(almost-) weekly.tf - #26

When I started this newsletter, I asked my professional-newsletter-writing-wife for advice. Number one thing she told me was: "don't call it weekly because then you have to write it every week"


Well last week didn't happen, I usually send on Thursdays but this week is going out on Monday. Such is the life of a side-project.

If you use Terraform with AWS, this list of practices might be useful.

I can't say I agree with all of the listed practices, but even the ones I disagree with are good food for thought.

Here's the thing– these lists always do better if they clearly express the reason(s) for the practice. Many of them address real problems, but how would one know if they should use the practice if they don't know what problem is being solved?

Anton Babenko, a prolific producer of open source terraform code has started a weekly series of live streams. Each episode focuses on a different topic. So far there have been episodes on checkov, tflint, and terragrunt. Videos are also on Twitch.

I have been doing a fair amount of work with Terraform Enterprise recently and found this library to be useful.

If you are looking to create a new Terraform provider, this new tutorial looks like a great place to start.

I don't write much Terraform in the JSON syntax, and you probably don't either, but this tip might just come in handy sometime. The JSON syntax requires wrapping some expressions in ${}. See docs on Expression Mapping for more info.

Write Go code? Need to run Terraform commands? Need to automatically install Terraform? This library will handle all this for you (except writing the Go code).

You have probably used the template provider at some point. Did you know that it has been EOLed?

The provider has been replaced by the templatefile function in 0.12, a template directory module and a cloud-init specific provider.

It sounds like this should continue to work for the foreseeable future, but the project will not get any updates. So migrating to one of the new options probably makes sense.

Notable Releases

A bunch of new resources for AWS services I have never heard of


A new resource for S3 bucket ownership controls.


You cannot create a new Oauth client via Terraform, since is uses a browser-based flow to connect TFE/C to code repositories. At least now you don't have to hard-code the client ids to make use of them. You can use the new oauth_client data source.

Next 0.14 alpha is out. It is hard to parse out what is new from the last one (they changelog lists everything new in 0.14). Worth keeping an eye on, even if you have yet to upgrade to 0.13.

Breaking change that no longer supports Terraform 0.11. Also removed the deprecated b64 attribute.