terraformterraform-provider-azureterraform-modules
how to pass map of objects using output.tf from one module to another module in Terraform
I am trying to associate existing Application Security Group to newly created Virtual Machine - Network Interfaces using the output.tf.
I have infra-asg, app-asg, service-asg and db-asg in the existing pluto-infra resource group. Now I want to associate asg to nics as below
infra-asg & app-asg to pluto-app-1-nic and pluto-app-2-nic
infra-asg & service-asg to pluto-service-1-nic and pluto-service-2-nic
infra-asg & db-asg to pluto-db-1-1-nic, pluto-db-1-2-nic, pluto-db-2-1-nic & pluto-db-2-2-nic
Terraform Module Package structure as below
main.tf
module "virtualmachine" {
source = "./virtualmachine"
existing_resource_group = var.existing_resource_group
virtual_machines = var.virtual_machines
vm_prefix = var.vm_prefix
}
module "associate-asg" {
source = "./application-security-group"
}
variables.tf
variable "resource_group_location" {
type = string
default = "eastus"
}
variable "vm_prefix" {
type = string
default = "pluto"
}
variable "virtual_machines" {
}
variable "existing_resource_group" {
type = string
}
variable.tfvars
existing_resource_group = "pluto"
existing_infra_rg = "pluto-infra"
virtual_machines = {
nodes = {
app1_node1 = {
"vm_name" = "app"
"vm_num" = "1"
networks = {
nic1 = {
"nic_name" = "app-1"
"subnet" = "/subscriptions/****/resourceGroups/pluto/providers/Microsoft.Network/virtualNetworks/pluto-vnet/subnets/app-subnet"
},
}
},
app1_node2 = {
"vm_name" = "app"
"vm_num" = "2"
networks = {
nic1 = {
"nic_name" = "app-2"
"subnet" = "/subscriptions/****/resourceGroups/pluto/providers/Microsoft.Network/virtualNetworks/pluto-vnet/subnets/app-subnet"
},
}
},
service1_node1 = {
"vm_name" = "service"
"vm_num" = "1"
networks = {
nic1 = {
"nic_name" = "service-1"
"subnet" = "/subscriptions/****/resourceGroups/pluto/providers/Microsoft.Network/virtualNetworks/pluto-vnet/subnets/app-subnet"
},
}
},
service2_node2 = {
"vm_name" = "service"
"vm_num" = "2"
networks = {
nic1 = {
"nic_name" = "service-2"
"subnet" = "/subscriptions/****/resourceGroups/pluto/providers/Microsoft.Network/virtualNetworks/pluto-vnet/subnets/app-subnet"
},
}
},
db1_node1 = {
"vm_name" = "db"
"vm_num" = "1"
networks = {
nic1 = {
"nic_name" = "db-1-1"
"subnet" = "/subscriptions/****/resourceGroups/pluto/providers/Microsoft.Network/virtualNetworks/pluto-vnet/subnets/app-subnet"
},
nic2 = {
"nic_name" = "db-1-2"
"subnet" = "/subscriptions/****/resourceGroups/pluto/providers/Microsoft.Network/virtualNetworks/pluto-vnet/subnets/db-subnet"
}
}
},
db2_node2 = {
"vm_name" = "db"
"vm_num" = "2"
networks = {
nic1 = {
"nic_name" = "db-2-1"
"subnet" = "/subscriptions/****/resourceGroups/pluto/providers/Microsoft.Network/virtualNetworks/pluto-vnet/subnets/app-subnet"
},
nic2 = {
"nic_name" = "db-2-2"
"subnet" = "/subscriptions/****/resourceGroups/pluto/providers/Microsoft.Network/virtualNetworks/pluto-vnet/subnets/db-subnet"
},
}
},
}
}
Virtual Machine module details
main.tf
data "azurerm_resource_group" "rg" {
name = var.existing_resource_group
}
resource "azurerm_network_interface" "nic" {
for_each = {
for vm in flatten([
for vm_name, vm in var.virtual_machines.nodes : [
for nic_name, nic in vm.networks : {
vm_number = vm.vm_num,
vm_name = vm_name,
nic_name = nic_name,
subnet_value = nic.subnet
nic_name_value = nic.nic_name
}
]
]
) : "${vm.vm_name}-${vm.nic_name}" => vm
}
name = "${var.vm_prefix}-${each.value.nic_name_value}-nic"
location = "eastus"
resource_group_name = var.existing_resource_group
ip_configuration {
name = "${var.vm_prefix}-${each.value.nic_name_value}-ipconfig"
subnet_id = each.value.subnet_value
private_ip_address_allocation = "Dynamic"
}
}
resource "azurerm_linux_virtual_machine" "vm" {
depends_on = [azurerm_network_interface.nic]
for_each = var.virtual_machines.nodes
name = "${var.vm_prefix}-${each.value.vm_name}-${each.value.vm_num}"
admin_username = "plutoadmin"
admin_password = "pluto@1234522"
disable_password_authentication = false
location = "eastus"
resource_group_name = var.existing_resource_group
network_interface_ids = [for nic_key, nic in azurerm_network_interface.nic : nic.id if startswith(nic_key, "${each.key}-")]
size = "Standard_B2ms"
os_disk {
name = "${var.vm_prefix}-${each.value.vm_name}-${each.value.vm_num}-OSdisk"
caching = "ReadWrite"
storage_account_type = "Standard_LRS"
}
source_image_reference {
publisher = "RedHat"
offer = "RHEL"
sku = "82gen2"
version = "latest"
}
}
variable.tf
variable "vm_prefix" {
type = string
default = "pluto"
}
variable "virtual_machines" {
}
variable "existing_resource_group" {
type = string
}
output.tf
output "vm_nics_ids" {
value = [for nic_key, nic in azurerm_network_interface.nic : nic.id]
}
Application Security Group module details
data "azurerm_application_security_group" "infra-asg" {
name = "infra-asg"
resource_group_name = "pluto-infra"
}
data "azurerm_application_security_group" "app-asg" {
name = "app-asg"
resource_group_name = "pluto-infra"
}
data "azurerm_application_security_group" "service-asg" {
name = "service-asg"
resource_group_name = "pluto-infra"
}
data "azurerm_application_security_group" "db-asg" {
name = "db-asg"
resource_group_name = "pluto-infra"
}
data "azurerm_network_interface" "app-nic-1" {
name = "pluto-app-1-nic"
resource_group_name = "pluto"
}
resource "azurerm_network_interface_application_security_group_association" "infra-app-asg-1" {
network_interface_id = data.azurerm_network_interface.app-nic-1.id
application_security_group_id = data.azurerm_application_security_group.infra-asg.id
}
resource "azurerm_network_interface_application_security_group_association" "app-asg-1" {
network_interface_id = data.azurerm_network_interface.app-nic-1.id
application_security_group_id = data.azurerm_application_security_group.app-asg.id
}
# App Node 2
data "azurerm_network_interface" "app-nic-2" {
name = "pluto-app-2-nic"
resource_group_name = "pluto"
}
resource "azurerm_network_interface_application_security_group_association" "infra-app-asg-2" {
network_interface_id = data.azurerm_network_interface.app-nic-2.id
application_security_group_id = data.azurerm_application_security_group.infra-asg.id
}
resource "azurerm_network_interface_application_security_group_association" "app-asg-2" {
network_interface_id = data.azurerm_network_interface.app-nic-2.id
application_security_group_id = data.azurerm_application_security_group.app-asg.id
}
# service Node 1
data "azurerm_network_interface" "service-nic-1" {
name = "pluto-service-1-nic"
resource_group_name = "pluto"
}
resource "azurerm_network_interface_application_security_group_association" "infra-service-asg-1" {
network_interface_id = data.azurerm_network_interface.service-nic-1.id
application_security_group_id = data.azurerm_application_security_group.infra-asg.id
}
resource "azurerm_network_interface_application_security_group_association" "service-asg-1" {
network_interface_id = data.azurerm_network_interface.service-nic-1.id
application_security_group_id = data.azurerm_application_security_group.service-asg.id
}
# service Node 2
data "azurerm_network_interface" "service-nic-2" {
name = "pluto-service-2-nic"
resource_group_name = "pluto"
}
resource "azurerm_network_interface_application_security_group_association" "infra-service-asg-2" {
network_interface_id = data.azurerm_network_interface.service-nic-2.id
application_security_group_id = data.azurerm_application_security_group.infra-asg.id
}
resource "azurerm_network_interface_application_security_group_association" "service-asg-2" {
network_interface_id = data.azurerm_network_interface.service-nic-2.id
application_security_group_id = data.azurerm_application_security_group.service-asg.id
}
# DB -1-1
data "azurerm_network_interface" "db-nic-1-1" {
name = "pluto-db-1-1-nic"
resource_group_name = "pluto"
}
resource "azurerm_network_interface_application_security_group_association" "infra-db-asg-1-1" {
network_interface_id = data.azurerm_network_interface.db-nic-1-1.id
application_security_group_id = data.azurerm_application_security_group.infra-asg.id
}
resource "azurerm_network_interface_application_security_group_association" "db-asg-1-1" {
network_interface_id = data.azurerm_network_interface.db-nic-1-1.id
application_security_group_id = data.azurerm_application_security_group.db-asg.id
}
# DB -1-2
data "azurerm_network_interface" "db-nic-1-2" {
name = "pluto-db-1-2-nic"
resource_group_name = "pluto"
}
resource "azurerm_network_interface_application_security_group_association" "infra-db-asg-1-2" {
network_interface_id = data.azurerm_network_interface.db-nic-1-2.id
application_security_group_id = data.azurerm_application_security_group.infra-asg.id
}
resource "azurerm_network_interface_application_security_group_association" "db-asg-1-2" {
network_interface_id = data.azurerm_network_interface.db-nic-1-2.id
application_security_group_id = data.azurerm_application_security_group.db-asg.id
}
# DB -2-1
data "azurerm_network_interface" "db-nic-2-1" {
name = "pluto-db-2-1-nic"
resource_group_name = "pluto"
}
resource "azurerm_network_interface_application_security_group_association" "infra-db-asg-2-1" {
network_interface_id = data.azurerm_network_interface.db-nic-2-1.id
application_security_group_id = data.azurerm_application_security_group.db-asg.id
}
resource "azurerm_network_interface_application_security_group_association" "db-asg-2-1" {
network_interface_id = data.azurerm_network_interface.db-nic-2-1.id
application_security_group_id = data.azurerm_application_security_group.infra-asg.id
}
# DB -2-2
data "azurerm_network_interface" "db-nic-2-2" {
name = "pluto-db-2-2-nic"
resource_group_name = "pluto"
}
resource "azurerm_network_interface_application_security_group_association" "infra-db-asg-2-2" {
network_interface_id = data.azurerm_network_interface.db-nic-2-2.id
application_security_group_id = data.azurerm_application_security_group.infra-asg.id
}
resource "azurerm_network_interface_application_security_group_association" "db-asg-2-2" {
network_interface_id = data.azurerm_network_interface.db-nic-2-2.id
application_security_group_id = data.azurerm_application_security_group.db-asg.id
}
could you guide me how to pass the nic ids from virtual machine module to Application security group module and loop them ?
Solution
You can use outputs to pass data from one module to another. You are already on the right path as you have an output block that has the map of your nic ID's. To retrieve, on your root main.tf (the one that references both your vm and asg module) pass them is by accessing the attributes as you would normally do on any other resource block with the keyword "module". Then only thing missing is a variable on your asg module that allows you to pass in the collection
main.tf
module "virtualmachine" {
source = "./virtualmachine"
existing_resource_group =
var.existing_resource_group
virtual_machines = var.virtual_machines
vm_prefix = var.vm_prefix
}
module "associate-asg" {
source = "./application-security-group"
nic_ids = module.virtualmachine.vm_nics_ids //passing in via the variable declared on asg module
}
variable.tf (on your asg module)
variable "nic_ids" {
type = list(string)
}
main.tf (asg module)
resource "azurerm_network_interface_application_security_group_association" "infra-db-asg-2-2" {
count = length(var.nic_ids)
network_interface_id =
var.nic_ids[count.index]
application_security_group_id =
data.azurerm_application_security_group.infra-asg.id
}
You already have your output done on your vm module so this will work. Dont forget to do a terraform init after the changes so your root will get the latest changes from modules. Hope this helps
- Azure DevOps Pipelines: TerraformTaskV4: init with different subscription and Workflow Identity Federation
- failing to build local docker image
- Is provider variable possible in terraform?
- Cannot deploy public api on Cloud Run using Terraform
- Constant "Error: Could not load plugin: Plugin reinitialization required" in Jenkins job
- Terraform big query data transfer Error: Missing parameter: connector.endpoint.host. Config name
- terraform when using data sources no stored state was found for the given workspace in the given backend
- Terraform: AWS Lambda with Image not updating
- How can we enable Amazon S3 replication modification sync in terraform?
- ERROR aws_cloudwatch_log_subscription_filter to AWS Lambda with Terraform
- Terraform: How can I reference Terraform cloud environmental variables?
- Create AWS_API_GATEWAY_RESOURCES in a loop
- (Terraform, GCP) Error 403: Permission denied to list services for consumer container [projects/335478934851]
- Terraform How to execute a block conditionally
- Moving resources between CloudFormation stacks
- Adding Graph API application permission via Terraform shows corrupted IDs instead of scope names
- How to create a AWS Cognito user with Terraform
- Allow injecting different provider aliases into a custom terraform module
- Error acquiring the state lock: ConditionalCheckFailedException
- Should I commit my .terraform-version file?
- Issue with adding delegated Graph API permission to Enterprise app with Terraform
- terraform azure application gateway recreated when add new rule
- Unable to execute Terraform after converting Service Connection to Workload Identity
- `Error 403: Insufficient regional quota to satisfy request: resource "SSD_TOTAL_GB"` when creating kubernetes cluster with terraform
- How to parameterize prevent_destroy lifecycle configuration in Terraform?
- how to specify azurerm_linux_web_app storage block mount type in terraform
- Merge some keys of a Terraform map
- Pulumi Terraform Provider reports required field missing that is definetely passed on
- Overwrite attribute in Terraform variable object
- Ambiguous move statement errors in Terraform