Intro
As with any software, terraform also has hidden gems waiting to be discovered, even after you've obtained your associate certification. Some features aren't always known until you need them, which is why we still a a lot to learn from the product. Today is one of those days! In this post, I will show how to deploy Multi-Region Resources using something called provider aliases.
Why multi region deploy isn’t that common ?
The reason why the provider alias feature is not commonly used is that most users typically deploy resources in a single region at a time. Unless you have a setup that requires a DR configuration with regional failover or a distributed workload across several regions. The provider block, which is placed in the root module of a Terraform configuration, dictates the default location where all resources will be created.
Understanding Provider Aliases
To support multi region deployment, you can include multiple configurations for a given provider by including multiple provider blocks with the same provider name, but different alias meta-argument for each additional configuration. see Hashicorp’s example below
# Default provider configuration #region1 (un-aliased)
provider "aws" {
region = "
us-east-1"
} }
# Extra configuration for #region2 (“us-west-2”), reference this as `aws.west`.
provider "aws" {
alias = "west" <<--------------- our identifier
region = "
us-west-2"
}
How to reference it from a resource block
To use extra provider configuration for a resource or data source, set its provider
argument to a <PROVIDER NAME>.<ALIAS>
defined earlier:
resource "aws_instance" "my_instance" {
provider = aws.west <<---- reference allowing the instance creation in us-west-2
…
}
Practical Scenario: Deploying Public IPs in Multiple Regions in OCI
Let's consider a scenario where a HA firewall setup (active-active) requires 4 public IP addresses in two different regions. We'll leverage provider aliases to achieve this multi-region deployment.
Toronto => primary site (default) while Montreal (aliased) => failover region
4 IPs per region will be deployed
Public IP for Firewall Primary VM management Interface
Public IP for Firewall Secondary VM management Interface
Floating Public IP for Firewall Untrust Interface
Floating Public IP for Firewall Untrust Interface inbound flow (frontend cluster ip)
Clone the repository
This is my own github repo, Pick an area on your file system and run the clone command
$ git clone https://github.com/brokedba/terraform-examples.git
$ git clone https://github.com/brokedba/terraform-examples.git
You will find our configuration under a subdirectory called terraform-provider-oci/publicIPs
Cd Into the subdirectory where our configuration resides and run the init
$ cd ~/terraform-examples/terraform-provider-oci/publicIPs
$ terraform init
$ cd ~/terraform-examples/terraform-provider-oci/publicIPs
$ terraform init
Here’s a tree of the files composing our configuration
$ tree
.
|-- variables.tf ---> Resource variables needed for the deploy including locals
|-- publicip.tf ---> Our main public IP resource declaration
|-- output.tf ---> displays the IP resources detail at the end of the deploy
|-- terraform.tfvars.template ---> environment_variables needed to authenticate to OCI
$ tree
.
|-- variables.tf ---> Resource variables needed for the deploy including locals
|-- publicip.tf ---> Our main public IP resource declaration
|-- output.tf ---> displays the IP resources detail at the end of the deploy
|-- terraform.tfvars.template ---> environment_variables needed to authenticate to OCI
Now let’s check how and where the aliases are defined and referenced
Provider block
Here, I explicitly set an alias for the default configuration ‘primary' but it’s not necessary. Only dr alias is needed.
# vi ./terraform-provider-oci/publicIPs/variables.tf
provider "oci" { # OPtional since it’s the default config
alias = "primary" <<--- Default region Toronto
tenancy_ocid = var.tenancy_ocid
user_ocid = var.user_ocid
fingerprint = var.fingerprint
private_key_path = var.private_key_path