I would like to know if is considered proper Terraform coding standards to use some sort of encapsulation form to manipulate variables type.
IMO, this the correct way of using variables:
provider "aws" {
allowed_account_ids = account_ids
region = "us-east-1"
}
variable "account_ids" {
description = "List of account IDs"
type = list(string)
default = ["1234567890"]
}
I believe this is an improper way and should not be used:
provider "aws" {
allowed_account_ids = [account_id]
region = "us-east-1"
}
variable "account_id" {
description = "Account ID"
type = string
default = "1234567890"
}
Can you please let me know what is the best practice for variables types usage and if the second example case should or should not be used and why?
Hi @fmunteanu,
Aside from a small correction that the reference to the variable would be e.g. var.account_id rather than var.account_ids, this doesn’t seem like a question that can be answered as posed because it’s too general.
As a module author, your job is to design a suitable abstraction to solve some problem, part of which is defining the inputs and outputs of that abstraction that make sense for the problem at hand. Without knowing what this module is for, it’s impossible to say which of those two designs is “correct”.
With that said, I would agree that the first example you shared is more general: it would mean that the module you are writing could be used in both a single-account and in a multi-account environment, with the caller making the decision of how many account ids to set.
On the other hand, the first design also introduces the possibility of the caller setting the variable to [], which would (I think) effectively disable the allowed_account_ids mechanism. That might be considered harmful if the purpose of your abstraction here is to force the caller to be explicit about which account it’s intending to work with.
Thanks for the reply @apparentlymart. I was actually inquiring if is considered a bad Terraform code practice to encapsulate a variable into list brackets, like I demonstrated into second example.
Hi @fmunteanu,
Again, I’m not really sure I can answer the question as stated. If you are taking a single string as input but populating an argument that needs a string then I’m not sure what would be better than constructing a list as you showed.
I’m sensing that there’s some additional context to your question that I’m not aware of… the answer to this will always contextual, so my first answer was my attempt to guess the context you meant, like “Is it considered bad Terraform practice to populate a resource/provider/etc argument using an input variable of a more restrictive type?”, to which my answer was essentially “no, that’s fine, and in fact it can be better in some situations.”
If you have a different situation in mind and are able to describe it then I’m willing to take another attempt at answering, but I’ll caution that it’s unlikely that the answer to any question of this sort will be a simple yes or no, because what is a good or a bad approach always depends on what you are ultimately trying to acheive.