I am using terraform version 0.14.3.
I have a module for creating an Azure Network Interface Card, as below:
resource "azurerm_network_interface" "nic" {
name = var.nic_name
location = var.location
resource_group_name = var.rg_name
ip_configuration {
name = var.ipconfig_name
subnet_id = var.subnet_id
private_ip_address_allocation = "Dynamic"
}
}
Its output is defined as :
output "nic_id" {
value = azurerm_network_interface.nic.id
}
I am calling this module in this parent module:
module "NIC" {
source = "./NIC"
for_each = var.nics
nic_name = each.value.nic_name
location = "eastus2"
rg_name = "abc-test-rg"
ipconfig_name = each.value.ipconfig_name
subnet_id = <subnet_id>
}
output "nic_ids" {
value = [for k in module.NIC.nic_id : k.id]
}
The NIC values are defined as below:
nics = {
nic1 = {
nic_name = "abc-nic-1"
ipconfig_name = "nic-1-ipconfig"
}
}
I want to loop around the NIC output IDs, and want them displayed.
When I run above code, I get below error in terraform plan :
Error: Unsupported attribute
on main.tf line 15, in output "nic_ids":
15: value = [for k in module.NIC.nic_id : k.id]
|----------------
| module.NIC is object with 1 attribute "nic1"
This object does not have an attribute named "nic_id".
How do I get around it ?
Your module "NIC" block has for_each set, and so the module.NIC symbol elsewhere in the module is a mapping from instance keys to output objects, rather than just a single output object as for a singleton module.
Terraform's error message is attempting to draw attention to that with the following message:
module.NIC is object with 1 attribute "nic1"
Notice that nic1 here is a key from your var.nics, and not one of the output values defined in your module.
Assuming that the nic_id output you showed here is the only one defined in that module, the module.NIC value would be shaped something like this:
{
nic1 = {
nic_id = "eni-e5aa89a3"
}
}
It sounds like you instead want to produce a value shaped like this:
{
nic1 = "eni-e5aa89a3"
}
If so, a suitable expression to get that result would be the following:
output "nic_ids" {
value = { for k, nic in module.NIC : k => nic.nic_id }
}
The above means: produce a mapping with one element for each instance of the NIC module, whose key is the module instance key and whose value is the nic_id output value.
Alternatively, if it doesn't matter which id belongs to which instance then you could produce an unordered set of ids, like this:
output "nic_ids" {
value = toset([for nic in module.NIC : nic.nic_id])
}
In this case the for expression only defines a local symbol nic, which represents the module instance object, because it doesn't do anything with the instance key. The toset here is to represent that the IDs are not in any particular order: that isn't strictly necessary but I think it's a good practice to make sure that any other Terraform code depending on that value doesn't inadvertently depend on the current arbitrary ordering of the ids, which might change in future if you add or remove elements in var.nics.
Related
Here is my shortened code:
variable.tf:
variable "vm_avd" {
type = map(any)
default = {
avd-std = {
vm_count = "2"
### Interface Vars
subnet_id = "AD"
}
avd-gpu = {
vm_count = "2"
### Interface Vars
subnet_id = "AD"
}
}
}
variable "vm_server" {
type = map(any)
default = {
srv-std = {
vm_count = "2"
### Interface Vars
subnet_id = "AD"
}
}
}
if.tf:
resource "azurerm_network_interface" "if" {
count = var.vm_count
name = var.private_ip_address_allocation == "Static" ? "if_${var.if_name}_${replace(var.private_ip_address, ".", "")}_${format("%02d", count.index)}" : "if_${var.if_name}_${format("%02d", count.index)}"
location = var.location
resource_group_name = var.resource_group_name
ip_configuration {
name = "if_ipconfig"
subnet_id = var.subnet_id
private_ip_address_version = var.private_ip_address_version
private_ip_address_allocation = var.private_ip_address_allocation
private_ip_address = var.private_ip_address
}
}
output "if_name" {
value = azurerm_network_interface.if[*].name
}
output "if_id" {
value = azurerm_network_interface.if[*].id
}
main.tf:
module "vm" {
for_each = merge(var.vm_server, var.vm_avd)
vm_name = each.key
vm_count = each.value["vm_count"]
network_interface_ids = module.if[each.key].if_id
}
module "if" {
for_each = merge(var.vm_server, var.vm_avd)
vm_count = each.value["vm_count"]
if_name = each.key
subnet_id = module.snet[each.value["subnet_id"]].snet_id
}
Is there a possibility to reference in a for_each loop the correct count object for dependent resources?
I'm creating Terraform modules for Azure and I want to build a structure that is highly flexible and easy to fill for everyone.
Therefore I build a root file with a single module call for each resource and I have a single main variables file which should be filled with values which are looped through.
All related resource variables are defined in the same variables object, so for a VM a variable VM is created and filled with VM details, NIC details and extension details. The single modules run through the same variables for VM, NIC and extensions which is, in general, running fine.
I can reference the subnet_id for the network interfaces nicely but as soon as I use a count operator in the resource I don't know how the correctly get the network interface ID of the correct interface for the correct VM.
Now I ran into the problem that I use for_each in my module call and I want to have the option to use count in my resource definition too. It is working but when I build e.g. virtual machines, I get the problem that I cannot reference to the correct network interfaces.
Atm all my interfaces are connected to the same VM and the 2nd VM cannot be build. Same goes for extensions and any possible multiple objects tho.
I tried several module calls but the first VM got all the interfaces every time. I tried with the Star character in the NIC module call or with the network interface ID.
If this is not possible at all, I thought of a solution with building the network interface ID itself with its original form.
I also checked if there is a possibility to build an array with the for_each and count elements but I couldn't find any way to build arrays out of number variables in terraform, like the normal "for 1 to 5 do".
If you know of any way to do this, I would be grateful too.
Maybe it is a typo when you try to simplify the question, but in your variables you have:
variable vm_avd { default = { avd-std = {...}} }
variable vm_server { default = { avd-std = {...}} }
in your main tf you have:
merge(var.vm_server, var.vm_avd)
since the key is the same, one will override the other, if you are using the default value, it might result in the behaviour you are suggesting, consider changing the key name to server-std?
I got the solution with simply providing the whole element array, e.g. from VM, to the variable for the ID and the reference the correct VM with the count index:
virtual_machine_id = var.vm_id[count.index]
As i run through the same Count in other ressources, I get the correct order of the elements for referencing :)
I have a set of variables in terraform.tfvars:
resource_groups = {
cow = {
name = "Cow"
location = "eastus"
},
horse = {
name = "Horse"
location = "eastus"
},
chicken = {
name = "Chicken"
location = "westus2"
},
}
my main.tf looks like this:
...
module "myapp" {
source = "./modules/myapp"
resource_groups = var.resource_groups
}
variable "resource_groups" {}
...
./modules/myapp.main.tf look like this:
module "resource_group" {
source = "../myapp.resource_group"
resource_groups = var.resource_groups
for_each = {
for key, value in try(var.resource_groups, {}) : key => value
if try(value.reuse, false) == false
}
}
variable "resource_groups" {}
and ../myapp.resource_group looks like this:
resource "azurerm_resource_group" "resource_group" {
name = var.resource_groups.cow.name
location = var.resource_groups.cow.location
}
variable "resource_groups" {}
My hope is that after terraform plan I would see that three new RGs would be set for addition. Infact I do get three new ones, but they all use the name and location of the cow RG, because I specified var.resource_groups.cow.name The problem is I have tried all kinds of different iterators in place of .cow. and I can't get terraform to use the other variables in the terraform.tfvars file. I have tried square brackets, asterisks, and other wildcards. I am stuck.
I am looking to define a resource in one place and then use that to create multiple instances of that resource per the map of variables.
Guidance would be much appreciated.
Thanks.
Bill
For this situation you'll need to decide whether your module represents one resource group or whether it represents multiple resource groups. For a module that only contains one resource anyway that decision is not particularly important, but I assume you're factoring this out into a separate module because there is something more to this than just the single resource group resource, and so you can decide between these two based on what else this module represents: do you want to repeat everything in this module, or just the resource group resource?
If you need the module to represent a single resource group then you should change its input variables to take the data about only a single resource group, and then pass the current resource group's data in your calling module block.
Inside the module:
variable "resource_group" {
type = object({
name = string
location = string
})
}
resource "azurerm_resource_group" "resource_group" {
name = var.resource_group.name
location = var.resource_group.location
}
When calling the module:
variable "resource_groups" {
type = map(
object({
name = string
location = string
})
)
}
module "resource_group" {
source = "../myapp.resource_group"
for_each = var.resource_groups
# each.value is the value of the current
# element of var.resource_groups, and
# so it's just a single resource group.
resource_group = each.value
}
With this strategy, you will declare resource instances with the following addresses, showing that the repetition is happening at the level of the whole module rather than the individual resources inside it:
module.resource_group["cow"].azurerm_resource_group.resource_group
module.resource_group["horse"].azurerm_resource_group.resource_group
module.resource_group["chicken"].azurerm_resource_group.resource_group
If you need the module to represent the full set of resource groups then the module would take the full map of resource groups as an input variable instead of using for_each on the module block. The for_each argument will then belong to the nested resource instead.
Inside the module:
variable "resource_groups" {
type = map(
object({
name = string
location = string
})
)
}
resource "azurerm_resource_group" "resource_group" {
for_each = var.resource_groups
name = each.value.name
location = each.value.location
}
When calling the module:
variable "resource_groups" {
type = map(
object({
name = string
location = string
})
)
}
module "resource_group" {
source = "../myapp.resource_group"
# NOTE: No for_each here, because we need only
# one instance of this module which will itself
# then contain multiple instances of the resource.
resource_group = var.resource_groups
}
With this strategy, you will declare resource instances with the following addresses, showing that there's only one instance of the module but multiple instances of the resource inside it:
module.resource_group.azurerm_resource_group.resource_group["cow"]
module.resource_group.azurerm_resource_group.resource_group["horse"]
module.resource_group.azurerm_resource_group.resource_group["chicken"]
It's not clear from the information you shared which of these strategies would be more appropriate in your case, because you've described this module as if it is just a thin wrapper around the azurerm_resource_group resource type and therefore it isn't really clear what this module represents, and why it's helpful in comparison to just writing an inline resource "azurerm_resource_group" block in the root module.
When thinking about which of the above designs is most appropriate for your use-case, I'd suggest considering the advice in When to Write a Module in the Terraform documentation. It can be okay to write a module that contains only a single resource block, but that's typically for more complicated resource types where the module hard-codes some local conventions so that they don't need to be re-specified throughout an organization's Terraform configurations.
If you are just passing the values through directly to the resource arguments with no additional transformation and no additional hard-coded settings then that would suggest that this module is not useful, and that it would be simpler to write the resource block inline instead.
I'm getting the below error while running terraform plan and apply
on main.tf line 517, in resource "aws_lb_target_group_attachment" "ecom-tga":
│ 517: for_each = local.service_instance_map
│ ├────────────────
│ │ local.service_instance_map will be known only after apply
│
│ The "for_each" value depends on resource attributes that cannot be determined until apply, so Terraform cannot predict how many instances will
│ be created. To work around this, use the -target argument to first apply only the resources that the for_each depends on.
My configuration file is as below
variable "instance_count" {
type = string
default = 3
}
variable "service-names" {
type = list
default = ["valid","jsc","test"]
}
locals {
helper_map = {for idx, val in setproduct(var.service-names, range(var.instance_count)):
idx => {service_name = val[0]}
}
}
resource "aws_instance" "ecom-validation-service" {
for_each = local.helper_map
ami = data.aws_ami.ecom.id
instance_type = "t3.micro"
tags = {
Name = "${each.value.service_name}-service"
}
vpc_security_group_ids = [data.aws_security_group.ecom-sg[each.value.service_name].id]
subnet_id = data.aws_subnet.ecom-subnet[each.value.service_name].id
}
data "aws_instances" "ecom-instances" {
for_each = toset(var.service-names)
instance_tags = {
Name = "${each.value}-service"
}
instance_state_names = ["running", "stopped"]
depends_on = [
aws_instance.ecom-validation-service
]
}
locals {
service_instance_map = merge([for env, value in data.aws_instances.ecom-instances:
{
for id in value.ids:
"${env}-${id}" => {
"service-name" = env
"id" = id
}
}
]...)
}
resource "aws_lb_target_group_attachment" "ecom-tga" {
for_each = local.service_instance_map
target_group_arn = aws_lb_target_group.ecom-nlb-tgp[each.value.service-name].arn
port = 80
target_id = each.value.id
depends_on = [aws_lb_target_group.ecom-nlb-tgp]
}
Since i'm passing count as var and its value is 3,i thought terraform will predict as it needs to create 9 instances.But it didn't it seems and throwing error as unable to predict.
Do we have anyway to by pass this by giving some default values for instances count prediction or for that local service_instance_map?
Tried try function but still no luck
Error: Invalid for_each argument
│
│ on main.tf line 527, in resource "aws_lb_target_group_attachment" "ecom-tga":
│ 527: for_each = try(local.service_instance_map,[])
│ ├────────────────
│ │ local.service_instance_map will be known only after apply
│
│ The "for_each" value depends on resource attributes that cannot be determined until apply, so Terraform cannot predict how many instances will
│ be created. To work around this, use the -target argument to first apply only the resources that the for_each depends on.
My requirement got changed and now i have to create 3 instances in 3 subnets available in that region.I changed the locals as like below But same prediction issue
locals {
merged_subnet_svc = try(flatten([
for service in var.service-names : [
for subnet in aws_subnet.ecom-private.*.id : {
service = service
subnet = subnet
}
]
]), {})
variable "azs" {
type = list(any)
default = ["ap-south-1a", "ap-south-1b", "ap-south-1c"]
}
variable "private-subnets" {
type = list(any)
default = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
}
resource "aws_instance" "ecom-instances" {
for_each = {
for svc in local.merged_subnet_svc : "${svc.service}-${svc.subnet}" => svc
}
ami = data.aws_ami.ecom.id
instance_type = "t3.micro"
tags = {
Name = "ecom-${each.value.service}-service"
}
vpc_security_group_ids = [aws_security_group.ecom-sg[each.value.service].id]
subnet_id = each.value.subnet
}
}
In your configuration you've declared that data "aws_instances" "ecom-instances" depends on aws_instance.ecom-validation-service. Since that other object won't exist yet on your first run, Terraform must therefore wait until the apply step to read data.aws_instances.ecom-instances because otherwise it would fail to honor the dependency you've declared, because aws_instance.ecom-validation-service wouldn't exist yet.
To avoid the error message you saw here, you need to make sure that for_each only refers to values that Terraform will know before any objects are actually created. Because EC2 assigns instance ids only once the instance is created, it's not correct to use an EC2 instance id as part of a for_each instance key.
Furthermore, there's no need for a data "aws_instances" block to retrieve instance information here because you already have the relevant instance information as a result of the resource "aws_instance" "ecom-validation-service" block.
With all of that said, let's start from your input variables and build things up again while making sure that we only build instance keys only from values we'll know during planning. The variables you have stay essentially the same; I've just tweaked the type constraints a little to match how we're using each one:
variable "instance_count" {
type = string
default = 3
}
variable "service_names" {
type = set(string)
default = ["valid", "jsc", "test"]
}
I understand from the rest of your example that you are intending to create var.instance_count instances for each distinct element of var.service_names. Your setproduct to produce all of the combinations of those is also good, but I'm going to tweak it to assign the instances unique keys that include the service name:
locals {
instance_configs = tomap({
for pair in setproduct(var.service_names, range(var.instance_count)) :
"${pair[0]}${pair[1]}" => {
service_name = pair[0]
}
})
}
This will produce a data structure like the following:
{
valid0 = { service_name = "valid" }
valid1 = { service_name = "valid" }
valid2 = { service_name = "valid" }
jsc0 = { service_name = "jsc" }
jsc1 = { service_name = "jsc" }
jsc2 = { service_name = "jsc" }
test0 = { service_name = "test" }
test1 = { service_name = "test" }
test2 = { service_name = "test" }
}
This matches the shape that for_each expects, so we can use it directly to declare nine aws_instance instances:
resource "aws_instance" "ecom-validation-service" {
for_each = local.instance_configs
instance_type = "t3.micro"
ami = data.aws_ami.ecom.id
subnet_id = data.aws_subnet.ecom-subnet[each.value.service_name].id
vpc_security_group_ids = [
data.aws_security_group.ecom-sg[each.value.service_name].id,
]
tags = {
Name = "${each.value.service_name}-service"
Service = each.value_service_name
}
}
So far this has been mostly the same as what you shared. But this is the point where I'm going to go in a totally different direction: rather than now trying to read back the instances this declared using a separate data resource, I'll just gather the same data directly from the aws_instance.ecom-validation-service resource. It's generally best for a Terraform configuration to either manage a particular object or read it, not both at the same time, because this way the necessary dependency ordering is revealed automatically be the references.
Notice that I included an extra tag Service on each of the instances to give a more convenient way to get the service name back. If you can't do that then you could get the same information by trimming the -service suffix from the Name tag, but I prefer to keep things direct where possible.
It seemed like your goal then was to have a aws_lb_target_group_attachment instance per instance, with each one connected to the appropriate target group based on the service name. Because that aws_instance resource has for_each set, aws_instance.ecom-validation-service in expressions elsewhere is a map of objects where the keys are the same as the keys in var.instance_configs. That means that value is also compatible with the requirements for for_each and so we can use it directly to declare the target group attachments:
resource "aws_lb_target_group_attachment" "ecom-tga" {
for_each = aws_instance.ecom-validation-service
target_group_arn = aws_lb_target_group.ecom-nlb-tgp[each.value.tags.Service].arn
port = 80
target_id = each.value.id
}
I relied on the extra Service tag from earlier to easily determine which service each instance belongs to in order to look up the appropriate target group ARN. each.value.id works here because each.value is always an aws_instance object, which exports that id attribute.
The result of this is two sets of instances that each have keys matching those in local.instance_configs:
aws_instance.ecom-validation-service["valid0"]
aws_instance.ecom-validation-service["valid1"]
aws_instance.ecom-validation-service["valid2"]
aws_instance.ecom-validation-service["jsc0"]
aws_instance.ecom-validation-service["jsc1"]
aws_instance.ecom-validation-service["jsc2"]
...
aws_lb_target_group_attachment.ecom-tga["valid0"]
aws_lb_target_group_attachment.ecom-tga["valid1"]
aws_lb_target_group_attachment.ecom-tga["valid2"]
aws_lb_target_group_attachment.ecom-tga["jsc0"]
aws_lb_target_group_attachment.ecom-tga["jsc1"]
aws_lb_target_group_attachment.ecom-tga["jsc2"]
...
Notice that all of these keys contain only information specified directly in the configuration, and not any information decided by the remote system. That means we avoid the "Invalid for_each argument" error even though each instance still has an appropriate unique key. If you were to add a new element to var.service_names or increase var.instance_count later then Terraform will also see from the shape of these instance keys that it should just add new instances of each resource, rather than renaming/renumbering any existing instances.
So I start to explore Terraform, and so far Im able to get my network and VMs up in Azure.
Since I have seven VM`s that are created, I would like to get the IP-adress and the Hostname of this.
In my main.tf i have this:
provider "azurerm" {
features {}
# Configuration options
}
module "splunk_architect" {
source = "./modules/architect"
}
And just an example from my main.tf in /modules/architect
resource "azurerm_network_interface" "main" {
for_each = toset(var.vm_names)
name = "${each.value}-nic"
location = azurerm_resource_group.rsg.location
resource_group_name = azurerm_resource_group.rsg.name
ip_configuration {
name = "testconfiguration1"
subnet_id = azurerm_subnet.subnet.id
private_ip_address_allocation = "Dynamic"
public_ip_address_id = azurerm_public_ip.pubip[each.key].id
}
And my outputs.tf in /modules/architect
output "ip" {
value = azurerm_network_interface.main[each.key].private_ip_address
}
So when i run this, i get this error message:
Error: Reference to "each" in context without for_each
on modules\architect\outputs.tf line 6, in output "ip": 6: value = azurerm_network_interface.main[each.key].private_ip_address
The "each" object can be used only in "module" or "resource" blocks, and only when the "for_each" argument is set.
So I have tried to set the for_each in the module, but did not get that to work.
I have also been through the documentations without any success.
Any tips to what I can try to get the IP of each VM printed out?
Since you have multiple virtual machines (declared with for_each), you will also have multiple private IP addresses to return. You'll need to decide for your module what is the best way to return those IP addresses to the caller.
One common answer is to return a map whose keys are the elements from var.vm_names, so the caller can easily correlate the VM names it passed in to the IP addresses you're returning, like this:
output "ip" {
value = tomap({
for name, vm in azurerm_network_interface.main : name => vm.private_ip_address
})
}
This is a for expression, which constructs a new data structure from an existing data structure by evaluating expressions against each element. In this case, it's taking the keys from azurerm_network_interface.main -- which will match the values given in for_each -- and mapping them to the private_ip_address attribute for each object.
The result will therefore appear as a map from VM names to IP addresses, perhaps like this:
{
"example1" = "10.1.2.1"
"example2" = "10.1.2.45"
}
Not directly related to your question, but note also that if your module only ever uses var.vm_names as a set then it can be better to declare it as a set in the first place, rather than converting it at each use, because then it'll be clearer to users of your module that the order of the strings inside doesn't matter and that there can't be two elements with the same string:
variable "vm_names" {
type = set(string)
}
With that declaration, var.vm_names will already be a set of strings and so you don't need to explicitly convert it in for_each:
for_each = var.vm_names
I want to reserve an IP and then use it. If I create a separate google_compute_address block for each IP, it works well. But since I want to make the code as dry and optimized as possible, I am learning how to loop and use for_each
My main.tf looks like this
module "nat" {
source = "../../modules/nat"
reserved_ips = [
{
name = "gke-frontend-prod-lb"
ip = "10.238.232.10"
},
{
name = "gke-frontend-test-lb"
ip = "10.238.232.11"
}
]
}
As you can see, I would like to form a list of reserved IPs having name and IP.
Now lets look at my module
My variables.tf looks like
variable "reserved_ips" {
type = list(object({
name = string
ip = string
}))
description = <<EOF
Reserved IPs.
EOF
}
And the main.tf of my module looks like
locals {
ips = {
# for_each needs transform to map
for ip in var.reserved_ips : "${ip.name}" => "${ip.ip}"
}
}
resource "google_compute_address" "gke-frontend" {
for_each = local.ips
name = "${each.value.name}"
subnetwork = "mysubnet"
address_type = "INTERNAL"
address = "${each.value.ip}"
}
But running the code gives me
Error: Unsupported attribute
on ../../modules/nat/main.tf line 11, in resource "google_compute_address" "gke-frontend":
11: name = "${each.value.name}"
|----------------
| each.value is "10.238.232.10"
This value does not have any attributes.
Error: Unsupported attribute
on ../../modules/nat/main.tf line 11, in resource "google_compute_address" "gke-frontend":
11: name = "${each.value.name}"
|----------------
| each.value is "10.238.232.11"
This value does not have any attributes.
Error: Unsupported attribute
on ../../modules/nat/main.tf line 14, in resource "google_compute_address" "gke-frontend":
14: address = "${each.value.ip}"
|----------------
| each.value is "10.238.232.10"
This value does not have any attributes.
Error: Unsupported attribute
on ../../modules/nat/main.tf line 14, in resource "google_compute_address" "gke-frontend":
14: address = "${each.value.ip}"
|----------------
| each.value is "10.238.232.11"
This value does not have any attributes.
Im confused as to what am I missing here exactly.
The issue is that your ips local converts the list to a map(string) (i.e. a map with string values)
locals {
ips = {
# for_each needs transform to map
for ip in var.reserved_ips : "${ip.name}" => "${ip.ip}"
}
}
Notice that on the right-side of => you have "${ip.ip}".
When for_each loops over a map it assigns each.key to each key (a string) and each.value to each corresponding value in the map (in this case "${ip.ip} is also a string).
So, I think what you want in this case is something like the following
# ...
name = each.key
# ...
address = each.value
# ...