Mastering Terraform’s for_each: Practical Examples to Scale Your Infrastructure

Introduction

Terraform’s for_each argument is a powerful feature that allows you to manage multiple instances of infrastructure resources efficiently. Whether you’re deploying multiple virtual machines, creating several database instances, or configuring numerous network settings, for_each simplifies the process by iterating over a collection of values. This article explores the practical applications of for_each, providing real-world examples and best practices to help you scale your infrastructure management capabilities. By mastering for_each, you can write more concise and maintainable Terraform configurations.

Understanding the Basics of for_each

The for_each argument is used in Terraform to create multiple instances of a resource or module by iterating over a collection of values. Unlike the count argument, which simply creates a specified number of identical resources, for_each allows you to customize each instance based on the values in the collection. This makes it particularly useful when you need to manage resources that require unique configurations.

A common use case is when you need to create multiple resources with slight variations, such as users with different roles or virtual machines with varying sizes. Instead of writing separate resource blocks for each instance, you can use for_each to loop over a list or map and generate the resources dynamically.

Practical Example: Deploying Multiple Virtual Machines

Let’s consider a scenario where you need to deploy multiple virtual machines (VMs) with different configurations. Each VM might have a unique name, size, and role. Without for_each, you would need to write a separate resource block for each VM, leading to repetitive and hard-to-maintain code.

Using for_each, you can define a single resource block and iterate over a list of VM configurations. Here’s an example:

locals {
    vms = [
        { name = "web-server", size = "small", role = "web" },
        { name = "database-server", size = "large", role = "db" },
        { name = "backup-server", size = "medium", role = "backup" }
    ]
}

resource "example_vm" "this" {
    for_each = { for vm in local.vms : vm.name => vm }

    name = each.value.name
    size = each.value.size
    role = each.value.role
}

In this example, Terraform will create three VMs, each with its own name, size, and role, by iterating over the local.vms list. The for_each argument maps each item in the list to a unique key (in this case, the VM name), and the resource block uses each.value to access the properties of each item.

Dynamic Infrastructure Configuration with for_each

One of the most powerful features of for_each is its ability to handle dynamic infrastructure configurations. Instead of hardcoding values, you can use variables or external data sources to define the set of resources you want to create. This approach is particularly useful in environments where infrastructure needs change frequently or are determined by external factors, such as user input or application requirements.

For example, you might want to create a set of AWS IAM roles based on a list of departments in your organization. By using for_each with a variable that contains the list of departments, you can dynamically generate the appropriate IAM roles and policies without modifying the underlying Terraform code.

variable "departments" {
    type = list(string)
    default = ["engineering", "marketing", "sales"]
}

resource "aws_iam_role" "this" {
    for_each = toset(var.departments)
    
    name = "role-${each.value}"
    
    assume_role_policy = jsonencode({
        Version = "2012-10-17"
        Statement = [
            {
                Action = "sts:AssumeRole"
                Principal = {
                    Service = "ec2.amazonaws.com"
                }
                Effect = "Allow"
            }
        ]
    })
}

This code snippet demonstrates how to use for_each with a variable to create multiple IAM roles. Each role is named based on the department, and the assume role policy is consistent across all roles. This approach reduces redundancy and makes it easy to add or remove roles by simply modifying the departments list.

Best Practices for Using for_each

While for_each is a powerful tool, there are some best practices to keep in mind to ensure you get the most out of it:

• Use Meaningful Keys: When iterating over a map, make sure the keys are meaningful and unique. This helps in identifying resources and troubleshooting issues.
• Keep Configurations DRY: Avoid duplicating code by leveraging for_each to manage multiple resources with similar configurations.
• Test Thoroughly: Always test your Terraform configurations in a development environment before applying them to production. This ensures that the for_each logic works as expected.
• Use Local Variables: Organize your data into local variables or maps to make your code more readable and maintainable.

Conclusion

Terraform’s for_each argument is an essential tool for managing multiple infrastructure resources efficiently. By iterating over collections of values, you can create dynamic and scalable configurations that reduce redundancy and improve maintainability. Whether you’re deploying virtual machines, creating IAM roles, or configuring network settings, for_each provides a flexible and powerful way to handle complex infrastructure needs. By following the best practices outlined in this article, you can unlock the full potential of for_each and take your Terraform skills to the next level.