I'm trying to create a terraform backend in my TF script. The problem is that Im getting errors that the variables are not allowed.

Here is my code:

# Configure the Azure provider
provider "azurerm" {
  version = "~> 2.0"
}

# Create an Azure resource group
resource "azurerm_resource_group" "example" {
  name     = "RG-TERRAFORM-BACKEND"
  location = "$var.location"
}

# Create an Azure storage account
resource "azurerm_storage_account" "example" {
  name                     = "$local.backendstoragename"
  resource_group_name      = azurerm_resource_group.example.name
  location                 = azurerm_resource_group.example.location
  account_tier             = "Standard"
  account_replication_type = "LRS"
  tags = "$var.tags"
}

# Create an Azure storage container
resource "azurerm_storage_container" "example" {
  name                  = "example"
  resource_group_name   = azurerm_resource_group.example.name
  storage_account_name  = azurerm_storage_account.example.name
  container_access_type = "private"
}

# Create a Terraform backend configuration
resource "azurerm_terraform_backend_configuration" "example" {
  resource_group_name  = azurerm_resource_group.example.name
  storage_account_name = azurerm_storage_account.example.name
  container_name       = azurerm_storage_container.example.name
  key                  = "terraform.tfstate"
}

# Use the backend configuration to configure the Terraform backend
terraform {
  backend "azurerm" {
    resource_group_name  = azurerm_terraform_backend_configuration.example.resource_group_name
    storage_account_name = azurerm_terraform_backend_configuration.example.storage_account_name
    container_name       = azurerm_terraform_backend_configuration.example.container_name
    key                  = azurerm_terraform_backend_configuration.example.key
  }
}

What am I doing wrong? All of a sudden Terraform init is giving me the following errors:

Error: Variables not allowed
│ 
│   on main.tf line 65, in terraform:
│   65:     key                  = azurerm_terraform_backend_configuration.example.key
│ 
│ Variables may not be used here.
╵

I get the above error for ALL lines.

What am I doing wrong?

I tried to refactor the

azurerm_terraform_backend_configuration.example.container_name

as an interpolation - i.e. "$.." - but that didn't get accepted.

Has anything changed in Terraform? This wasn't the case a few years ago.

CodePudding user response：

I have not found this resource azurerm_terraform_backend_configuration in any of the terraform-provider-azurerm documentation. Check this URL for search results. https://github.com/hashicorp/terraform-provider-azurerm/search?q=azurerm_terraform_backend_configuration

I am not even aware of the resource azurerm_terraform_backend_configuration but As of now, terraform-provider-azurerm does not support variables in the backend configuration.

Official documentation on Azurerm Backend

and what you are trying here is creating a Chicken-Egg problem (if I Ignore "azurerm_terraform_backend_configuration"). The initialization of terraform code needs a remote backend and the remote backend requires not just initialization but also terraform apply to the resources which are not possible.

The following are two possible solutions.

1: Create the resources required by the backend manually on the portal and then use them in your backend config. ( values in spite of any data source or variables)

2: Create the resources with the local backend and then migrate the local backend config to the remote backend.

• Step 2.1: Create backend resources with local backend initially.

Provider Config

terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "~> 3.37.0"
    }
  }
  required_version = ">= 1.1.0"
}

provider "azurerm" {
  features {}
}

Backend resources

locals {
  backendstoragename = "stastackoverflow001"
}

# variable defintions
variable "tags" {
  type        = map(string)
  description = "(optional) Tags attached to resources"
  default = {
    used_case = "stastackoverflow"
  }
}
# Create an Azure resource group
resource "azurerm_resource_group" "stackoverflow" {
  name     = "RG-TERRAFORM-BACKEND-STACKOVERFLOW"
  location = "West Europe"
}

# Create an Azure storage account
resource "azurerm_storage_account" "stackoverflow" {
  name                     = local.backendstoragename ## or "${local.backendstoragename}" but better is local.backendstoragename
  location                 = azurerm_resource_group.stackoverflow.location
  resource_group_name      = azurerm_resource_group.stackoverflow.name
  account_tier             = "Standard"
  account_replication_type = "LRS"
  tags                     = var.tags ## or "${var.tags}" but better is var.tags
}

# Create an Azure storage container
resource "azurerm_storage_container" "stackoverflow" {
  name                  = "stackoverflow"
  storage_account_name  = azurerm_storage_account.stackoverflow.name
  container_access_type = "private"
}

• Step 2.2: Apply the code with local backend.

terraform init 
terraform plan # to view the plan 
terraform apply -auto-approve # ignore `-auto-approve` if not desired auto approval on apply.

After applying you will get the message:

Apply complete! Resources: 3 added, 0 changed, 0 destroyed.

• Step 2.3: Update the backend configuration from local to remote.

Provider Config

terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "~> 3.37.0"
    }
  }
  required_version = ">= 1.1.0"
## Add remote backend config.
  backend "azurerm" {
    resource_group_name  = "RG-TERRAFORM-BACKEND-STACKOVERFLOW"
    storage_account_name = "stastackoverflow001"
    container_name       = "stackoverflow"
    key                  = "terraformstate"
  }
}

• Re-Initialize the terraform.

After adding your remote backend run ``terraform init -reconfigurecommand and then typeyes` to migrate your local backend to remote backend.

➜  variables_in_azurerm_backend git:(main) ✗ terraform init -reconfigure                                              <aws:sre>

Initializing the backend...
Do you want to copy existing state to the new backend?
  Pre-existing state was found while migrating the previous "local" backend to the
  newly configured "azurerm" backend. No existing state was found in the newly
  configured "azurerm" backend. Do you want to copy this state to the new "azurerm"
  backend? Enter "yes" to copy and "no" to start with an empty state.

  Enter a value: yes


Successfully configured the backend "azurerm"! Terraform will automatically
use this backend unless the backend configuration changes.

Initializing provider plugins...
- Reusing previous version of hashicorp/azurerm from the dependency lock file
- Using previously-installed hashicorp/azurerm v3.37.0

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

Now terraform should use the remote backend configured and also will be able to manage the resources created in the steps {2.1 && 2.2}. You can verify this by running terraform plan command and it should give No changes message.

No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration and found no differences, so no changes are
needed.

One more Side Note: Version constraints inside provider configuration blocks are deprecated and will be removed in a future version of Terraform

Special Consideraions: Use a different container key and directory for your other infrastructure terraform configurations to avoid accidental destruction of the storage account used for the backend config.

I hope this helps , Feel free to upvote and accept as an answer. thanks