Day 10 - Terraform Dynamic Blocks, Conditional Expressions, and Splat Expressions

There is a moment in learning Terraform where it stops feeling like writing static code, and starts feeling like shaping logic. Day 10 was that moment for me.

Until now, I was defining resources directly. Today, I learned how to make Terraform think, repeat intelligently, and extract data cleanly.

The three pillars of today’s learning:

Conditional Expressions
Dynamic Blocks
Splat Expressions

What I Built

To understand these concepts, I created a simple but meaningful setup:

  • S3 buckets with environment-based logic
  • A security group with multiple ingress rules
  • Outputs that collect values dynamically

Nothing too fancy. But powerful enough to understand how real-world Terraform becomes scalable.

Conditional Expressions

What It Means

Conditional expressions allow Terraform to choose values based on conditions.

Simple idea:

If something is true → use one value
If not → use another

Example I Used

bucket_count = var.environment == "prod" ? 2 : 1

This means:

  • In dev → create 1 bucket
  • In prod → create 2 buckets

Why This Matters

Instead of writing separate configurations for dev and prod, I now have one smart configuration.

What I Tested

I first ran Terraform with:

environment = "dev"

Then changed to:

environment = "prod"

Terraform apply with environment = dev


Terraform apply after changing to prod

  • Increase in bucket count
  • Versioning change
  • No code duplication

This is Terraform becoming dynamic and environment-aware.


Dynamic Blocks

What It Means

Dynamic blocks help generate multiple nested blocks without repeating code.

Instead of writing 3 ingress rules manually… Terraform builds them using a loop.

Example I Used

dynamic "ingress" {
  for_each = var.ingress_rules

  content {
    description = ingress.value.description
    from_port   = ingress.value.from_port
    to_port     = ingress.value.to_port
    protocol    = ingress.value.protocol
    cidr_blocks = ingress.value.cidr_blocks
  }
}

Where the Data Comes From

ingress_rules = [
  { from_port = 22, to_port = 22, protocol = "tcp", cidr_blocks = ["0.0.0.0/0"], description = "SSH" },
  { from_port = 80, to_port = 80, protocol = "tcp", cidr_blocks = ["0.0.0.0/0"], description = "HTTP" },
  { from_port = 443, to_port = 443, protocol = "tcp", cidr_blocks = ["0.0.0.0/0"], description = "HTTPS" }
]

Why This Matters

Without dynamic blocks, I would write 3 separate ingress blocks.

With dynamic blocks, I only write logic once… and scale infinitely.

What I Tested

I added 3 ingress rules in terraform.tfvars.

Then ran:

terraform plan

terraform.tfvars showing multiple ingress rules


Terraform plan showing multiple ingress blocks being created


Splat Expressions

What It Means

Splat expressions extract values from multiple resources in one line.

Think of it like saying:

“Give me this field from everything.”

Example I Used

aws_s3_bucket.demo[*].bucket

This collects all bucket names.

Outputs I Created

output "bucket_names" {
  value = aws_s3_bucket.demo[*].bucket
}

Why This Matters

When resources are created using count or for_each, splat expressions make outputs clean and readable.

What I Tested

After running:

terraform apply

Terraform returned multiple bucket names in output.

Terraform apply output:


or with environment as "dev" and "enable_versioning = false"


Key Learnings

Conditional expressions help Terraform make decisions.

Dynamic blocks eliminate repetitive nested configurations.

Splat expressions simplify extracting data from multiple resources.

Together, they transform Terraform from static scripts into flexible infrastructure logic.

Final Thoughts

Today felt like upgrading from writing instructions to designing behavior.

Less repetition.
More intelligence.
Cleaner code.

Terraform starts simple.
But when you learn expressions like these, it becomes something else entirely.

A system that adapts, just like the infrastructure it builds.

Video Reference


Jay

Comments

Post a Comment

Popular posts from this blog

ASM Integrity check failed with PRCT-1225 and PRCT-1011 errors while creating database using DBCA on Exadata 3 node RAC

Image
  Error: The error message PRCT-1225: failed to verify Oracle Automatic Storage Management (Oracle ASM) user credentials using the command 'asmcmd credverify' indicates that the asmcmd credverify command failed to verify the Oracle ASM user credentials. This can happen for a number of reasons, including: The user credentials are incorrect. The user credentials file is corrupted. The user does not have the necessary permissions to run the asmcmd credverify command. There is a problem with the Oracle ASM instance. To troubleshoot this error, you can try the following: Make sure that the user credentials are correct. You can do this by trying to log in to the Oracle ASM instance using the same credentials. Check the user credentials file for errors. You can do this by using a text editor to open the file and inspect the contents. Make sure that the user has the necessary permissions to run the asmcmd credverify command. You can do this by checking the user's permissi...
Read more

Lock Tables in MariaDB

Whether or not you need to lock tables while backing up MariaDB depends on a few factors, including the type of backup you are performing and the tools you are using. If you are performing a full backup , you should lock the tables to ensure that the backup is consistent. This is because a full backup copies all of the data in the database, including any data that is currently being modified by transactions. If you do not lock the tables, it is possible that the backup could contain inconsistent data. If you are performing a differential backup or an incremental backup , you may not need to lock the tables. Differential and incremental backups only copy the data that has changed since the previous backup. This means that the data is already consistent, so there is no need to lock the tables. However, some backup tools may require you to lock the tables, even if you are performing a differential or incremental backup. This is because these tools may need to modify the database in some ...
Read more

Life is beautiful

Image
Life brings unexpected tragedies that are beyond our control. It's heartbreaking to witness people facing circumstances they never chose. We react with tears and inevitably wonder, "What if that happens to me?" As humans, we naturally focus on the positive and avoid dwelling on such thoughts—and that's healthy. But this perspective has shaped how I approach life: Am I prepared for these scenarios? Are my loved ones protected if something goes wrong? If I were to die, I couldn't be there to tell them to stay strong—they'd have to face that grief alone. But I can give them financial security through proper planning, wills, and trusts. These are tangible ways to care for them even when I'm gone. Beyond that, what else can I control? I don't waste energy worrying about an uncertain past or future. Instead, I choose to spread peace, truly listen to others, and share genuine smiles. I embrace the principle of living fully while letting others do the same. ...
Read more