Terraform Interpolation Into a var with map lookup

1
votes

I have exported my current resources using Terraforming and got a huge file which holds all the security groups.

The thing is, that in each security group there are some rules which refers to the security groups IDs - which doesnt exists in the new region i'm planning to run terraform on. for example:

resource "aws_security_group" "my-group" {
    name        = "my-group"
    description = ""
    vpc_id      = "${var.vpc["production"]}"

    ingress {
        from_port       = 80
        to_port         = 80
        protocol        = "tcp"
        security_groups = ["sg-25bee542"] <-- this ID doesnt exists in the new region i'm planning to work on
        self            = false
    }

I've created a map with all the old security groups:

variable "security_groups" {
    type    = "map"
    default = {
        "sg-acd22fdb" = "default"
        "sg-52cd3025" = "my-group"
        "sg-25bee542" = "my-group2"
        ...
    }
}

Now I am trying to resolve the hard coded sg-*id* to the corresponding security group name and interpolate that into a variable so the first example will work this way:

resource "aws_security_group" "my-group" {
    name        = "my-group"
    description = ""
    vpc_id      = "${var.vpc["production"]}"

    ingress {
        from_port       = 80
        to_port         = 80
        protocol        = "tcp"
        security_groups = ["${aws_security_group.my-group2.id}"] <-- the 'my-group2' should be resolved from the map variable
        self            = false
    }

Something like:

resource "aws_security_group" "my-group" {
    name        = "my-group"
    description = ""
    vpc_id      = "${var.vpc["production"]}"

    ingress {
        from_port       = 80
        to_port         = 80
        protocol        = "tcp"
        security_groups = ["${aws_security_group.[lookup(security_groups,sg-25bee542]].id}"] <-- the 'my-group2' string should be resolved from the map variable by looking its sg ID
        self            = false
    }

I hope I made myself clear on that issue...any ideas?

2
terraform
Why not just find and replace in your editor since you already know what you want to replace them with? Why make Terraform do this?Brandon Miller
that will be the last option, its still a lot of work to replace all these security groups.Broshi
It looks like its impossible: github.com/hashicorp/terraform/issues/4816Broshi

2 Answers

2
votes

The way you access a map variable in terraform is like this

${var.security_groups["sg-acd22fdb"]}

If you want to get the sg_ID, you can create the map the other way around.

variable "security_groups" {
    type    = "map"
    default = {
        "default = "sg-acd22fdb"
        "my-group" = "sg-52cd3025"
        "my-group2" = "sg-25bee542"
        ...
    }
}

And then use 

${var.security_groups["my-group2"]}
1
votes

As suggested, you need to reverse the map. you can either reverse it at the origin (variable declaration) or use the transpose(map) function. something like

${transpose(var.security_groups)["sg-acd22fdb"]}

might work