Open in app

Sign in

Write

Sign in

Terraform: Connecting Resources using Remote State

Godfrey Menezes
3 min readAug 31, 2021

In my earlier article, I wrote about using an AWS S3 as storage for a remote state. The essence of having a remote storage would be to share configuration and resources that are defined in one script with another.

This article takes the following use case -

  • To create a AWS Security Group using a terraform script and have the state stored in a AWS S3 bucket.
  • Create an EC2 instance using another terraform script and link it to the Security Group created in previous script via the Remote State from S3.

Creating the Security Group

In the terraform script below, I’m creating a Security Group that stores the state in S3 storage bucket. The output of this will be in the outputs Web_Srv_SG_id. This value will be used in the EC2 instance script to use as the Security Group for that EC2 instance.

provider "aws" {
  region = "us-east-2"
}

#configure the created S3 bucket to save the remote storage.
terraform {
  backend "s3" {
    bucket = "gpm-tfstatestorage-s3"
    key    = "global/s3/sg.terraform.tfstate"
    region = "us-east-2"
  }
}

resource "aws_security_group" "Web_Srv_SG" {
  name = "Web_Srv_SG"
  #to utilize the varaiables make sure that variable.tf file is created
  ingress {
    from_port   = "8080"
    to_port     = "8080"
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

output "Web_Srv_SG_id" {
  description = "output Id of the service plan"
  value       = aws_security_group.Web_Srv_SG.id
}

Executing the script will should give the following result —

The Security Group is created in AWS. Take a note of this SG Id that will then be required as we associate with the EC2 instance.

The output in the state file stored in S3 bucket -

“outputs”: {
“Web_Srv_SG_id”: {
“value”: “sg-03c939c682f8638db”,
“type”: “string”
}
}

Creating the EC2 instance to associate with this Security Group

Next up use the following script to create a EC2 instance. To fetch the details from the remote state storage, use the data block which has the details about the remote storage configuration in italics. Use the output as in the input for the ‘vpc_security_group_ids’.

provider "aws" {
    region = "us-east-2"
}

locals  {
    instanceName = "test-instance"
}

data "terraform_remote_state" "network" {
    backend = "s3"
    config = {
        bucket = "gpm-tfstatestorage-s3"
        key    = "global/s3/sg.terraform.tfstate"
        region = "us-east-2"
    }
}

resource "aws_instance" "example-ec2"{
    ami = "ami-028f0daffc74d96ee"
    instance_type = "t2.micro"
    vpc_security_group_ids = [data.terraform_remote_state.network.outputs.Web_Srv_SG_id]
    tags = {
        Name = local.instanceName
        Sg = data.terraform_remote_state.network.outputs.Web_Srv_SG_id
    }
}

A successful execution of the Terraform script should yield an output that should look similar to this with the instance id.

The EC2 dashboard will corroborate the instance id and it should also show up the associated Security Group details that it has pulled from the S3 Remote State -

Conclusion

So I created a Security Group using a TF script and saved the state in a S3 storage. Used another script to get the Security Group from the remote storage and associate the EC2 instance with the Security Group.

This may be helpful with one has created a skeletal VPC with Security Group and Internet Gateway using a script and then later would have had associated an Auto Scaling Group or EC2 or even a Database to that to tie it together.

Terraform

--

--

Godfrey Menezes

Written by Godfrey Menezes

32 Followers

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams