terraform HCL language reference

5 min read | by Jordi Prats

HashiCorp Configuration Language (HCL) is a domain-specific language used to define infrastructure as code in terraform used to describe the desired state of infrastructure resources.

HCL is a human-readable language that intends to be easy to learn and write, allowing you to describe the desired state of your infrastructure without specifying the exact steps to achieve that state.

LC to LT

• terraform: Set root device size using launch template: From aws_launch_configuration to aws_launch_template there's no direct equivalent for root_block_device
• launch configuration to launch template: On most cases, converting a launch configuration to a launch template shouldn't involve much effort

Functions

• terraform cidrsubnet() function: We can use the cidrsubnet function to programmatically generate subnets using terraform
• terraform lookup() function: With the lookup function we can return a default value if the key is not present on the map
• terraform coalesce() function: Using the coalesce function we can pick the first not empty value out of a list
• Terraform: jsonencode: Using jsonencode we can generate a comma separated list of quoted strings on terraform
• terraform nonsensitive() function: Using the nonsensitive function we can tell terraform that certain variable is no longer sensitive
• terraform function: csvdecode: Using the csvdecode function we can use a CSV file as a datasource
• terraform function: try: Using the try function we can simulate setting a default value for a map object
• terraform function: setproduct: terraform setproduct can be very useful on generating objects by multiplying a set of lists
• terraform: hide sensitive information: Starting terraform 0.15 we can instruct it what data is sensitive so it can redact it
• terraform one() function: The terraform one() function can help us deal with conditionally included resources
• How to apply replace() function to a list of strings in terraform: HCL is a declarative language, even though we can use a for loop to apply the replace function to a list of strings
• terraform: Usage of attributes from a conditionally included resource: For resources conditionally included we must use indexed access to it's attributes

Backend

• terraform state on a Kubernetes Secret: Kubernetes secrets can also be used to store terraform's state
• Terraform: Usage of a DynamoDB table for state locking: To use a DynamoDB table is recommended if you are using a remote terraform state on S3
• Unlocking remote terraform state: Force unlock a terrafrom state that have been lock by a canceled operation

Datasources

• Terraform AWS AMI datasource: Using the aws_ami datasource we can use terraform to look for the latest available AMI
• terraform: Using archive_file to update aws_lambda_function: When using archive_file we need to consider how the aws_lambda_function is updated
• Terraform: AWS account datasource: There are some datasources avalable for AWS accounts
• aws_security_groups return empty list: aws_security_groups cannot, currently, return an empty list of SecurityGroups
• Terraform data sources: In terraform a data source can be either any resource or even a remote terraform state
• Using a remote terraform state as a datasource: When we need to use a resource created by another team we can use terraform_remote_state for getting it's outputs

Providers

• sops & terraform: Secrets as Code: By using terraform together with sops we can safely push secrets into AWS Secrets Manager purely as code
• kubernetes_manifest: terraform provider for Kubernetes: Using the kubernetes_manifest resource we can push any kind of object into Kubernetes using terraform
• Override a terraform provider: Using dev_overrides we can instruct terraform to use a local version of a provider
• Provider configuration not present - terraform: Upgrading the terraform state meanwhile we are pushing new changes can lead to weird errors
• Terraform: How to properly set the default region for the AWS provider: The argument "region" is required, but was not set: We need to properly set the default region

Input variables

• Terraform: Setting variables using environment: Environment variables can be used to set variables

Lifecycle

• Using lifecycle ignore_changes to skip changes on a terraform resource: Using the lifecycle block on a terraform resource we can tell which options managed outside of terraform

Non-declarative

• for_each over tuples in terraform: Using for_each on a tuple will result on an error, let's see how to work around it
• terraform: Array of resources using for_each: Using for_each we can create multiple resources using a variable to iterate
• terraform: optional nested blocks: Using dynamic blocks we can conditionally decide if we want to include a given nested block
• terraform: dynamic blocks: Using dynamic blocks we can dynamically create nested blocks on terraform resources
• terraform: conditionally include a resource: Writing terraform modules it is usefull to be able to conditionally include a resource
• terraform: Append to a list using concat: We can use concat to be able to append objects to a list using HCL (terraform)

Resources

• triggers on the terraform null_resource for updating it: When using null_resource and local-exec sometimes is useful to have a way to refresh it