
- Hash and Crypto
- IP Network
- Type Conversion
Link - https://www.terraform.io/docs/language/functions/index.html
5.Data Sources : It allow data to be fetched or computed for use elsewhere in Terraform configuration
A data source is defined under the data block.
It reads from a specific data source (aws_ami) and exports results under โapp_amiโ
data "aws_ami" "app_ami" {
most_recent =true
owners = ["amazon"]
filter{
name = "name"
values = ["amzn2-ami-hvm*"]
}
}
resource "aws_instance" "myfirstec2" {
ami = data.aws_ami.app_ami.id
instance_type = var.instance_type
}
6.Debugging in Terraform :
Terraform has detailed logs which can be enabled by setting the TF_LOG environment variable to any value
Possible values for TF_LOG are : TRACE, DEBUG,INFO, WARN, ERROR
7.Dynamic Blocks
Understanding the actual Challenge:
In many of the use-cases, there are repeatable nested blocks that need to be defined.
This can lead to a long code and it can be difficult to manage in a long time.
Overview of Dynamic Blocks
Dynamic Block allows us to dynamically construct repeatable nested blocks which is supported inside resource, data, provider, and provisioner blocks:
Before.tf ( Terraform configuration with out using Dynamics Block)
# Before.tf ( Terraform configuration with out using Dynamics Block)
resource "aws_security_group" "demo_sg" {
name = "sample-sg"
ingress {
from_port = 8200
to_port = 8200
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 8201
to_port = 8201
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 8300
to_port = 8300
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 9200
to_port = 9200
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 9500
to_port = 9500
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
}
Dynamic.tf ( Terraform configuration with using Dynamics Block)
#Dynamic.tf ( Terraform configuration with using Dynamics Block)
variable "sg_ports" {
type = list(number)
description = "list of ingress ports"
default = [8200, 8201,8300, 9200, 9500]
}
resource "aws_security_group" "dynamicsg" {
name = "dynamic-sg"
description = "Ingress for Vault"
dynamic "ingress" {
for_each = var.sg_ports
iterator = port
content {
from_port = port.value
to_port = port.value
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
}
dynamic "egress" {
for_each = var.sg_ports
content {
from_port = egress.value
to_port = egress.value
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
}
}
Note : Using the same blog, will add the remaining commands
8.Overview of Iterators
The iterator argument (optional) sets the name of a temporary variable that represents the current element of the complex value
If omitted, the name of the variable defaults to the label of the dynamic block ("ingress" in the example above).
9.Splat Expression: It allows us to get a list of all the attributes
Splat.tf
provider "aws" {
region = "us-west-2"
access_key = "YOUR-ACCESS-KEY"
secret_key = "YOUR-SECRET-KEY"
}
resource "aws_iam_user" "lb" {
name = "iamuser.${count.index}"
count = 3
}
output "arns" {
value = aws_iam_user.lb[*].arn
}
10.Terraform Graph: The terraform graph command is used to generate a visual representation of either a configuration or execution plan
The output of terraform graph is in the DOT format, which can easily be converted to an image.
11.Saving Terraform Plan to a File
terraform plan -out=path
12.Dealing with Large Infrastructure
Setting Refresh to False
We can prevent terraform from querying the current state during operations like terraform plan.
This can be achieved with the -refresh=false flag
The -target=resource flag can be used to target a specific resource.
Generally used as a means to operate on isolated portions of very large configurations
13.Zipmap Functions: The zipmap function constructs a map from a list of keys and a corresponding list of values.
Following screenshot shows a sample output of Zipmap
14.Taint: The terraform taint command informs Terraform that a particular object has become degraded or damaged. Terraform represents this by marking the object as "tainted" in the Terraform state, and Terraform will propose to replace it in the next plan you create.
Warning: This command is deprecated. For Terraform v0.15.2 and later, we recommend using the -replace option with terraform apply instead (details below).
Recommended Alternative: For Terraform v0.15.2 and later, its been recommended using the -replace option with terraform apply to force Terraform to replace an object even though there are no configuration changes that would require it.
$ terraform apply -replace="aws_instance.myec2"
_aws_instance.myec2 is the ec2 instance configuration code you are having currently.
15.Terraform untaint -
terraform untaint [options] address
Refer :https://developer.hashicorp.com/terraform/cli/commands/untaint
๐ฌ If you enjoyed reading this blog post and found it informative, please take a moment to share your thoughts by leaving a review and liking it ๐ and follow me in linkedin
Top comments (1)
great