Category: Terraform

Terraform ignore_changes : A Life Saver When Azure Resources Drift

 

If you work with Azure resources and Terraform, sooner or later, you’ll face this.

You deploy a resource (say, a Managed Identity) using Terraform, and after a few days, you want to add something simple — maybe a Role Assignment.

But as soon as you run:

terraform plan

Boom — you see a terrifying message:

-/+ resource "azurerm_user_assigned_identity" "my_identity" {
      id          = "/subscriptions/xxxxxxx/resourceGroups/xyz/providers/Microsoft.ManagedIdentity/userAssignedIdentities/my_identity"
      location    = "eastus"
      name        = "my_identity"
    ~ principal_id = "11111111-1111-1111-1111-111111111111" => "22222222-2222-2222-2222-222222222222"
    ~ tenant_id    = "aaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa" => "aaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa"
}

Plan: 1 to add, 0 to change, 1 to destroy.

You start thinking —

“Wait, what?? Why will it recreate my Managed Identity? I did nothing except plan to add a role assignment!”

Continue reading “Terraform ignore_changes : A Life Saver When Azure Resources Drift”

Terraform Data Block Deep Dive — From Real World Experience

 

Terraform’s data block is often misunderstood or underused until you hit real-world scenarios where your configuration has to reference existing resources.
This article will not rehash basic documentation. Instead, we will walk through why, when, and how to use data blocks, supported with practical scenarios and alternatives — all based on day-to-day usage.

Continue reading “Terraform Data Block Deep Dive — From Real World Experience”

Terraform Dynamic Block : What, Why and How (with Azure Use Cases)

 

Imagine this, You want to create a re-usable terraform  module, which can be used in multiple environments, to create any number of VNets and subnets.

    • In Development environment, you need to create two virtual networks (vNets), and inside each vNet there will be 3 subnets.
    • In production environment, you need to create 5 vNets, and within each vNet, there will be 4 subnets.

Using reusable Terraform code — how will you do this?

The number of vNets and number of subnets are not the same — so a single for_each loop will not solve this. You need something that can iterate inside each vNet, independently.

Let’s take another example.

You added a ddos_protection_plan block in your reusable vNet module, but from Azure’s point of view, this block is optional. Some environments may skip it, while some environment might need it.

But how do you tell Terraform that this block is optional?

If you use a static block, Terraform will expect this block to be always present — which is not what you want.

Well….if you have faced any of these scenarios, you are in the right place.

In this article, we will learn what a dynamic block is, why it exists, and exactly how to use it to solve such practical challenges — with real Azure examples.

Continue reading “Terraform Dynamic Block : What, Why and How (with Azure Use Cases)”