
New Guides for Terraform Modules - dcu
https://www.hashicorp.com/blog/new-guides-terraform-modules/
======
chucky_z
Anyone from Hashicorp -- y'all are gonna end me. Please put the best way to do
things into your own docs. You have
[https://www.terraform.io/docs/providers/aws/d/iam_policy_doc...](https://www.terraform.io/docs/providers/aws/d/iam_policy_document.html)
and can do

    
    
      data "aws_iam_policy_document" "s3_bucket" {
        version = "2012-10-17"
        statement {
          sid = "PublicReadGetObject"
    
          principals {
            type = "*"
            identifiers = ["*"]
          }
          actions = [
            "s3:GetObject"
          ]
    
          resources = [
            "arn:aws:s3:::${var.bucket_name}/*"
          ]
        }
      }
    
      resource "aws_s3_bucket" "s3_bucket" {
        bucket = var.bucket_name
    
        acl    = "public-read"
    
        policy = data.aws_iam_policy_document.s3_bucket.json
    
        website {
          index_document = "index.html"
          error_document = "error.html"
        }
    
        tags = var.tags
      }

~~~
leetrout
Are you referring to the learn guide demonstrating the policy JSON reference
in the aws_s3_bucket.policy vs the provider documentation demonstrating the
reference inside an aws_iam_policy.policy?

~~~
chucky_z
The guide.

Also, like, most of their examples ignore this data resource. That specific
data resource, with terraform 0.12 makes building IAMs so much nicer, because
you can mash a bunch of common ones together with for_each and generate
policies in a dynamic way without having to learn dynamic IAM stuff, which is
it's own thing entirely.

------
laingc
Since HN threads often attract a bit of a negative vibe, may I take the
opportunity to say to any Hashicorp employees reading this that I think your
products are fantastic.

Terraform is particularly excellent, but everything you produce is carefully
designed, well built, and reliable.

So great job, Hashicorp. Keep it up.

~~~
latchkey
The product is fantastic, but don't expect upgrades to work.

0.11->0.12 totally hosed me. Not necessarily because of TF itself, but because
of the scaleway provider I was using changed everything around such that
coming up with the right state file that didn't destroy all my existing
instances, was very difficult. I eventually gave up and found someone to do my
hosting for me cause it was just too much work to deal with TF changes over
time.

I also feel like the concept of looping is a weird afterthought. I want to
create 10 vms of the exact same type. Now I have to build a module for
reusability, remember to put count everywhere and use dynamic variables all
over the place, after studying all the documentation 1000 times. I wish this
had been thought out a bit more.

~~~
sl1ck731
That's because looping was an afterthought. I think the project was initially
supposed to be a purely declarative language, with Hashicorp pushing back
against proposals for common functions.

Then they succumbed to demand with HCL 2. As much as I like Terraform in the
general sense, their obsession with this weird DSL bothers me immensely.

Alternatively, I'm really enjoying the AWS CDK and hope Pulumi garners some
more traction here.

~~~
latchkey
Oh, thanks for the tip on Pulumi. I will definitely take a look at in the
future. I agree, HCL is weird and I always wondered why people didn't just
write this stuff as code. Using Typescript is great for this, but I wonder why
they need to support 'any language'... seems like a documentation/support
nightmare. Just do one thing well!

