动态创建 Terraform Cloudwatch 仪表板

Question

Overview

Currently, dashboards are being deployed via Terraform using values from a dictionary in locals.tf:

resource "aws_cloudwatch_dashboard" "my_alb" {
  for_each       = local.env_mapping[var.env]
  dashboard_name = "${each.key}_alb_web_operational"
  dashboard_body = templatefile("templates/alb_ops.tpl", {
    environment = each.value.env,
    account     = each.value.account,
    region      = each.value.region,
    alb         = each.value.alb
    tg          = each.value.alb_tg
  }

This leads to fragility because the values of AWS infrastructure resources like the ALB and ALB target group are hard coded. Sometimes when applying updates AWS resources are destroyed and recreated.

Question

What's the best approach to get these values dynamically? For example, this could be achieved by writing a Python/Boto3 Lambda, which looks up these values and then passes them to Terraform as env variables. Are there any other recommended ways to achieve the same?

Answer 1

It depends on how much environment is dynamical . But sounds like Terraformdata sources is what you are looking for.

Usually, loadbalancer names are fixed or generated by some rule and should be known before creating dashboard.

Let's suppose that names are fixed, and names are:

variable "loadbalancers" {
  type = object
  default = {
    alb01 = "alb01",
    alb02 = "alb02"
  }
}

In this case loadbalancers may be taken by:

data "aws_lb" "albs" {
  for_each = var.loadbalancers
  name = each.value  # or each.key 
}

And after that you will be able to get dynamically generated parameters:

• data.aws_lb["alb01"].id
• data.aws_lb["alb01"].arn
• etc

If loadbalancer names are generated by some rule, you should use aws cli or aws cdk to get all names, or just generate names by same rule as it was generated inside AWS environment and pass inside Terraform variable.

Notice: terraform plan (apply, destroy) will raise error if you pass non-existent name. You should check if LB with provided name exists.