-1

I have created a set-up with main and disaster recovery website architecture in AWS using Terraform.

The main website is in region1 and disaster recovery is in region2. This script is created as different plans or different directories.

For region1, I created one directory which contains only the main website Terraform script to launch the main website infrastructure.

For region2, I created another directory which contains only the disaster recovery website Terraform script to launch the disaster recovery website infrastructure.

In my main website script, I need some values of the disaster recovery website such as VPC peering connection ID, DMS endpoint ARNs etc.

How can I reference these variables from the disaster recovery website directory to the main website directory?

ydaetskcoR
  • 53,225
  • 8
  • 158
  • 177
jawad846
  • 683
  • 1
  • 9
  • 21

1 Answers1

2

One option is to use the terraform_remote_state data source to fetch outputs from the other state file like this:

vpc/main.tf

resource "aws_vpc" "foo" {
  cidr_block = "10.0.0.0/16"
}

output "vpc_id" {
  value = "${aws_vpc.foo.id}"
}

route/main.tf

data "terraform_remote_state" "vpc" {
  backend = "s3"
  config {
    bucket = "mybucket"
    key    = "path/to/my/key"
    region = "us-east-1"
  }
}

resource "aws_route_table" "rt" {
  vpc_id = "${data.terraform_remote_state.vpc.vpc_id}"
}

However, it's nearly always better to just use the native data sources of the provider as long as they exist for the resource you need.

So in your case you will need to use data sources such as the aws_vpc_peering_connection data source to be able to establish cross VPC routing with something like this:

data "aws_vpc_peering_connection" "pc" {
  vpc_id          = "${data.aws_vpc.foo.id}"
  peer_cidr_block = "10.0.0.0/16"
}

resource "aws_route_table" "rt" {
  vpc_id = "${aws_vpc.foo.id}"
}

resource "aws_route" "r" {
  route_table_id            = "${aws_route_table.rt.id}"
  destination_cidr_block    = "${data.aws_vpc_peering_connection.pc.peer_cidr_block}"
  vpc_peering_connection_id = "${data.aws_vpc_peering_connection.pc.id}"
}

You'll need to do similar things for any other IDs or things you need to reference in your DR region.

It's worth noting that there's not any data sources for the DMS resources so you would either need to use the terraform_remote_state data source to fetch any IDs (such as the source and target endpoint ARNs to setup the aws_dms_replication_task or you could structure things so that all of the DMS stuff happens in the DR region and then you only need to refer to the other region's VPC ID, database names and potentially KMS key IDs which can all be done via data sources.

ydaetskcoR
  • 53,225
  • 8
  • 158
  • 177
  • Thanks@ydaetskcoR, – jawad846 Mar 22 '19 at 13:34
  • For VPC Peering I use this method, but am not understanding the remote_state. Could you please send me one example – jawad846 Mar 22 '19 at 13:35
  • 1
    Added a remote state data source example. I'd strongly recommend using the provider native data sources for everything instead of relying on remote state though. Back before data sources were a thing people had to either hard-code IDs (sometimes in large `lookup` maps) or used remote state to fetch IDs. Now that there are data sources for most resources in the AWS provider you should use this where possible. – ydaetskcoR Mar 22 '19 at 13:51