Embracing the Messiness in Search of Epic Solutions

Category: Infrastructure as Code

  • Terraform: Updating State Using “Moved” Block

    This post illustrates how you can rename existing resources or restructure the Terraform codebase without destroying and recreating the resources using moved block introduced in Terraform 1.1. It also explains some limitations using this new construct. PROBLEM: MODIFYING EXISTING RESOURCE NAME Using a simple resource block below as an example… On apply, one resource is… Read More…

  • Terraform: Handling Errors with try(…)

    PROBLEM Given the following output block:- Sometimes, during an apply or destroy, we may get this error:- One way to fix this is to do conditional expressions like this, but it’s not pretty:- SOLUTION Since Terraform v0.12.20, we can solve this with try and achieve the same outcome:- Read More…

  • Terraform: Skipping Buggy Provider Version

    PROBLEM Given the following required_providers block… … it will allow the following Google provider version: >= 3.8, < 4.0. As of today (May 10), the latest Google provider is 3.20.0. A quick terraform init confirms that. However, sometimes, there’s a need to skip a buggy version. For example, 3.20.0 breaks google_compute_firewall. SOLUTION To achieve that,… Read More…

  • GCP + Terraform: Running Terraform Commands with a Service Account

    PROBLEM When running these commands… … it allows terraform apply to provision the infrastructure using your credential. However, sometimes there’s a need to run Terraform using a service account. SOLUTION First, identify the service account you want to use… for example: [email protected]. Then, create and download the private key for the service account. Command: Output:… Read More…

  • GCP + Kitchen Terraform: Local Development Workflow

    INTRODUCTION Here’s a typical workflow for implementing and running Kitchen Terraform tests outside of the GCP environment, for example, from an IDE on a Mac laptop. Enable “gcloud” Access Command: The first step is to ensure we can interact with GCP using the gcloud command using our user credential. This is needed because the tests… Read More…

  • Terragrunt: “plan-all” while Passing Outputs between Modules

    PROBLEM Terragrunt has a feature that allows one module to pass outputs to another module. For example, if “project-prod” module wants to consume “subfolders” output from “folder” module, it can be done like this in “project-prod” module’s terragrunt.hcl:- The challenge is when running commands such as plan-all, it will fail with the following error:- SOLUTION… Read More…