Dynamic Blocks in Terraform with Azure

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

in this video we review dynamic blocks in terraform with azure [Music] hello everyone my name is travis and this is seraldos in this video we review terraform dynamic blocks and how to use it to create multiple instances of a sub resource but hold on did you subscribe if not why not do it now i'll wait please also let me know what you think in the comments below do you like to learn check out my azure hybrid identities and azure virtual desktop courses on unib.com the link is below while you're down there check out the merch and the join option your support is greatly appreciated now back to it some resources we build in terraform have repeatable nested blocks in their arguments for example servers can have multiple hard drives or network interface cards and an app service plan can host multiple app services in the example coming up we use a dynamic block to create multiple rules for a new network security group the for each loop and dynamic block may seem similar a for each loop is used to create multiple similar instances of an object such as a resource a dynamic block uses a for each loop to create multiple copies of a sub-resource nested inside a resource block it's used to create a repeatable nested block within the resource arguments instead of manually adding each additional object as a new block of code in a resource like multiple hard drives on a virtual machine we can create a dynamic block that accepts any number of objects as variables and then creates each of them that makes the code easier to use as a module dynamic blocks can be used in resource data provider and provisioner blocks dynamic blocks can be nested inside of other dynamic blocks but it's recommended to use nesting sparingly because overuse can make the code difficult to read let's open vs code and build a new security group with a dynamic block here we are in vs code we'll start out with a simple module structure that deploys a resource group from here we'll add a network security group let's go to the terraform registry and here we are azure rm network security group let's copy this section in we'll just paste it at the end of the main.tf let's review the variables for the location and the resource group name that's in variables.tf these were already added for the resource group i'm trying to stick with the topic at hand so i did this ahead of time if you're unsure what this is about check out my other videos on setting up an environment and creating terraform infrastructure let's add the name for the network security group we'll save that let's go back to our main.tf now we can update the first three arguments name is var.name location is var.location and for resource group name for this i'll use azure rm underscore resource underscore group dot name i also could have used var.resource group name as well as for the location we could have used the azure rm underscore resource underscore group dot resource group dot location by using the resource group name this way it makes the network security group dependent on the creation of the resource group next we have security rules odds are there will be more than one without looping we would have to create a new block for each rule that doesn't make this code portable however what if we need two rules for one deployment and eight for another let's turn this into a dynamic block start by adding dynamic before security rules and put security rules in double quotes it's now a dynamic block one note security underscore rule is not a local name like resource underscore group in the resource group this is still a security rule block that the network security group expects to see it's a dynamic argument for that resource after the opening curly bracket we'll add four underscore each equal sign we need to name our variable for the security rules let's go to variables next and let me paste in a couple options we have two options here the first option creates a variable called nsg underscore rules with a type of list it also creates an object with the names and data types for each element that it expects in the variable this is helpful to understand what type of information the module is expecting the other option that's commented out now we can see it this option just creates a variable with the type list both options will work but i think the first option makes the variable clearer to read and also has input validation so we'll just delete the second one now that we know the network security group variable name let's go back to main.tf and we will come back to this shortly so for each we'll add var.nsg underscore rules this statement indicates we'll loop through each element in the var.nsg underscore rules list there could be one security rule in that list or there could be 20. whatever we pass into it you'll create a security rule block for each one next there are a number of items that we supply that are hard coded we can remove all the pre-supplied values also we need to convert the values into a content block think of the dynamic block as generating a new security rule block for each rule we supply the content block is the content for each new security rule block we'll add content let's add an opening squiggly bracket and at the very end we'll add a closing squiggly bracket don't forget the opening and closing bracket we're close now we need to provide the value for each of these elements and remember we're pulling this from a list supplied as a variable to do that we're going to specify security underscore rule.value so as it loops through this will specify each element in the list so we'll add a square bracket double quote name and just to get a visual on this if we go back to variables here's where we're passing a name and it helps that we have these all the same name all the way across i guess they don't need to be but that would be confusing we'll do this again with priority i'll fast forward and add the rest there we are and we can always format the document by doing ctrl shift p format there we go so as i said before as it goes through each iteration of the vars.nsg underscore rules value it grabs the name priority direction and so on from that instance of the rule it uses that information to create a new security rule code block before we go any further let's fix tags there we go now we'll save this hey i have to jump in i missed something while recording this be sure to update the local name for the network security group from example to network underscore security underscore group that name's referenced in the output back to it now we have our resource blocks we've got our variables next let's apply the nsg underscore rules values with the terraform.tfrs file the terraform.tfvrs file is like an answer file for our variables i prefer this over supplying defaults to the variables if a default value is supplied for a variable that makes that variable optional so for testing it makes more sense to use a terraform.tfrs file also let's hop over to the readme file all consumable modules should have a readme file this is written in markdown let's view the version that looks nice we can do that by hitting the button here with a little magnifying glass here there's a description along with input and outputs at the very end we do output the network security group id that can be used as an input to create a virtual network let's go back to inputs and although the formatting doesn't look too great we can copy this entire block of inputs and paste that into a terraform.tf virus file to use as an example okay let's go back to the terraform.tfrs file at the beginning we have the location resource group name name of the security group and then also tags under nsg underscore rules we have a list of three sets of rules the square bracket indicates that this is a list the first item is the allow web in that's allowing port aden the second rule is allow ssl in that's allowing inbound port 443 and the very last rule is allow rdp in this allows inbound port 3389 modify them however you'd like to for your own rule you can add one five or more the dynamic block will process each and add it to the final deployment let's save all the files and run terraform init and terraform plan and of course make sure you're logged into azure already that looks good let's run terraform apply there it goes it's successful notice it's also outputting the id of the network security group that's needed if we want to apply the security group to a v-net or subnet we can also view the finished network security group and rules and the portal now that it's finished here it is here's the network security group along with the rules we created that is how to use dynamic blocks in terraform i hope this helps you better understand how to use dynamic blocks please don't forget to like and subscribe and thanks for watching

Info

Channel: Travis Roberts

Views: 7,527

Rating: undefined out of 5

Keywords: Dynamic Block, dynamic block example, NSG, Security Rule, Terraform list, terraform.tfstate Azure, terraform modules, terraform variables, terraform var, Azure, Azure CLI, IaC Terraform, Terraform Registry, VSCode, Terraform for Azure, registry, .tf, HashiCorp, workflow, Terraform Resource, .terraform, Terraform Write, Terraform Plan, Terraform Apply, Terraform Destroy, main.tf, terraform tutorial, terraform training, Terraform Examples, for_each, for each, certification

Id: gL7FIUPvsXI

Channel Id: undefined

Length: 11min 25sec (685 seconds)

Published: Sun Jan 23 2022