This post will give an example of using Terraform dynamic blocks within an Azure resource. Typically this is done when you need multiple instances of a nested block within a resource, for example multiple “http_listener” within an Azure Application Gateway.
Here I’m using an Azure Backup retention policy, which as a Terraform resource (note I’m using resource version prior to AzureRM 2.0 provider, which are no longer supported) can have blocks for multiple different retention levels. In this case, we are only looking to have one of each type of nested block (retention_daily, retention_weekly, etc) however there are cases where we want zero instances of a block.
I’m sure there would be a way to simplify this code with a list(map(string)) variable, so that the individual nested blocks I’ve identified here aren’t necessary, however I haven’t yet spent the time to make that simplification.
A single-file example of this code can be found on my GitHub repo here.
First, create a Map variable containing the desired policy values:
variable "default_rsv_retention_policy" {
type = map(string)
default = {
retention_daily_count = 14
retention_weekly_count = 0
#retention_weekly_weekdays = ["Sunday"]
retention_monthly_count = 0
#retention_monthly_weekdays = ["Sunday"]
#retention_monthly_weeks = [] #["First", "Last"]
retention_yearly_count = 0
#retention_yearly_weekdays = ["Sunday"]
#retention_yearly_weeks = [] #["First", "Last"]
#retention_yearly_months = [] #["January"]
}
}
In the example above, this policy will retain 14 daily backups, and nothing else.
If you wanted a more typical grandfather scenario, you could retain weekly backups for 52 weeks every Monday, and monthly backups for 36 months from the first Sunday of each month:
variable "default_rsv_retention_policy" {
type = map(string)
default = {
retention_daily_count = 14
retention_weekly_count = 52
retention_weekly_weekdays = ["Sunday"]
retention_monthly_count = 36
retention_monthly_weekdays = ["Sunday"]
retention_monthly_weeks = ['First'] #["First", "Last"]
retention_yearly_count = 0
#retention_yearly_weekdays = ["Sunday"]
#retention_yearly_weeks = [] #["First", "Last"]
#retention_yearly_months = [] #["January"]
}
}
Now we’re going to use this map variable within a dynamic function. Check the GitHub link above for the full file, as I’m only going to insert the dynamic block here for explanation. Each of these blocks would go inside the “azurerm_backup_policy_vm” resource.
First up is the daily – in my case, I am making an assumption that there will ALWAYS be a daily value, and thus directly using the variable.
#Assume we will always have daily retention
retention_daily {
count = var.default_rsv_retention_policy["retention_daily_count"]
}
Next we will add in the “retention_weekly” block:
dynamic "retention_weekly" {
for_each = var.default_rsv_retention_policy["retention_weekly_count"] > 0 ? [1] : []
content {
count = var.default_rsv_retention_policy["retention_weekly_count"]
weekdays = var.default_rsv_retention_policy["retention_weekly_weekdays"]
}
}
The “for_each” is using conditional logic, in this format: condition ? true_val : false_val
It is evaluated as: “if the retention_weekly_count” value of our map variable is greater than zero, then provide 1 content block, else provide 0 content block.
From our first example of the variable I provided, since the weekly count is 0, this content block would then not appear in our terraform resource.
In the second example, we did provide a value greater than zero (52) and we also specified a weekday. This is what gets inserted into the content block as the property names and values.
Similarly, the monthly retention would look like this:
dynamic "retention_monthly" {
for_each = var.default_rsv_retention_policy["retention_monthly_count"] > 0 ? [1] : []
content {
count = var.default_rsv_retention_policy["retention_monthly_count"]
weekdays = var.default_rsv_retention_policy["retention_monthly_weekdays"]
weeks = var.default_rsv_retention_policy["retention_monthly_weeks"]
}
}
Because of the nature of this Azure resource, there is a new content property named “weeks” which signifies the week of the month to take the backup on (we said “First”).
Using dynamic blocks is an effective way to parameterize your Terraform – even with the example I gave earlier about Azure Application Gateway, in that resource itself there are many other nested resource blocks that this would be useful for, like “disabled_rule_group” within the WAF configuration, or “backend_http_settings”, or “probe”. I would expect the same is true for other Azure load balancers or Front Door configurations.
