Terraform Dynamic Block

In this blog, we are going to create a security group and assign it to the instance.

Terraform dynamic blocks

Terraform dynamic blocks are a special Terraform block type that provides the functionality of a for expression by creating multiple nested blocks.

The need to create identical (or similar) infrastructure resources is common. A standard use case is multiple virtual server instances on a cloud platform like AWS or Azure Terraform provides routines such as for_eachand countto simplify deploying these resources, removing the requirement for large blocks of duplicate code.

Additionally, teams may need to configure multiple duplicate elements withina resource. In conjunction with a for_eachroutine, dynamic blocks are used within an infrastructure resource to remove the need for multiple duplicate "blocks" of Terraform code.

Benefits of dynamic blocks

The key benefits of Terraform dynamic blocks are:

  • Speed-- simplifying the code makes it much quicker to write and also for it to be processed and thus for the infrastructure to be deployed.
  • Reliability-- linked to clarity and re-use, errors are less likely to be made in simple, easy-to-read code.
  • Re-use-- copying, pasting, and amending large blocks of code is difficult and tedious. Combine dynamic blocks and variables/parameters to streamline this process.
  • Clarity-- in contrast to multiple blocks of repetitive code, it's much easier to read and understand code written using dynamic blocks.

let's create a file aws-sg.tf with below content.

# creating security group
resource "aws_security_group" "allow_tls" {
  name        = "allow_tls"
  description = "Allow TLS inbound traffic"
  dynamic "ingress" {
    for_each = [80,8080,443,9090,9000]
    iterator = port
    content {
      description = "TLS from VPC"
      from_port   = port.value
      to_port     = port.value
      protocol    = "tcp"
      cidr_blocks = [""]
  egress {
    from_port        = 0
    to_port          = 0
    protocol         = "-1"
    cidr_blocks      = [""]
    ipv6_cidr_blocks = ["::/0"]

In the above code, we are using a dynamic block to open ports 80,8080,443,9090,9000. you change the values as per your requirement.

now let's modify the instance.tf file, with the below content.

# creating instance.
resource "aws_instance" "web" {
  ami                    = data.aws_ami.ubuntu.id
  instance_type          = var.instance_type
  key_name               = aws_key_pair.key-tf.key_name
  vpc_security_group_ids = ["${aws_security_group.allow_tls.id}"]
  tags = {
    Name = "first-tf-instance"

let's destroy first the already create infrastructure using the terraform destroy command and then again run terraform apply command you can verify that an instance, security group, and ssh key pair are created and the key-pair and security group attached to that instance.

Demo Video