Terraform
Iterators in CDK for Terraform
Iterators let you loop over a collection of values. You can use them to create multiple resources of the same type based on dynamic data that is only known at runtime.
When to Use Iterators
Use iterators when you need to reference dynamic data that is not known until after Terraform applies a configuration. For example, instance IDs that cloud providers assign on creation.
When data is static or you know the values before synthesizing your code, we recommend using loops in your preferred programming language.
Define Iterators
Import the TerraformIterator
class and call the .fromList()
or .fromMap()
static method. Then use the forEach
property to pass the iterator to a resource, data source, or module. This lets you use the iterator in attributes.
The following example uses an iterator to create a unique name for each new S3 bucket.
import {
TerraformIterator,
TerraformLocal,
TerraformStack,
TerraformVariable,
Token,
} from "cdktf";
import { Construct } from "constructs";
import { AwsProvider } from "@cdktf/provider-aws/lib/aws-provider";
import { S3Bucket } from "@cdktf/provider-aws/lib/s3-bucket";
export class IteratorsStack extends TerraformStack {
constructor(scope: Construct, id: string) {
super(scope, id);
new AwsProvider(this, "aws", {
region: "us-west-2",
});
const list = new TerraformVariable(this, "list", {
type: "list(string)",
});
const simpleIterator = TerraformIterator.fromList(list.listValue);
new S3Bucket(this, "iterator-bucket", {
forEach: simpleIterator,
bucket: simpleIterator.value,
});
}
}
You cannot access the index of items when iterating over lists. This is because CDKTF implicitly converts lists to sets when iterating over them, but Terraform requires sets for iteration. This behavior prevents Terraform from accidentally deleting and recreating resources when their indices change. If you need an index, use an escape hatch with the count.index
property.
Using Iterators on Complex Types
The iterator also exposes methods to access nested attributes. The following example uses the getString
and getStringMap
methods to access the name
and tags
attributes of each list item.
import {
TerraformIterator,
TerraformLocal,
TerraformStack,
TerraformVariable,
Token,
} from "cdktf";
import { Construct } from "constructs";
import { AwsProvider } from "@cdktf/provider-aws/lib/aws-provider";
import { S3Bucket } from "@cdktf/provider-aws/lib/s3-bucket";
export class IteratorsStack extends TerraformStack {
constructor(scope: Construct, id: string) {
super(scope, id);
new AwsProvider(this, "aws", {
region: "us-west-2",
});
const complexIterator = TerraformIterator.fromMap({
website: {
name: "website-static-files",
tags: { app: "website" },
},
images: {
name: "images",
tags: { app: "image-converter" },
},
});
new S3Bucket(this, "complex-iterator-bucket", {
forEach: complexIterator,
bucket: complexIterator.getString("name"),
tags: complexIterator.getStringMap("tags"),
});
}
}
Using Iterators on Complex Lists
There are resources with attributes which are lists of objects whose properties are not all known at plan time. When trying to iterate over these directly, Terraform will error and complain about an invalid for_each
argument. To workaround this problem, you can use the TerraformIterator.fromComplexList()
method to create an iterator that transforms the list of objects into a map first, which has a key that is known at plan time and whose name is passed to that method. This is common for the aws_acm_certificate
resource, whose domain_validation_options
attribute is a list of objects with a domain_name
property that is known at plan time.
The following example validates an ACM certificate through DNS validation:
const cert = new AcmCertificate(this, "cert", {
domainName: "example.com",
validationMethod: "DNS",
});
const dataAwsRoute53ZoneExample = new DataAwsRoute53Zone(this, "dns_zone", {
name: "example.com",
privateZone: false,
});
const exampleForEachIterator = TerraformIterator.fromComplexList(
cert.domainValidationOptions,
"domain_name"
);
const records = new Route53Record(this, "record", {
forEach: exampleForEachIterator,
allowOverwrite: true,
name: exampleForEachIterator.getString("resource_record_name"),
records: [exampleForEachIterator.getString("resource_record_value")],
ttl: 60,
type: exampleForEachIterator.getString("resource_record_type"),
zoneId: dataAwsRoute53ZoneExample.zoneId,
});
const recordsIterator = TerraformIterator.fromResources(records);
new AcmCertificateValidation(this, "validation", {
certificateArn: cert.arn,
validationRecordFqdns: Token.asList(recordsIterator.pluckProperty("fqdn")),
});
Using Iterators for List Attributes
You can also use iterators to create a list of objects based on each item in a list and assign the result as a value to a property of a resource. This is equivalent to using Array.map
in TypeScript and using dynamic blocks in a Terraform HCL configuration.
Use iterators for list attributes if the length of the list is not known before deploying. Otherwise, use native functions that are available in your language (e.g., Array.map
in TypeScript).
The following examples use an iterator to create a team containing each member of an organization.
const orgName = "my-org";
new GithubProvider(this, "github", {
organization: orgName,
});
const team = new Team(this, "core-team", {
name: "core",
});
const orgMembers = new DataGithubOrganization(this, "org", {
name: orgName,
});
const orgMemberIterator = TerraformIterator.fromList(orgMembers.members);
new TeamMembers(this, "members", {
teamId: team.id,
members: orgMemberIterator.dynamic({
username: orgMemberIterator.value,
role: "maintainer",
}),
});
Chaining Iterators
Sometimes the need arises to loop over resources created through an iterator; commonly referred to as chaining.
To chain iterators you can use the TerraformIterator.fromResources
or TerraformIterator.fromDataSources
methods with the resource or data source you want to chain as an argument.
const s3BucketConfigurationIterator = TerraformIterator.fromMap({
website: {
name: "website-static-files",
tags: { app: "website" },
},
images: {
name: "images",
tags: { app: "image-converter" },
},
});
const s3Buckets = new S3Bucket(this, "complex-iterator-buckets", {
forEach: s3BucketConfigurationIterator,
bucket: s3BucketConfigurationIterator.getString("name"),
tags: s3BucketConfigurationIterator.getStringMap("tags"),
});
// This would be TerraformIterator.fromDataSources for data_sources
const s3BucketsIterator = TerraformIterator.fromResources(s3Buckets);
const helpFile = new TerraformAsset(this, "help", {
path: "./help",
});
new S3BucketObject(this, "object", {
forEach: s3BucketsIterator,
bucket: s3BucketsIterator.getString("id"),
key: "help",
source: helpFile.path,
});
Using for expressions
To use the values of an iterator for example in a list attribute for a resource you can use one of the following methods (given that iterator
got created through one of the static methods on TerraformIterator
):
iterator.keys()
: Results in equivalent of[for k, v in var.iteratorSource : k]
.iterator.values()
: Results in equivalent of[for k, v in var.iteratorSource : v]
.iterator.pluckProperty("foo")
: Results in equivalent of[for k, v in var.iteratorSource : v.foo]
.iterator.forExpressionForList('uppercase(val.owner) if val.owner != ""')
: Results in equivalent of[ for key, val in toset(var.list): uppercase(val.owner) if val.owner != "" ]
.iterator.forExpressionForMap("val.teamName",
join(",", val.teamMembers) if length(val.teamMembers) > 0)
: Results in equivalent of{ for key, val in toset(var.list): val.teamName => join(",", val.teamMembers) if length(val.teamMembers) > 0 }
.
const mapIterator = TerraformIterator.fromMap({
website: {
name: "website-static-files",
tags: { app: "website" },
included: true,
},
images: {
name: "images",
tags: { app: "image-converter" },
},
});
new TerraformLocal(this, "list-of-keys", mapIterator.keys());
new TerraformLocal(this, "list-of-values", mapIterator.values());
new TerraformLocal(this, "list-of-names", mapIterator.pluckProperty("name"));
new TerraformLocal(
this,
"list-of-names-of-included",
mapIterator.forExpressionForList("val.name if val.included")
);
new TerraformLocal(
this,
"map-with-names-as-key-and-tags-as-value-of-included",
mapIterator.forExpressionForMap("val.name", "val.tags if val.included")
);
Using Count
You can also use the TerraformCount
class to achieve the equivalent of setting count
on resources in HCL Terraform. Refer to the Terraform docs for more information on the count meta argument.
This is useful when there's a numeric value that is only known at runtime that affects the amount of resources that should be created and those resources are almost identical. For most cases, however, Iterators are preferred over count
. Refer to the Terraform docs for the underlying reasons.
The following examples use TerraformCount
to create a specific amount of instances that is defined via a Terraform variable.
const servers = new TerraformVariable(this, "servers", {
type: "number",
});
const count = TerraformCount.of(servers.numberValue);
new Instance(this, "server", {
count: count,
ami: "ami-a1b2c3d4",
instanceType: "t2.micro",
tags: {
Name: "Server ${" + count.index + "}",
},
});