Data Source

Terraform is capabale of connecting to external APIs and querying them. AWS exposes it's services through a REST API. Terraform AWS provider is capable of querying this REST API and make the results available to the infrastructure code.

In the below example I am going to query for the CIDRs avaiable in a region and assign them in a security group.

First things first, let's create a file with the name providers.tf,

provider "aws" {
  region = var.AWS_REGION
}

Create a file with the name vars.tf,

variable "AWS_REGION" {
  default = "eu-west-1"
}

Create a file with the name securitygroup.tf,

data "aws_ip_ranges" "european_ec2" {
  regions  = ["eu-west-1", "eu-central-1"]
  services = ["ec2"]
}

resource "aws_security_group" "from_europe" {
  name = "from_europe"

  ingress {
    from_port   = "443"
    to_port     = "443"
    protocol    = "tcp"
    cidr_blocks = slice(data.aws_ip_ranges.european_ec2.cidr_blocks, 0, 50)
  }
  tags = {
    CreateDate = data.aws_ip_ranges.european_ec2.create_date
    SyncToken  = data.aws_ip_ranges.european_ec2.sync_token
  }
}

In here, first I define the data source that querys the aws_ip_ranges which returns the IP ranges and I filter the returned values to contain only what's available in european_ec2. Next I define the security group itself. This includes a CIDR block defined using the values returned by the data source. Finally, I've added some tags in there again by consuming the values returned by data source.

Initialize the providers,

$ terraform init
Initializing the backend...
Terraform has detected you're unconfiguring your previously set "s3" backend.


Successfully unset the backend "s3". Terraform will now operate locally.

Initializing provider plugins...
- Finding latest version of hashicorp/aws...
- Installing hashicorp/aws v3.39.0...
- Installed hashicorp/aws v3.39.0 (self-signed, key ID 34365D9472D7468F)

Partner and community providers are signed by their developers.
If you'd like to know more about provider signing, you can read about it here:
https://www.terraform.io/docs/cli/plugins/signing.html

Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

Apply the changes,

$ terraform apply
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # aws_security_group.from_europe will be created
  + resource "aws_security_group" "from_europe" {
      + arn                    = (known after apply)
      + description            = "Managed by Terraform"
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = [
          + {
              + cidr_blocks      = [
                  + "108.128.0.0/13",
                  + "15.177.68.0/23",
                  + "15.177.75.0/24",
                  + "15.177.89.0/24",
                  + "15.193.4.0/24",
                  + "162.213.232.0/24",
                  + "162.213.233.0/24",
                  + "162.213.234.0/23",
                  + "176.34.128.0/17",
                  + "176.34.64.0/18",
                  + "18.153.0.0/16",
                  + "18.156.0.0/14",
                  + "18.184.0.0/15",
                  + "18.192.0.0/15",
                  + "18.194.0.0/15",
                  + "18.196.0.0/15",
                  + "18.198.0.0/15",
                  + "18.200.0.0/16",
                  + "18.201.0.0/16",
                  + "18.202.0.0/15",
                  + "185.48.120.0/22",
                  + "195.17.0.0/24",
                  + "208.86.90.0/23",
                  + "3.120.0.0/14",
                  + "3.124.0.0/14",
                  + "3.248.0.0/13",
                  + "3.5.134.0/23",
                  + "3.5.136.0/22",
                  + "3.5.64.0/21",
                  + "3.5.72.0/23",
                  + "3.64.0.0/12",
                  + "34.240.0.0/13",
                  + "34.248.0.0/13",
                  + "35.156.0.0/14",
                  + "46.137.0.0/17",
                  + "46.137.128.0/18",
                  + "46.51.128.0/18",
                  + "46.51.192.0/20",
                  + "52.16.0.0/15",
                  + "52.18.0.0/15",
                  + "52.208.0.0/13",
                  + "52.28.0.0/16",
                  + "52.29.0.0/16",
                  + "52.30.0.0/15",
                  + "52.46.184.0/22",
                  + "52.48.0.0/14",
                  + "52.57.0.0/16",
                  + "52.58.0.0/15",
                  + "52.94.248.112/28",
                  + "52.94.248.16/28",
                ]
              + description      = ""
              + from_port        = 443
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = []
              + self             = false
              + to_port          = 443
            },
        ]
      + name                   = "from_europe"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "CreateDate" = "2021-05-07-18-14-13"
          + "SyncToken"  = "1620411253"
        }
      + tags_all               = {
          + "CreateDate" = "2021-05-07-18-14-13"
          + "SyncToken"  = "1620411253"
        }
      + vpc_id                 = (known after apply)
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

aws_security_group.from_europe: Creating...
aws_security_group.from_europe: Creation complete after 6s [id=sg-002371fc64a4415a6]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

Don't forget to clean up once experiments are done,

$ terraform destroy

PreviousTerraform-AWS NextTerraform

Last updated 4 years ago

Was this helpful?