0

folder structure.

I am creating the following for 2 seperate applications using same modules in terragrunt

  • LB
  • Instances
  • Security Groups

my question is how do I reference a security group created for app1 in app2?

eg.

in app1 I can references it as security_groups = ["${aws_security_group.sec_group_A.id}"] how can I refer the same security group in app2?

resource "aws_security_group" "sec_group_A" { 
  name   =   "sec_group_A"
  ...
  ...
  }

resource "aws_elb" "bar" {
  name               = "foobar-terraform-elb"
  security_groups    =  ["${aws_security_group.sec_group_A.id}"]
  ...
  ...
  }
testuser
  • 33
  • 4

2 Answers2

0

I have no experience of using terragrunt, but normally I would be calling my modules from a "main.tf" file in the root of the project. An example folder structure is below

.
├── main.tf
└── modules
    ├── app1
    │   ├── main.tf
    │   ├── outputs.tf
    │   └── variables.tf
    └── app2
        ├── main.tf
        ├── outputs.tf
        └── variables.tf

My app1 outputs.tf declares a security group A output

output "sec_group_a" { value = "${aws_security_group.sec_group_A}" }

I can then call this output in my main.tf file in the root of the project. This would look something like the below

module "app1" {
  source = "./modules/app1"
  ...
  // Pass in my variables
}

module "app2" {
  source = "./modules/app2"
  sec_group_A = "${module.app1.sec_group_A}"
  ...
  //Pass in the rest of my variables
}

Finally inside of the app2 module you can call this as you would any other variable.

resource "aws_elb" "bar" {
  name               = "foobar-terraform-elb"
  security_groups    =  ["${var.sec_group_A.id}"]
  ...
  ...
  }

I'd read up on modules here https://www.terraform.io/docs/modules/index.html to get a better understanding of how they fit together.

Alternatively you can grab the data from your remote state (if you have one configured) as long as sec_group_A declared as an output in app1. See https://www.terraform.io/docs/providers/terraform/d/remote_state.html

tedsmitt
  • 716
  • 4
  • 8
0

In app2, you can:

data "aws_security_group" "other" {
    name = "sec_group_A"
}

and then use the ID:

resource "aws_elb" "bar" {
    name               = "foobar-terraform-elb"
    security_groups    =  ["${data.aws_security_group.other.id}"]
    ...
    ...
}

(caveat for using data is that you are running two separate terraform applys - one configuration creates the group, and other configuration references the group).

Peter McEvoy
  • 2,816
  • 19
  • 24
  • this would give me the id for security group created in app2 – testuser Jun 18 '19 at 23:43
  • EH - no... the group created in app A is called "sec_group_A" and presumably has an app specific unique name. Using the `data` item, you find it by name and use it's id in your ELB declaration in the second configuration – Peter McEvoy Jun 19 '19 at 10:21
  • that worked thanx, another related question,how can I create that resource first i.e. if app2 is using a secgroup created in app1 how can I tell terraform to build app1 first and then app2 – testuser Jun 20 '19 at 04:40
  • In that case you are using the wrong strategy: you need a single configuration that creates both apps and you let terraform figure out the dependency graph. I personally have moved away from those mega-configs, perfering to limit the "blast radius" of an individual config and let each config manage smaller amounts. I go old school and number my folders (10-Groups\; 15-AppA\; 20-AppB\). Any other scripting tech can iterate over the folders if I need – Peter McEvoy Jun 20 '19 at 08:08
  • can you please give an example of what you think I should do and also how you do it as well? – testuser Jun 20 '19 at 13:56