Category Archives: AWS

Conditionally ignore terraform resource update

Let’s say you have following SSM parameter resource

resource aws_ssm_parameter private_key {
  name      =
  type      = "SecureString"
  value     = var.key
  overwrite = true
  tags      = var.tags

The value of var.key variable changes every time terraform runs. But you need to be able to prevent value update based on some conditions (say, bool variable var.overwrite_old_value).

You can’t use overwrite = property, because if it’s set to false terraform will throw an exception attempting to overwrite the value.

You can’t use lifecycle { ignore_chanes = [...] } because it requires static attribute values and doesn’t accept variables, functions etc.

So how do you update the value only the condition is met? Continue reading →

Dynamic AWS provider in terraform

Recently I needed to create a backup vault resource in Cape Town region, but only if the region is enabled in the AWS account. Straight approach:

provider "aws" {
   region = "af-south-1"
   alias  = "af-south-1"

resource "aws_backup_vault" "af_south_1" {
   provider =
   name     = "default"

would throw exception if af-south-1 region is not enabled for the account. Terraform has the ability to create a resource only if certain condition is met (via count = meta property), but it cannot conditionally declare providers.

But we can conditionally redirect the provider. Continue reading →

Nested Loops in Terraform: Create a map from 2 lists

Recently I encountered a Terraform task in which I had a list of roles and a list of policies and I needed to create a AWS resource for every combination of role-policy. In a “regular” programming language this would be a simple nested loop. Thankfully Terraform 0.12 added for_each and for attributes to declare recurring resources. But two problems remained:

1. I needed some kind of way to nest these for declarations
2. for_each attributes requires a map with a unique key

So let’s tackle these problems one at a time. Let’s we have 2 lists:

locals {
   ROLES = ["developer", "analyst", "manager"]
   POLICIES = ["arn:1", "arn:2", "arn:3"]

Continue reading →

Keep animated images after uploading to WordPress

Haven’t written in a while. Not that nothing interesting happened, but never got around to. But I finally moved my blogs to AWS Lightsail (very smooth process, by the way) and experienced only one hurdle I wanted to write about (surprisingly, not related to AWS).

After the migration, I noticed that all images on my site lost their animation. When I inspected an image – I found that it’s source goes thru some kind of a proxy “”. After digging a bit I found that it is used by JetPack site acceleration service – it caches images to serve them faster. Unfortunately cached copies seem to lose some of their properties (like animation).

To fix it – go to JetPack settings and turn “Speed up image load times” off

Happy blogging!