Contents

Terraform Add Resources To Existing Infrastructure

Learn how to add more resources to existing infrastructure

Website Visitors:

Terraform is an amazing tool that lets you easily manage cloud resources. In this tutorial, we’ll show you how to add more resources to existing infrastructure.

Add more resources to existing infrastructure

When you try to add resources to an existing infrastructure deployed by terraform, it first deletes existing infrastructure that it deployed earlier and then starts deploying new.

  • If the resources you’re trying to create are not dependent on other services or has no issues in deleting them, terraform will delete them without any issues.

  • If there is any dependency on deleting that resource, terraform waits for the resource to be deleted and eventually times out. For example, trying to delete a security group assigned to an instance, before detaching it from the instance first. Here is a sample code for creating a security group. It creates a security group called “Terraform SG” and allows 443 port.

     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    
    resource "aws_security_group" "Terraform_SG" {
     name = "Terraform SG"
     description            = "Port for allowing https,ssh traffic"
     tags = {
       "Name" = "Terraform_SG"
     }
     egress                 {
             cidr_blocks      = [ "0.0.0.0/0" ]
             description      = "Allow all out"
             from_port        = 443
             protocol         = "tcp"
             self             = false
             to_port          = 443
         }
     ingress {
             cidr_blocks      = ["0.0.0.0/0"]
             description      = "Allow incoming 443"
             from_port        = 443
             protocol         = "tcp"
             self             = false
             to_port          = 443
         }
    }
    

You have created security group with above code and assigned it to an instance. Now you want to allow another port in the same security group. If you add an egress code or ingress code in the same security group it will not work as the security group is added to the instance. In this case, terraform cannot delete the security group so it fails.

To solve this, you should create a new resource group and add your second port details in that resource group and add a security group id parameter pointing it to the existing security group id like this:

1
2
3
4
5
6
7
8
9
  resource "aws_security_group_rule" "AddingSSHport" {
    description       = "Allow SSH port"
    type              = "ingress"
    security_group_id = aws_security_group.Terraform_SG.id
    from_port         = 22
    to_port           = 22
    protocol          = "tcp"
    cidr_blocks = [ "0.0.0.0/0" ]
}

Best practice in adding resources

In this scenario, we are looking at allowing port number to an existing security group. In order to add new ports to existing security group, create an empty security group and then create as many rules you need to it using group rule, like this:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
resource "aws_security_group" "Terraform_SG" {
    name = "Terraform SG"
    description            = "Port for allowing https,ssh traffic"
    tags = {
      "Name" = "Terraform_SG"
    }
}

resource "aws_security_group_rule" "AddingSSHport" {
  description       = "Allow SSH port"
  type              = "ingress"
  security_group_id = aws_security_group.Terraform_SG.id
  from_port         = 22
  to_port           = 22
  protocol          = "tcp"
  cidr_blocks = [ "0.0.0.0/0" ]
}

resource "aws_security_group_rule" "AddingHTTPSport" {
  description       = "Allow HTTPS port"
  type              = "ingress"
  security_group_id = aws_security_group.Terraform_SG.id
  from_port         = 443
  to_port           = 443
  protocol          = "tcp"
  cidr_blocks = [ "0.0.0.0/0" ]
}

resource "aws_security_group_rule" "AddingHTTPSport" {
  description       = "Allow HTTPS port"
  type              = "egress"
  security_group_id = aws_security_group.Terraform_SG.id
  from_port         = 443
  to_port           = 443
  protocol          = "tcp"
  cidr_blocks = [ "0.0.0.0/0" ]
}

This way, you can allow or deny more ports to an existing security group without terraform destroying it.

Suggested article

If you’d like to continue reading, checkout our other article Terraform count and conditionals here. All other DevOps categories are listed here: DevOps Tools. Have a look at the posts as per your topic of interest.

Conclusion

In this tutorial, we’ve explained how to add additional resources to your infrastructure already deployed by Terraform. We’ve also demonstrated examples for all the topics that are discussed. We hope you have learned something new in this article.

Please feel free to share your thoughts about this article in the comments section below.

Your inbox needs more DevOps articles.

Subscribe to get our latest content by email.