Terraform Functions - Part 1 - For_Each

In this blog series we will explore some of the common Terraform functions that will be useful to know when deploying resources to Azure. With working demos you can follow along and deploy resources to your own Azure subscriptions and learn how these functions behave.  Knowing about these features and combining the use of them in your Terraform configurations will help as you make more advanced deployment templates and modules. This will be a four part series covering the following;
  • Basic for_each demo
  • Basic count demo
  • Conditional expression demo
  • Advanced count and conditional expression combined
The assumption is you have an Azure subscription you can use to deploy these resource to. You have installed terraform version 0.12 minimum and are familiar with deploying basic resources to Azure using Terraform configurations. You will have the az cli installed and know how to authenticate to Azure using azure cli. We will be working with a local Terraform state file to keep things simple. You have some working knowledge of Git to be able to clone the demo files to your local workstation. 

Getting Prepared

  • Clone the repo TerraformDemos
  • Open the folder in Visual studio code
  • Authenticate to Azure
    • az login - complete authentication process in the browser
  • If you have access to a number of subscriptions run this command to confirm which one you are active working on, this will show 'IsDefault' as true.
    • az account list --output table
  • If you need to change this use this command and replace that value with your subscription number
    • az account set --subscription 000000000-00000000000-00000000-0000000
  • At the end of each lab we carry out a cleanup task to remove any resources we have deployed during the demo.
Each folder is a self contained demonstration which you can run through with to help understand these Terraform functions. We are now ready to get started.

The for_each function is new in version 0.12 of Terraform, this can be used to iterate through a list or map. This is an alternative to the count function. In the count function we can append a number to the name of resources so you can build web1, web2, web3, etc. What if we want the names to be different? Also, what if we were dealing with a different resource? For example, we have a list of users we want to assign RBAC permissions to. With the for_each function we could create a list of users in a variable and iterate through this to deploy role assignments for each user. 

In this demo we deploy multiple web application resources, you will see how we do this using count function in an upcoming demo. We use a list of app names and deploy multiple Web Apps using for_each to iterate through the list of names.
  1. Review the code in \app-service-foreach-demo\variables.tf
  2. See that variable webapps has three names configured, two of them are currently commented out
  3. Review the code in \app-service-foreach-demo\main.tf
  4. Check the resource azurerm_app_service
  5. We have a for_each value, this references var.webapps the list we have in our variable file
    • for_each = var.webapps
  6. For the name of the resource we are using each.value which gets the name value from var.webapps. When we deploy this configuration it will iterate through the list.
    • name = each.value
  7. In the Visual studio code terminal shell, make sure you are in folder \app-service-foreach-demo\
  8. Run terraform init
  9. Run terraform plan check there are no errors and confirm that it is going to deploy the resources you expect.
  10. Run terraform apply and type yes to approve the change
  11. Check the Azure Portal to review what has been deployed in the resource group terraform-demo-rg
    • One Web App Service Plan
    • One Web Application called dog-fe-web-1
  12. Back in Visual studio code edit variables.tf and uncomment the variable webapps as shown below by removing the # from the start of the line
    • #web2 = "be-web-2"
    • #web3 = "demo-web-3"
  13. Save the changes and deploy again
  14. Run terraform plan check there are no errors and confirm that it is going to deploy the resources you expect.
  15. Run terraform apply and type yes to approve the change
  16. When the deployment completes check the Azure Portal to review what has been deployed in the resource group prd-rg
    • One Web App Service Plan
    • Three Web Applications fe-web-1, be-web-2, demo-web-3
  17. See how we can now deploy the same resources but with very different names easily
  18. We will now remove the resources we deployed ready for the next demo
  19. From the terminal run terraform destroy 
  20. Confirm that it is going to destroy only the resources you expect type yes to approve and cleanup the resources
  21. Check the resources have been deleted in the Azure Portal
I hope this has helped you get started using the new for_each function and you can see where this may be useful in your deployments.  Next time we will explore how we can achieve a similar goal using the count function. 


Popular posts from this blog

Terraform Functions - Part 3 - Conditional expression

Working with WSL and AKS

Azure Kubernetes Service (AKS) and Managed Identities