Data source example in Terraform - unix1998/technical_notes GitHub Wiki
In Terraform, data sources function somewhat like variables, but with the key distinction that they fetch real-time data from external systems or existing infrastructure during the Terraform plan and apply phases. This allows you to retrieve dynamic values based on certain conditions or parameters defined in your configuration.
How Data Sources Work
Data sources in Terraform are used to query information that exists outside of Terraform's direct management. They allow your configurations to be more dynamic and context-aware by pulling in up-to-date data. Here’s a more detailed explanation of their characteristics and behavior:
-
Dynamic Information Retrieval:
- Data sources fetch real-time information from external providers or existing infrastructure.
- This means they provide the current state or value of the queried resource at the time of the Terraform run.
-
Conditional Values:
- Data sources can retrieve values based on specified conditions or filters. For example, fetching the latest AMI ID, finding a specific VPC by tags, or retrieving a secret from a secret management system.
- The conditions specified in the data source configuration determine what data is retrieved.
-
Integration with Managed and External Resources:
- They can query resources that are managed outside of the current Terraform configuration or resources that are managed by other Terraform configurations.
Example Scenarios
AWS S3 Bucket Example
Imagine you have an S3 bucket managed by another Terraform configuration or created manually. You can retrieve its details using a data source:
provider "aws" {
region = "us-west-2"
}
data "aws_s3_bucket" "example" {
bucket = "my-existing-bucket"
}
output "bucket_region" {
value = data.aws_s3_bucket.example.region
}
In this example:
- The
aws_s3_bucketdata source fetches details of an existing S3 bucket namedmy-existing-bucket. - The
bucket_regionoutput displays the region where the bucket is located.
Azure Key Vault Secret Example
Suppose you need to retrieve a secret from Azure Key Vault to use it in your configuration:
provider "azurerm" {
features {}
}
data "azurerm_key_vault" "example" {
name = "my-key-vault"
resource_group_name = "my-resource-group"
}
data "azurerm_key_vault_secret" "example" {
name = "my-secret"
key_vault_id = data.azurerm_key_vault.example.id
}
resource "azurerm_virtual_machine" "example" {
name = "example-vm"
location = "East US"
resource_group_name = "my-resource-group"
network_interface_ids = ["${azurerm_network_interface.example.id}"]
vm_size = "Standard_DS1_v2"
os_profile {
computer_name = "hostname"
admin_username = "adminuser"
admin_password = data.azurerm_key_vault_secret.example.value
}
os_profile_linux_config {
disable_password_authentication = false
}
# Other VM configuration settings
}
In this example:
- The
azurerm_key_vaultdata source fetches information about the specified Key Vault. - The
azurerm_key_vault_secretdata source retrieves the secret value from the Key Vault. - The secret value is used to set the
admin_passwordfor a virtual machine resource.
Key Points to Remember
- Real-Time Data: Data sources query data during the execution of
terraform planandterraform apply, ensuring that you always have the most current information. - Conditional Retrieval: You can specify conditions and filters to retrieve specific data that meets your criteria.
- Integration: Data sources enable seamless integration with existing infrastructure and external systems, making your configurations more flexible and dynamic.
- Read-Only: Data sources are read-only; they only retrieve data and do not create or modify resources.
Conclusion
Data sources in Terraform are indeed similar to variables but with the added capability of fetching dynamic, real-time data based on specific conditions during runtime. They enhance Terraform's ability to interact with existing resources and external systems, making your infrastructure as code more robust and adaptive.