Day 12 - Terraform Functions Part 2

Today I continued my Terraform journey by working with advanced built-in functions.

Day 11 focused on transforming values for resources.
Day 12 focused on validating inputs, handling files, securing data, and preparing values before they are used.

The biggest realization today was:

Not everything in Terraform creates AWS resources.
Some parts only process data.

Understanding the Flow

Terraform works in layers:

terraform.tfvars → locals.tf → main.tf → outputs.tf
  • Inputs come from terraform.tfvars
  • Functions process data in locals.tf
  • Resources are created in main.tf
  • Results are displayed using outputs.tf

Some assignments only use the first 3 steps and never reach AWS.

What I Learned

Backup Validation

I used endswith() in variable validation.

This prevents invalid values before Terraform even runs a plan.

This happens before any AWS resource is created.

validation error when backup name is wrong



Sensitive Data

I marked outputs as sensitive = true.

This hides values like passwords in CLI output.

This is about protecting data, not creating resources.

sensitive output hidden


File Handling

Using fileexists() and dirname(), I checked if a file exists and extracted its directory.

This is local file processing, not AWS interaction.

file exists output



Region Deduplication (Important Insight)

Using concat() and toset(), I combined region lists and removed duplicates.

all_regions    = concat(var.primary_regions, var.secondary_regions)
unique_regions = toset(local.all_regions)

This does not create any AWS resource
It only transforms data inside Terraform

This is why main.tf is not involved here.

 regions output



Cost Calculation

Using sum(), abs(), and max(), I calculated total cost and ensured it never goes negative.

Again, pure data processing.

cost calculation output


Timestamp Usage

Using timestamp() and formatdate(), I generated time values.

These were then used in an S3 bucket resource:

resource "aws_s3_bucket" "day12_bucket" {
  bucket = "jay-day12-${local.timestamp_safe_name}"
}

This is where data processing meets real AWS resource creation.

I generated a timestamp using Terraform functions and used it to create a unique S3 bucket.

The timestamp was first processed into a safe format and then used inside the resource:

This showed how Terraform can:

  • generate dynamic values
  • process them safely
  • and directly use them in AWS resources

This was the point where data transformation met real infrastructure creation.




JSON and Secrets Manager

Using file() and jsondecode(), I read JSON content:

config_json = jsondecode(file(var.config_file))

Then stored it in AWS Secrets Manager:

resource "aws_secretsmanager_secret_version" "config_secret_value" {
  secret_string = jsonencode(local.config_json)
}

This is a full real-world flow:

File → Decode → Store in AWS

Secrets Manager entry


Key Insight

Terraform does two types of work:

1. Data Processing (No AWS)

  • concat
  • toset
  • sum
  • abs
  • fileexists
  • jsondecode

Happens inside Terraform only

2. Resource Creation (AWS)

  • aws_vpc
  • aws_s3_bucket
  • aws_instance
  • aws_secretsmanager_secret

Happens in AWS

Final Thought

Terraform is not just about creating resources.

It is also a powerful tool for:

  • validating inputs
  • transforming data
  • preparing values safely
  • protecting sensitive information

Day 12 felt like the shift from writing code to building reliable systems.

Video Reference



Jay

Comments

Post a Comment

Popular posts from this blog

ASM Integrity check failed with PRCT-1225 and PRCT-1011 errors while creating database using DBCA on Exadata 3 node RAC

Image
  Error: The error message PRCT-1225: failed to verify Oracle Automatic Storage Management (Oracle ASM) user credentials using the command 'asmcmd credverify' indicates that the asmcmd credverify command failed to verify the Oracle ASM user credentials. This can happen for a number of reasons, including: The user credentials are incorrect. The user credentials file is corrupted. The user does not have the necessary permissions to run the asmcmd credverify command. There is a problem with the Oracle ASM instance. To troubleshoot this error, you can try the following: Make sure that the user credentials are correct. You can do this by trying to log in to the Oracle ASM instance using the same credentials. Check the user credentials file for errors. You can do this by using a text editor to open the file and inspect the contents. Make sure that the user has the necessary permissions to run the asmcmd credverify command. You can do this by checking the user's permissi...
Read more

Lock Tables in MariaDB

Whether or not you need to lock tables while backing up MariaDB depends on a few factors, including the type of backup you are performing and the tools you are using. If you are performing a full backup , you should lock the tables to ensure that the backup is consistent. This is because a full backup copies all of the data in the database, including any data that is currently being modified by transactions. If you do not lock the tables, it is possible that the backup could contain inconsistent data. If you are performing a differential backup or an incremental backup , you may not need to lock the tables. Differential and incremental backups only copy the data that has changed since the previous backup. This means that the data is already consistent, so there is no need to lock the tables. However, some backup tools may require you to lock the tables, even if you are performing a differential or incremental backup. This is because these tools may need to modify the database in some ...
Read more

Life is beautiful

Image
Life brings unexpected tragedies that are beyond our control. It's heartbreaking to witness people facing circumstances they never chose. We react with tears and inevitably wonder, "What if that happens to me?" As humans, we naturally focus on the positive and avoid dwelling on such thoughts—and that's healthy. But this perspective has shaped how I approach life: Am I prepared for these scenarios? Are my loved ones protected if something goes wrong? If I were to die, I couldn't be there to tell them to stay strong—they'd have to face that grief alone. But I can give them financial security through proper planning, wills, and trusts. These are tangible ways to care for them even when I'm gone. Beyond that, what else can I control? I don't waste energy worrying about an uncertain past or future. Instead, I choose to spread peace, truly listen to others, and share genuine smiles. I embrace the principle of living fully while letting others do the same. ...
Read more