Today’s learning felt like I unlocked “Terraform Superpowers.” Days 11 and 12 focused entirely on Terraform functions and honestly, this is the point where Terraform stops feeling like a configuration tool and starts behaving like a full scripting engine. These two days were packed with transformations, validations, formatting operations, type coercions, and even time-based computations. Everything I learned here answers a simple question:
“How do you make your Terraform code smarter, cleaner, and more automated?”
Let’s break it down.
What I Learned (Day 11 + 12 Combined):
1. String, Numeric, Type Conversion and Collection Functions:
I worked with:
-
lower(),substr(),replace()to clean bucket names -
split(),concat(),toset()to structure lists and sets -
max(),min(),sum(),abs()to compute costs -
lookup()to select instance sizes based on environment -
merge()to neatly combine tag maps
These functions allowed me to sanitize inputs, enforce formats, build dynamic rules, and build more reusable infrastructure.
2. Date & Time Functions:
This was one of my favorite parts. I generated:
- timestamps with
timestamp() - multiple time formats with
formatdate()
This helped me create dynamic backup names like:
backup-20250212
It also reinforced something important:
format strings in Terraform are case-sensitive and that tripped me up until I figured it out.
3. File Functions & JSON Handling
Terraform can:
- check if a file exists (
fileexists()). - read file contents (
file()). - parse JSON into an object (
jsondecode()). I used this to read a realconfig.jsonfile and push that JSON directly into AWS Secrets Manager. That alone felt like a full real-world DevOps task.
4. Validations & Error Handling:
The validation block in variables saved me from bad inputs.
I enforced:
- instance types starting with
t2ort3 - backup names ending with
_backup
This makes Terraform behave like it has guardrails.
Practical Tasks I Completed
1. Sanitizing Inputs for S3 Buckets & Projects:
I cleaned up project and bucket names automatically:
- converted to lowercase.
- removed spaces.
- trimmed unwanted symbols.
- ensured bucket names stayed within the AWS length limit.
This ensures Terraform produces valid AWS names every time.
2. Generating Dynamic Security Group Rules
With split() and for expressions, I built security group rules from a comma-separated string:
80,443,8080,3306
Terraform automatically created:
- rule names
- port numbers
- descriptions
The final output was clean and automated.
3. Dynamically Selecting Instance Sizes
Using:
lookup(var.instance_sizes, var.environment, "t2.micro")
Terraform selects the right instance size based on the environment. No manual switching.
4. Reading Config from JSON and Storing It in Secrets Manager
This was the most real-world part:
- Detected if the file existed
- Decoded the JSON
- Passed it into AWS Secrets Manager
- Output the secret ARN
Real DevOps workflow unlocked right here.
Challenges I Faced
1. Case Sensitivity in formatdate()
I spent time debugging formatted timestamps because I didn’t know the format string was case-sensitive.
Example:
YYYYMMDD ≠ yyyymmdd
Terraform humbled me.
2. Missing IAM Permission for Secrets Manager
Terraform kept failing until I realized I hadn’t added SecretsManagerReadWrite permissions to my IAM user.
Once I fixed that, everything ran smoothly.
Commands I Used
terraform initterraform planterraform apply --auto-approveterraform destroy
Simple commands but yet powerful execution.
These two days changed the way I think about Terraform. Before now, I was writing static infrastructure. After Day 11 and 12, I’m writingcintelligent infrastructure.
Functions allowed me to:
- sanitize inputs.
- validate configurations.
- automate naming.
- compute values.
- parse files.
- build dynamic outputs.
- and control infrastructure behavior using pure logic.
This is the kind of knowledge that separates someone who “uses Terraform” from someone who engineers Terraform solutions.
Tomorrow, we climb another level.
But today, I’m proud of this milestone.
Top comments (0)