Table of Contents
Introduction
Some time ago, I was asked by the customer to create a Terraform module in AWS for deploying various resources. The module was meant to be used by the customer’s pipeline. The goal was to enable users to define the AWS Region where resources would be created.
Unlike Azure, where you can define the Azure Provider once and deploy the Azure resource across multiple Regions, in AWS, you cannot do that. In AWS, you need one AWS Provider per Region. That complicates things a bit when you face that issue for the first time. However, there is an easy solution to solve it. All you will need are Aliases and multiple provider definitions (Terraform Multiple Provider Configurations).
Passing the AWS Provider Credentials
Please note that the AWS Provider expects values for a couple of arguments: region, credentials (AWS Access Key ID and Secret Access Key). You have several options for passing the credentials securely. I will use the Terraform Cloud Workspace variables. When using TFC Variables to store your AWS Credentials, you must configure them as Environment variables.
Module Code
The module (which I store locally as a folder) will create a VPC. The user will have to provide the CIDR range and the Name.
The main.tf file:
resource "aws_vpc" "vpc" {
provider = aws.provider
cidr_block = var.vpc_cidr
tags = {
Name = var.vpc_name
}
}
The variables.tf file:
variable "vpc_cidr" {
type = string
}
variable "vpc_name" {
type = string
}
The versions.tf file:
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 6.0"
configuration_aliases = [ aws.provider ] # provider name will be passed to the module
}
}
required_version = ">= 1.2.0"
}
Very important! The usage of the argument called configuration_aliases inside the module allows two things:
- The provider configuration will be passed from the ROOT to the module (and it is the ROOT that will select the Region for the resource)
- The resources inside the module will be allowed to use the provider argument.
Main Code
Now, we are ready to deploy a couple of VPCs. Let’s create three VPCs across different regions.
The root versions.tf file:
terraform {
# please put your backend config here
cloud {
organization = "<your-org>"
workspaces {
name = "<tfc-workspace-name>"
}
}
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 6.0"
}
}
}
The root providers.tf file. I define three providers with Aliases. Each provider will have a different Region configured:
provider "aws" {
alias = "eu_west_1"
region = "eu-west-1"
}
provider "aws" {
alias = "eu_central_1"
region = "eu-central-1"
}
provider "aws" {
alias = "us_west_1"
region = "us-west-1"
}
The root main.tf file. I create three VPCs by calling my local module three times. Each time I use a different provider alias.
module "vpc-eu-central-1" {
source = "./vpc_module"
vpc_name = "vpc-eu-central-1"
vpc_cidr = "10.50.0.0/16"
providers = {
aws.provider = aws.eu_central_1 # we have to instruct the module what provider to be used
}
}
module "vpc-eu-west-1" {
source = "./vpc_module"
vpc_name = "vpc-eu-west-1"
vpc_cidr = "10.60.0.0/16"
providers = {
aws.provider = aws.eu_west_1 # we have to instruct the module what provider to be used
}
}
module "vpc-us-west-1" {
source = "./vpc_module"
vpc_name = "vpc-us-west-1"
vpc_cidr = "10.70.0.0/16"
providers = {
aws.provider = aws.us_west_1 # we have to instruct the module what provider to be used
}
}
The Result
Quick check in AWS Console, we can see three VPCs have been created:
