Are you getting good at Terraform or wrestling with a bear?


Terraform can do some amazing things, but it can be a real headache sometimes. It can remind you that it’s a fledgling child in some ways.

Join 38,000 others and follow Sean Hull on twitter @hullsean.

I ran into a number of errors and frequent problems, so I thought I’d summarize those solutions.

Hope this helps you guys & girls out there wrestling with bears!

1. Problems with module source syntax

module "test-iheavy" {
  source = ""

Simple and innocuous looking right? Terraform doesn’t know how to even argue!

✦ terraform init   
Initializing modules...
- module.test-iheavy
  Getting source ""
Error downloading modules: Error loading modules: error downloading '': Get /account/signin/?next=/account/signin/%3Fnext%3D/account/signin/%253Fnext%253D/account/signin/%25253Fnext%25253D/account/signin/%2525253Fnext%2525253D/account/signin/%252525253Fnext%252525253D/account/signin/%25252525253Fnext%25252525253D/account/signin/%2525252525253Fnext%2525252525253D/account/signin/%252525252525253Fnext%252525252525253D/account/signin/%25252525252525253Fnext%25252525252525253D/iheavy/iheavy_automation.git%2525252525252525253Fterraform-get%2525252525252525253D1: stopped after 10 redirects

Well it's just terraform speaking in it's friendly way!

Change the source line and add "git::" and you're all set:

module "test-iheavy" {
  source = "git::"

Related: How do I migrate my skills to the cloud?

2. Trouble with S3 buckets?

S3 buckets are a real pain with infrastructure code. First time around you create them, and you're happy to move on. But later you try to destroy that infrastructure and rebuild, and inevitably your bucket has files in it.

Other scenarios include where separate infra code has created a shared bucket that you want to access.

The nature of S3 buckets means they are shared across infra, but terraform doesn't like to plan in others sandboxes.

One solution I've found that works well is to add an enable/disable flag.

resource "aws_s3_bucket" "sean-bucket" {
    count = "${var.enable-sean-bucket ? 1 : 0}"
    bucket = "${var.sean-bucket-name"

You'll also need to add and entry to your file:

variable "enable-sean-bucket" {
  default = "false"

Then inside your you can either enable it, or disable or leave at default without setting it at all.

module "test-iheavy" {
  source = ""

  enable-sean-bucket = true

Related: How to use terraform to setup vpc and bastion box

3. Play nice with git

Your .gitignore file will help you if only you put it to use.


Notice it's not just ".terraform". Sometimes terraform creates other .terraform-xyz directories, so if you just ignore .terraform you'll later get junk commiting to your git repo. Ugh.

Same for the state files, it creates other backup ones, and weird versioned ones.

The "*~" is because emacs writes autosave files with ~

Related: How to setup an amazon ecs cluster with terraform

Get more. Grab our exclusive monthly Scalable Startups. We share tips and special content. Our latest Why I don't work with recruiters