Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
composition-1 {
infrastructure-module-1 {
data-source-1 => d1
resource-module-1 {
data-source-2 => d2
resource-1 (d1, d2)
resource-2 (d2)
}
resource-module-2 {
data-source-3 => d3
resource-3 (d1, d3)
resource-4 (d3)
}
}
}outputs.tf - contains outputs from the resources created in main.tfstage

variable "website" {
type = map(string)
default = {}
}
resource "aws_s3_bucket" "this" {
# omitted...
dynamic "website" {
for_each = length(keys(var.website)) == 0 ? [] : [var.website]
content {
index_document = website.value.index_document
error_document = lookup(website.value, "error_document", null)
}
}
}website = {
index_document = "index.html"
}variable "database_settings" {
description = "Database configuration with optional parameters"
type = object({
name = string
engine = string
instance_class = string
backup_retention = optional(number, 7)
monitoring_enabled = optional(bool, true)
tags = optional(map(string), {})
})
}# Fetch the secret’s metadata
data "aws_secretsmanager_secret" "db_password" {
name = "my-database-password"
}
# Get the latest secret value
data "aws_secretsmanager_secret_version" "db_password" {
secret_id = data.aws_secretsmanager_secret.db_password.id
}
# Use the secret without persisting it to state
resource "aws_db_instance" "example" {
engine = "mysql"
instance_class = "db.t3.micro"
name = "exampledb"
username = "admin"
# write-only: Terraform sends it to AWS then forgets it
password_wo = data.aws_secretsmanager_secret_version.db_password.secret_stringvariable "environment" {
description = "Environment name for resource tagging"
type = string
default = "dev"
validation {
condition = contains(["dev", "staging", "prod"], var.environment)
error_message = "Environment must be one of: dev, staging, prod."
}
}variable "database_config" {
description = "Database configuration"
type = object({
engine = string
instance_class = string
allocated_storage = number
})
validation {
condition = contains(["mysql", "postgres"], var.database_config.engine)
error_message = "Database engine must be either 'mysql' or 'postgres'."
}
}
variable "allowed_cidr_blocks" {
description = "List of CIDR blocks allowed to access resources"
type = list(string)
validation {
condition = alltrue([
for cidr in var.allowed_cidr_blocks : can(cidrhost(cidr, 0))
])
error_message = "All CIDR blocks must be valid IPv4 CIDR notation."
}
}# .pre-commit-config.yaml
repos:
- repo: https://github.com/antonbabenko/pre-commit-terraform
rev: v1.99.4
hooks:
- id: terraform_fmt[*]
indent_style = space
indent_size = 2
trim_trailing_whitespace = true
[*.{tf,tfvars}]
indent_style = space
indent_size = 2
[Makefile]
indent_style = tab# This is a comment explaining the resource
resource "aws_instance" "this" {
# ...
}# --------------------------------------------------
# AWS EC2 Instance Configuration
# --------------------------------------------------
resource "aws_instance" "this" {
# ...
}`resource "aws_route_table" "public" {}``resource "aws_route_table" "public_route_table" {}``resource "aws_route_table" "public_aws_route_table" {}`resource "aws_route_table" "public" {
count = 2
vpc_id = "vpc-12345678"
# ... remaining arguments omitted
}
resource "aws_route_table" "private" {
for_each = toset(["one", "two"])
vpc_id = "vpc-12345678"
# ... remaining arguments omitted
}resource "aws_route_table" "public" {
vpc_id = "vpc-12345678"
count = 2
# ... remaining arguments omitted
}resource "aws_nat_gateway" "this" {
count = 2
allocation_id = "..."
subnet_id = "..."
tags = {
Name = "..."
}
depends_on = [aws_internet_gateway.this]
lifecycle {
create_before_destroy = true
}
}resource "aws_nat_gateway" "this" {
count = 2
tags = "..."
depends_on = [aws_internet_gateway.this]
lifecycle {
create_before_destroy = true
}
allocation_id = "..."
subnet_id = "..."
}resource "aws_nat_gateway" "that" { # Best
count = var.create_public_subnets ? 1 : 0
}
resource "aws_nat_gateway" "this" { # Good
count = length(var.public_subnets) > 0 ? 1 : 0
}output "security_group_id" {
description = "The ID of the security group"
value = try(aws_security_group.this[0].id, aws_security_group.name_prefix[0].id, "")
}output "this_security_group_id" {
description = "The ID of the security group"
value = element(concat(coalescelist(aws_security_group.this.*.id, aws_security_group.web.*.id), [""]), 0)
}output "rds_cluster_instance_endpoints" {
description = "A list of all cluster instance endpoints"
value = aws_rds_cluster_instance.this.*.endpoint
}