Terraform: Retrieving Data from Scripts

Why hardcode values when you can get them dynamically?

Why

Hardcoding values is rarely fun, and many times it’s not secure. In this article, we’ll use a script to retrieve data from an API and embed that data on a terraform module.

How

Use case: retrieve Cloudflare’s IP list from a URL and pass this data to a terraform module that creates an AWS security group. This is a way to ensure that the traffic to our cloud resources is duly filtered by our Cloudflare firewalls.

Step 1: Write the script

We’re using Python to retrieve Cloudflare’s IP list. We’ll save the script in our repo my-org/terraform-custom-modules under cloudflare-ip-list/scripts/get_cloudflare_ip_list.py:

import json
import requests

endpoint = "https://api.cloudflare.com/client/v4/ips"
cloudflare_requests = requests.get(endpoint)

cloudflare_cidrs = json.loads(cloudflare_requests.text)["result"]["ipv4_cidrs"]

IPV4_CIDRS = ""

for cidr in cloudflare_cidrs:
    IPV4_CIDRS += cidr + ","

IPV4_CIDRS = IPV4_CIDRS[:-1]
cloudflare_cidrs = {"ipv4_cidrs": IPV4_CIDRS}

print(json.dumps(cloudflare_cidrs))

Step 2: Write the terraform module