I have been working on this terraform azure vm template and the goal is use for_each to make the module more dynamic in nature but i'm not able to figure out how to reference one resource_id in another resource block.
If you see in first resource block i'm creating NICs using "for_each" and i want to reference the "network_interface_id" in second resource which is associating Network Interface to outbound load balancer. Not sure how to do that but started to construct the string using variables. can anyone help me on how to reference the "network_interface_id" or any other resource id if required, any help is highly appreciated.
###################
# Network Interface
###################
resource "azurerm_network_interface" "this" {
for_each = var.vm_details
name = format(
"%s-${var.location}-%s-%s-nic-%s",
var.app_acronym,
var.env,
var.app_purpose,
each.value.vm_identifier
)
location = var.location
resource_group_name = var.resource_group_name
tags = var.tags
ip_configuration {
name = format(
"%s-${var.location}-%s-%s-ip-%s",
var.app_acronym,
var.env,
var.app_purpose,
each.value.vm_identifier
)
subnet_id = var.subnet_id
private_ip_address_allocation = var.private_ip_address_allocation != "" ? var.private_ip_address_allocation : "Dynamic"
}
enable_accelerated_networking = each.value.enable_accelerated_networking
}
###########################################################
# Asssociating Network Interface to outbound load balancer
###########################################################
resource "azurerm_network_interface_backend_address_pool_association" "this" {
for_each = var.olb_association
network_interface_id = "${var.rsrc_id_str_1}${var.subscription_id}${var.rsrc_id_str_2}${var.resource_group_name}${var.rsrc_id_str_nic_3}${var.app_acronym}${var.hifen}${var.location}${var.hifen}${var.env}${var.hifen}${var.app_purpose}${var.nic_abbrv}${each.value.vm_identifier}"
ip_configuration_name = format(
"%s-${var.location}-%s-%s-ip-%s",
var.app_acronym,
var.env,
var.app_purpose,
each.value.vm_identifier
)
backend_address_pool_id = each.value.backend_address_pool_id
depends_on = [azurerm_network_interface.this]
}
for_each creates a data structure that is referenced like the map you feed it. So if the name for an entry is "puppy", you would reference it as azurerm_network_interface.this["puppy"]
Related
Locked for 3 days. Comments on this question have been disabled, but it is still accepting new answers and other interactions. Learn more.
Objective:Link multiple subnets in the environment to corresponding NSGs using a module (NSGs and Subnets have been created using separate modules)
Root Module:
1.main.tf
resource "azurerm_subnet_network_security_group_association" "root_subnet_nsg_association" {
subnet_id = var.subnet_id
network_security_group_id = var.nsg_id
}
2.variables.tf
variable "subnet_id"{
type=number
description="ID of the subnet which is to be attached to NSG"
#default=""
}
variable "nsg_id"{
type=number
description="ID of the NSG which is to be associated with a subnet"
#default=""
}
Calling Module in Projects Folder:
(for_each used to iterate the module)
1.nsg_subnet_association.tf
module "nsg_subnet_asosciation_module"{
source="../../Modules/network/nsg_subnet_association"
#Variable names to be passed into the root module:
#Use for_each to loop the module:
#for_each accepts a set or map but not list as a value
for_each = local.nsg_subnet_association
subnet_id=each.key
nsg_id=each.value
}
2.locals block passing in values to the calling module:
NOTE:It is possible to have dynamic keys in the map using parenthesis ()
locals{ //Key in subnet name and NSG name for each element of the LIST
//Implicit dependence on Subnet and NSG being created before attempt to associate
#It is possible to have dynamic keys using parenthesis () as seen on left below
nsg_subnet_association={
(module.subnet_module["MGT-Subnet-1"].subnet_id)= module.nsg_module["HUB-NSG"].nsg_id
(module.subnet_module["MGT-Subnet-1"].subnet_id) = module.nsg_module["MGT-NSG"].nsg_id
(module.subnet_module["SEC-Subnet-1"].subnet_id) = module.nsg_module["SEC-NSG"].nsg_id
}
}
This ends up with the following error:
The "for_each" map includes keys derived from resource attributes that cannot be determined until apply, and so Terraform cannot determine the full set of keys that will identify the instances of this resource.
When working with unknown values in for_each, it's better to define the map keys statically in your configuration and place apply-time results only in the map values.
Alternatively, you could use the -target planning option to first apply only the resources that the for_each value depends on, and then apply a second time to fully converge.
In Terraform , when dynamically getting the value of vnets or subnets , it may take time to create and the rest of the dependent resources cannot get desired values and so this error occurs.
Error:
The "for_each" map includes keys derived from resource attributes that cannot be determined until apply, and so Terraform cannot determine the full set of keys that will identify the instances of this resource.
Use a code where the values are defined statically to resolve the error:
example:
Code:
Variables.tf:
variable "virtual_network_name" {
type = string
default = "my-virtual-network"
}
variable "subnet_address_prefixes" {
type = list(string)
default = ["10.0.1.0/24", "10.0.2.0/24"]
}
variable "subnet_names" {
type = set(string)
default = ["subnet1", "subnet2"]
}
variable "nsg_names" {
type = set(string)
default = ["nsg1", "nsg2"]
}
variable "subnet_nsg_mappings" {
type = map(string)
default = {
"subnet1" = "nsg1"
"subnet2" = "nsg2"
}
}
Main.tf
resource "azurerm_virtual_network" "virtual_network" {
name = var.virtual_network_name
address_space = ["10.0.0.0/16"]
location = data.azurerm_resource_group.example.location
resource_group_name = data.azurerm_resource_group.example.name
}
resource "azurerm_network_security_group" "nsg" {
for_each = toset(var.nsg_names)
name = each.value
location = data.azurerm_resource_group.example.location
resource_group_name = data.azurerm_resource_group.example.name
security_rule {
name = "allow_http"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "80"
source_address_prefix = "*"
destination_address_prefix = "*"
}
}
resource "azurerm_subnet" "subnet" {
for_each = toset(var.subnet_names)
name = each.value
virtual_network_name = azurerm_virtual_network.virtual_network.name
address_prefixes = var.subnet_address_prefixes
resource_group_name = data.azurerm_resource_group.example.name
// enable_multiple_address_prefixes = true
}
# Associate each subnet with its corresponding NSG
resource "azurerm_subnet_network_security_group_association" "subnet_nsg" {
for_each = var.subnet_nsg_mappings
subnet_id = azurerm_subnet.subnet[each.key].id
network_security_group_id = azurerm_network_security_group.nsg[each.value].id
//subnet_id = azurerm_subnet.subnet[each.key].id
// network_security_group_id = azurerm_network_security_group.nsg[var.subnet_nsg_mappings[each.value]].id
}
Or
Define locals for mappings .
locals {
subnet_nsg_mappings = {
"subnet1" = "nsg1",
"subnet2" = "nsg2",
"subnet3" = "nsg3"
}
}
resource "azurerm_subnet_network_security_group_association" "subnet_nsg" {
for_each = toset(var.subnet_names)
subnet_id = azurerm_subnet.subnet[each.value].id
network_security_group_id = azurerm_network_security_group.nsg[local.subnet_nsg_mappings[each.value]].id
}
If dynamic values must be used for_each keys cannot be determined during apply time. In that case use the -target option to first apply vnet and subnet values i.e; the resources that the for_each value depends on and apply completely.
terraform apply -target="azurerm_virtual_network.virtual_network" -target="azurerm_subnet.subnet"
Reference:
azurerm_subnet_network_security_group_association | Resources | hashicorp/azurerm | Terraform Registry
I have been trying to figure out what would be the most ideal option to deploy some fundamental, mostly identical resources (vnet, subnet, bastion host, nsg, etc.) resources in Azure, using Terraform.
I have tried it with for_each and it was working just fine until I have faced a problem where I had to pass a value to an attribute from a resource which was created with for_each. Let me show you:
So this is obviously working, nothing wrong with the following resources:
resource "azurerm_subnet" "AzureBastionSubnet" {
for_each = var.bastion_subnet
name = each.value["name"]
resource_group_name = azurerm_resource_group.rg.name
virtual_network_name = azurerm_virtual_network.vnet[each.key].name
address_prefixes = each.value["address_prefixes"]
depends_on = [azurerm_virtual_network.vnet]
}
resource "azurerm_public_ip" "bastion_public_ip" {
for_each = toset(var.public_ip_location)
name = "bastion-public-ip-${each.value}"
location = each.value
resource_group_name = azurerm_resource_group.rg.name
allocation_method = "Static"
sku = "Standard"
depends_on = [azurerm_subnet.AzureBastionSubnet]
}
But the problem starts now when in the following resource I need to pass attribute values from resources which were created with for_each. How on earth do I pass the right attributes from the created bastion subnets and public IPs to the subnet_id and public_ip_address_id?
resource "azurerm_bastion_host" "bastion" {
for_each = toset(var.location_list)
name = "bastion-${each.value}"
location = each.value
resource_group_name = azurerm_resource_group.rg.name
ip_configuration {
name = "configuration"
subnet_id = azurerm_subnet.AzureBastionSubnet.id
public_ip_address_id = azurerm_public_ip.bastion_public_ip.id
}
depends_on = [azurerm_public_ip.bastion_public_ip]
}
Thanks!
I was looking into Terraform's lookup, and also the for loop and I am sure they could make it work but I just cannot seem to figure it out.
You might be creating multiple items of azurerm_subnet.AzureBastionSubnet as you are using for_each here
resource "azurerm_subnet" "AzureBastionSubnet" {
for_each = var.bastion_subnet
name = each.value["name"]
resource_group_name = azurerm_resource_group.rg.name
virtual_network_name = azurerm_virtual_network.vnet[each.key].name
address_prefixes = each.value["address_prefixes"]
depends_on = [azurerm_virtual_network.vnet]
}
So you may want to refer to your individual azurerm_subnet instance by passing your var.bastion_subnet set member, or its map key.
for example:
resource "azurerm_bastion_host" "bastion" {
..
ip_configuration {
...
subnet_id = azurerm_subnet.AzureBastionSubnet["subnet-1"].id
}
depends_on = [azurerm_public_ip.bastion_public_ip]
}
Where subnet-1 is a key in my var.bastion_subnet map.
From Terraform documentation:
Referring to Instances
When for_each is set, Terraform distinguishes between the block
itself and the multiple resource or module instances associated with
it. Instances are identified by a map key (or set member) from the
value provided to for_each.
<TYPE>.<NAME> or module.<NAME> (for example,
azurerm_resource_group.rg) refers to the block. <TYPE>.<NAME>[<KEY>]
or module.<NAME>[<KEY>] (for example,
azurerm_resource_group.rg["a_group"],
azurerm_resource_group.rg["another_group"], etc.) refers to individual
instances.
Im trying to get value from one module and use it in another module.
I have module - vnet
resource "azurerm_virtual_network" "vnet" {
name = var.vnet_name
resource_group_name = var.resource_group_name
location = var.location
address_space = var.address_space
}
resource "azurerm_subnet" "subnet" {
name = "${var.vnet_name}-subnet"
resource_group_name = var.resource_group_name
virtual_network_name = azurerm_virtual_network.vnet.name
address_prefixes = var.subnet_prefixes
}
and the output is :
output "subnet_id" {
value = "${azurerm_subnet.subnet.id}"
}
output "vnet_name" {
value = "${azurerm_virtual_network.vnet.name}"
}
from this module i would like to get the vnet name and the subnet id for my other module that im using to create a nic.
nic module
module "vnet" {
source = "../vnet"
}
resource "azurerm_network_interface" "nic" {
name = "${module.vnet.vnet_name}-nic"
location = "east us 2"
resource_group_name = "null"
ip_configuration {
name = " "
subnet_id = module.vnet.subnet_id
private_ip_address_allocation = "Dynamic"
}
}
this way is working BUT the terraform plan , planning to create 2 resource per each resource because the way im using to get the values .
under nic module im using again the vnet module so its will create second vnet.
my main.tf is
resource "azurerm_resource_group" "rg" {
name = var.resource_group.name
location = var.resource_group.location
}
module "ib151w-vnet" {
source = "./modules/vnet"
resource_group_name = azurerm_resource_group.rg.name
vnet_name = "ib151w-vnet"
address_space = var.address_space
subnet_prefixes = var.subnet_prefixes
}
module "ib151w-nic" {
source = "./modules/nic"
name = "nic-test-123"
location = "east us 2"
resource_group_name = "ib151w"
}
the question is how can i get the vnet name and subnet id to use inside the nic module ?
i know there is alot of better ways to establish my request but im
just learning terraform and trying this specific way :)
how can i get the vnet name and subnet id to use inside the nic module
You have to explicitly pass those values in the root module:
module "ib151w-nic" {
source = "./modules/nic"
name = "nic-test-123"
location = "east us 2"
resource_group_name = "ib151w"
vnet_name = module.vnet.vnet_name
subnet_id = module.vnet.subnet_id
}
Also you have to modify your vnet module to make vnets and subents conditional. For example, add variable in the vent module:
variable "should_create_vnet_and_subnet" {
default = true
}
then make the resource conditional:
resource "azurerm_virtual_network" "vnet" {
count = should_create_vnet_and_subnet == true ? 1 : 0
name = var.vnet_name
resource_group_name = var.resource_group_name
location = var.location
address_space = var.address_space
}
resource "azurerm_subnet" "subnet" {
count = should_create_vnet_and_subnet == true ? 1 : 0
name = "${var.vnet_name}-subnet"
resource_group_name = var.resource_group_name
virtual_network_name = azurerm_virtual_network.vnet.name
address_prefixes = var.subnet_prefixes
}
And the rest. Basically you have to rewrite your entire vnet module around conditional resources.
There are a lot of things to reconsider here but I would like to stick to your query only as you have requested.
How to get value from the module in another module - Terraform
As I can see you are already using two modules for vnet(which includes subnet) and nic and also using two modules interface calls to use them. You can simply use variables in your nic module and then at the interface level you can pass the outputs from vnet module as an attribute to your nic module.
Refer to the below code.
# main.tf or MODULE INTERFACES
## Default variables ##
variable "resource_group_name" {
type = string
description = "(optional) resource group name in which resources will created"
default = "stack-over-flow-query"
}
variable "location" {
type = string
description = "(optional) location where resources would be created."
default = "east us 2"
}
################################
resource "azurerm_resource_group" "rg" {
name = var.resource_group_name
location = var.location
}
module "ib151w-vnet" {
source = "./modules/vnet"
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
vnet_name = "ib151w-vnet"
address_space = ["10.0.0.0/16"]
subnet_prefixes = ["10.0.1.0/24"]
}
module "ib151w-nic" {
source = "./modules/nic"
name = "${module.ib151w-vnet.vnet_name}-nic-test-123"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
subnet_id = module.ib151w-vnet.subnet_id
ip_configuration = "stackoverflow"
}
## NIC Module
resource "azurerm_network_interface" "nic" {
name = var.name
location = var.location
resource_group_name = var.resource_group_name
ip_configuration {
name = var.ip_configuration
subnet_id = var.subnet_id
private_ip_address_allocation = var.private_ip_address_allocation
}
}
## Required variable definitions with defaults(best practice installation in your situation)
Using the same outputs as yours in the vnet module.
output "vnet_name" {
value = azurerm_virtual_network.vnet.name
}
output "subnet_id" {
value = azurerm_subnet.subnet.id
}
Note: "${}"aka interpolation is not required when using terraform referencing without variables or any unknown value to terraform.
There can be a lot more ways to have a module like this but I would suggest at least a few things to try and do hands-on.
Use looping in your module to make multiple resources with one interface call [ only when necessary and make sense ]
https://developer.hashicorp.com/terraform/tutorials/configuration-language/for-each
Warning: extra looping can increase complexity.
Use conditions to control your module behavior.
https://developer.hashicorp.com/terraform/language/expressions/conditionals
And the most important when to use a module.
https://developer.hashicorp.com/terraform/language/modules/develop#when-to-write-a-module
I hope this helps and as I have stated this only answers your query, not some best practices or best vnet-nic module.
I'm trying to create network Interface in Azure through terraform using below script :
resource "azurerm_subnet" "internal" {
name = "Subnet1"
resource_group_name = "${var.VNetResourceGroup}"
virtual_network_name = "${var.VNetName}"
address_prefix = "10.0.2.0/24"
}
resource "azurerm_network_interface" "main" {
name = "${var.prefix}-nic"
location = "${var.location}"
resource_group_name = "${var.resourceGroup}"
ip_configuration {
name = "ipconfig1"
subnet_id = "${azurerm_subnet.internal.id}"
private_ip_address_allocation = "dynamic"
}
}
This script creates the Subnet Subnet1 and assigning that Subnet.id in ipconfiguration.
But if I have to create another network interface again through another .tf file with the same Subnet1 , how to do I get the ${azurerm_subnet.internal.id} value again.
That is if the Subnet is already existing and I do not want to create it, how to I set those values and use them?
EDIT
I have figured out, in powershell this is the script used to determine Subnet id :
$vnetId= "[resourceId("VNetRG",'Microsoft.Network/virtualNetworks', "VNetName")]"
$subnetRef = "[concat($vnetId, '/subnets/', "Subnet1")]"
where VNetRG - resource group of VNet ,
VNetName - Name of VNet ,
Subnet1 - Name of Subnet.
Can anyone tell me what is the equivalent script in terraform?
Use a subnet data source:
data "azurerm_subnet" "subnet1" {
name = "Subnet1"
virtual_network_name = "${var.VNetName}"
resource_group_name = "${var.VNetResourceGroup}"
}
Then reference it in your NIC code with
subnet_id = "${data.azurerm_subnet.subnet1.id}"
I am trying to create 2 VMs on Azure using Terraform.
I create 2 NICs like
variable "internalips" {
description = "List of Internal IPs"
default = ["10.0.2.10", "10.0.2.11"]
type = "list"
}
resource "azurerm_network_interface" "helloterraformnic" {
count = 2
name = "nic-${count.index}"
location = "West US"
resource_group_name = "myrg"
ip_configuration {
name = "testconfiguration1"
subnet_id = "${azurerm_subnet.helloterraformsubnet.id}"
private_ip_address_allocation = "static"
private_ip_address = "${element(private_ip_address, count.index)}"
}
}
Now I want to use them in module azurerm_virtual_machine
resource "azurerm_virtual_machine" "helloterraformvm" {
count = 2
name = "${element(elasticmachines, count.index)}"
location = "West US"
resource_group_name = "myrg"
network_interface_ids = "${element(azurerm_network_interface.helloterraformnic, count.index)}"
....
}
This gives me an error
Failed to load root config module: Error loading azure/rg.tf: Error
reading config for azurerm_virtual_machine[helloterraformvm]:
azurerm_network_interface.helloterraformnic: resource variables must
be three parts: TYPE.NAME.ATTR in:
${element(azurerm_network_interface.helloterraformnic, count.index)}
How can I use the above created NICs using index ?
First thinking to use length function to get the counts more than hard coding it.
from
count = 2
change to
count = "${length(var.internalips)}"
For your problem, you need to tell the resource which attribute you want to get the value.
network_interface_ids = "${element(azurerm_network_interface.helloterraformnic.id, count.index)}"
Refer:
terraform Interpolation Syntax
terraform azurerm_virtual_machine Attributes Reference