Terraform localsとは?DRY原則を実現する強力な機能
Terraformでインフラストラクチャを管理する際、同じ値や式を複数箇所で繰り返し使用することがあります。このような繰り返しは保守性を低下させ、変更時のミスを誘発する原因となります。この課題を解決するのがlocalsブロックです。
localsブロックの基本的な構文と役割
localsブロックは、Terraformコード内で再利用可能な中間値を定義するための機能です。基本的な構文は以下の通りです:
locals {
project_name = "example-project"
environment = "production"
resource_prefix = "${local.project_name}-${local.environment}"
}
# localsの値を参照する
resource "aws_s3_bucket" "example" {
bucket = "${local.resource_prefix}-bucket"
tags = {
Project = local.project_name
Environment = local.environment
}
}
locals {
project_name = "example-project"
environment = "production"
resource_prefix = "${local.project_name}-${local.environment}"
}
# localsの値を参照する
resource "aws_s3_bucket" "example" {
bucket = "${local.resource_prefix}-bucket"
tags = {
Project = local.project_name
Environment = local.environment
}
}
locals {
project_name = "example-project"
environment = "production"
resource_prefix = "${local.project_name}-${local.environment}"
}
# localsの値を参照する
resource "aws_s3_bucket" "example" {
bucket = "${local.resource_prefix}-bucket"
tags = {
Project = local.project_name
Environment = local.environment
}
}
localsの主な特徴は以下の通りです:
- ブロック内で複数の値を定義可能
- 他のlocals値を参照可能
- モジュール内でのみ有効(モジュール間では共有されない)
- 実行時に値が確定(動的な値の計算が可能)
変数(variable)やoutputとの違いを理解する
Terraformには似たような機能としてvariableとoutputがありますが、それぞれ異なる用途があります:
| 機能 | 主な用途 | スコープ | 値の変更 | 外部からの設定 |
|---|---|---|---|---|
| locals | モジュール内での値の再利用 | モジュール内のみ | コード変更が必要 | 不可 |
| variable | モジュールへの入力値定義 | モジュール内 | 実行時に変更可能 | 可能 |
| output | モジュールからの出力値定義 | モジュール間で共有可能 | – | – |
localsを使用すべきケース:
- 複数のリソースで共通して使用される値
locals {
common_tags = {
Owner = "DevOps Team"
Project = "Infrastructure"
CostCenter = "IT-123"
}
}
locals {
common_tags = {
Owner = "DevOps Team"
Project = "Infrastructure"
CostCenter = "IT-123"
}
}
locals {
common_tags = {
Owner = "DevOps Team"
Project = "Infrastructure"
CostCenter = "IT-123"
}
}
- 複雑な計算や条件分岐の結果
locals {
instance_type = terraform.workspace == "prod" ? "t3.large" : "t3.small"
backup_enabled = contains(["prod", "staging"], terraform.workspace)
}
locals {
instance_type = terraform.workspace == "prod" ? "t3.large" : "t3.small"
backup_enabled = contains(["prod", "staging"], terraform.workspace)
}
locals {
instance_type = terraform.workspace == "prod" ? "t3.large" : "t3.small"
backup_enabled = contains(["prod", "staging"], terraform.workspace)
}
- 文字列の加工や結合
locals {
domain_name = "${var.service_name}.${var.environment}.example.com"
full_name = join("-", [var.project, var.environment, var.region])
}
locals {
domain_name = "${var.service_name}.${var.environment}.example.com"
full_name = join("-", [var.project, var.environment, var.region])
}
locals {
domain_name = "${var.service_name}.${var.environment}.example.com"
full_name = join("-", [var.project, var.environment, var.region])
}
localsを使用することで、DRY(Don’t Repeat Yourself)原則に従った保守性の高いTerraformコードを実現できます。値の変更が必要な場合も、localsブロック内の定義を変更するだけで、その値を使用している全てのリソースに変更が反映されます。
Terraform localsの5つの実践的な使い方
Terraform localsは、インフラストラクチャコードの管理を効率化する強力なツールです。以下では、実践的な活用方法を具体的なコード例と共に解説します。
1. 共通タグの一元管理でコード重複を削減
AWSリソースにタグを付与する際、組織共通のタグを全てのリソースに適用したいケースが多々あります。
locals {
common_tags = {
Environment = terraform.workspace
Owner = "Platform Team"
ManagedBy = "Terraform"
Project = var.project_name
CostCenter = var.cost_center
}
# リソース固有のタグとマージする関数
merged_tags = { for key, value in merge(
local.common_tags,
var.resource_specific_tags
) : key => value }
}
resource "aws_instance" "web" {
ami = var.ami_id
instance_type = var.instance_type
tags = local.merged_tags
}
resource "aws_s3_bucket" "logs" {
bucket = "${var.project_name}-logs"
tags = local.merged_tags
}
locals {
common_tags = {
Environment = terraform.workspace
Owner = "Platform Team"
ManagedBy = "Terraform"
Project = var.project_name
CostCenter = var.cost_center
}
# リソース固有のタグとマージする関数
merged_tags = { for key, value in merge(
local.common_tags,
var.resource_specific_tags
) : key => value }
}
resource "aws_instance" "web" {
ami = var.ami_id
instance_type = var.instance_type
tags = local.merged_tags
}
resource "aws_s3_bucket" "logs" {
bucket = "${var.project_name}-logs"
tags = local.merged_tags
}
locals {
common_tags = {
Environment = terraform.workspace
Owner = "Platform Team"
ManagedBy = "Terraform"
Project = var.project_name
CostCenter = var.cost_center
}
# リソース固有のタグとマージする関数
merged_tags = { for key, value in merge(
local.common_tags,
var.resource_specific_tags
) : key => value }
}
resource "aws_instance" "web" {
ami = var.ami_id
instance_type = var.instance_type
tags = local.merged_tags
}
resource "aws_s3_bucket" "logs" {
bucket = "${var.project_name}-logs"
tags = local.merged_tags
}
2. 条件付きリソース作成の制御を簡潔に
環境やワークスペースに応じて、リソースの設定を動的に変更する場合に活用できます。
locals {
# 環境別の設定
env_config = {
dev = {
instance_count = 1
instance_type = "t3.small"
backup_enabled = false
}
prod = {
instance_count = 3
instance_type = "t3.large"
backup_enabled = true
}
}
# 現在の環境の設定を選択
current_config = local.env_config[terraform.workspace]
# バックアップが有効な場合のみバックアップポリシーを作成
create_backup_policy = local.current_config.backup_enabled
}
resource "aws_instance" "app" {
count = local.current_config.instance_count
instance_type = local.current_config.instance_type
# ... その他の設定
}
locals {
# 環境別の設定
env_config = {
dev = {
instance_count = 1
instance_type = "t3.small"
backup_enabled = false
}
prod = {
instance_count = 3
instance_type = "t3.large"
backup_enabled = true
}
}
# 現在の環境の設定を選択
current_config = local.env_config[terraform.workspace]
# バックアップが有効な場合のみバックアップポリシーを作成
create_backup_policy = local.current_config.backup_enabled
}
resource "aws_instance" "app" {
count = local.current_config.instance_count
instance_type = local.current_config.instance_type
# ... その他の設定
}
locals {
# 環境別の設定
env_config = {
dev = {
instance_count = 1
instance_type = "t3.small"
backup_enabled = false
}
prod = {
instance_count = 3
instance_type = "t3.large"
backup_enabled = true
}
}
# 現在の環境の設定を選択
current_config = local.env_config[terraform.workspace]
# バックアップが有効な場合のみバックアップポリシーを作成
create_backup_policy = local.current_config.backup_enabled
}
resource "aws_instance" "app" {
count = local.current_config.instance_count
instance_type = local.current_config.instance_type
# ... その他の設定
}
3. 複雑な計算やデータ変換の中間処理
複雑なデータ構造の変換や計算結果をキャッシュする際に便利です。
locals {
# サブネットのCIDR計算
vpc_cidr = "10.0.0.0/16"
subnet_newbits = 8
subnet_cidrs = {
public = [
cidrsubnet(local.vpc_cidr, local.subnet_newbits, 0),
cidrsubnet(local.vpc_cidr, local.subnet_newbits, 1)
]
private = [
cidrsubnet(local.vpc_cidr, local.subnet_newbits, 2),
cidrsubnet(local.vpc_cidr, local.subnet_newbits, 3)
]
}
# リストをマップに変換
availability_zones = {
for idx, az in data.aws_availability_zones.available.names :
az => idx
}
}
locals {
# サブネットのCIDR計算
vpc_cidr = "10.0.0.0/16"
subnet_newbits = 8
subnet_cidrs = {
public = [
cidrsubnet(local.vpc_cidr, local.subnet_newbits, 0),
cidrsubnet(local.vpc_cidr, local.subnet_newbits, 1)
]
private = [
cidrsubnet(local.vpc_cidr, local.subnet_newbits, 2),
cidrsubnet(local.vpc_cidr, local.subnet_newbits, 3)
]
}
# リストをマップに変換
availability_zones = {
for idx, az in data.aws_availability_zones.available.names :
az => idx
}
}
locals {
# サブネットのCIDR計算
vpc_cidr = "10.0.0.0/16"
subnet_newbits = 8
subnet_cidrs = {
public = [
cidrsubnet(local.vpc_cidr, local.subnet_newbits, 0),
cidrsubnet(local.vpc_cidr, local.subnet_newbits, 1)
]
private = [
cidrsubnet(local.vpc_cidr, local.subnet_newbits, 2),
cidrsubnet(local.vpc_cidr, local.subnet_newbits, 3)
]
}
# リストをマップに変換
availability_zones = {
for idx, az in data.aws_availability_zones.available.names :
az => idx
}
}
4. モジュール間で共有する値の集約
モジュール内で使用される共通の設定値や計算結果を集約します。
locals {
# システム全体で使用する設定の集約
system_config = {
app_name = var.application_name
domain_name = "${var.application_name}.${var.domain_suffix}"
container_port = 8080
health_check_path = "/health"
# 環境固有の設定
environment_config = {
min_capacity = terraform.workspace == "prod" ? 2 : 1
max_capacity = terraform.workspace == "prod" ? 10 : 3
cpu_target = terraform.workspace == "prod" ? 75 : 60
}
}
}
locals {
# システム全体で使用する設定の集約
system_config = {
app_name = var.application_name
domain_name = "${var.application_name}.${var.domain_suffix}"
container_port = 8080
health_check_path = "/health"
# 環境固有の設定
environment_config = {
min_capacity = terraform.workspace == "prod" ? 2 : 1
max_capacity = terraform.workspace == "prod" ? 10 : 3
cpu_target = terraform.workspace == "prod" ? 75 : 60
}
}
}
locals {
# システム全体で使用する設定の集約
system_config = {
app_name = var.application_name
domain_name = "${var.application_name}.${var.domain_suffix}"
container_port = 8080
health_check_path = "/health"
# 環境固有の設定
environment_config = {
min_capacity = terraform.workspace == "prod" ? 2 : 1
max_capacity = terraform.workspace == "prod" ? 10 : 3
cpu_target = terraform.workspace == "prod" ? 75 : 60
}
}
}
5. 名前付けルールの統一化と管理
リソース名の生成ロジックを一元管理し、一貫性のある命名規則を実現します。
locals {
# 名前生成のための基本情報
naming = {
company = "example"
environment = terraform.workspace
region = data.aws_region.current.name
# リソースタイプごとの接尾辞ルール
suffix = {
vpc = "vpc"
subnet = "subnet"
instance = "ec2"
bucket = "s3"
}
}
# リソース名生成関数
name_prefix = "${local.naming.company}-${local.naming.environment}-${local.naming.region}"
# リソースタイプごとの名前生成
resource_names = {
vpc = "${local.name_prefix}-${local.naming.suffix.vpc}"
instance = "${local.name_prefix}-${local.naming.suffix.instance}"
bucket = "${local.name_prefix}-${local.naming.suffix.bucket}"
}
}
resource "aws_vpc" "main" {
cidr_block = local.vpc_cidr
tags = merge(local.common_tags, {
Name = local.resource_names.vpc
})
}
locals {
# 名前生成のための基本情報
naming = {
company = "example"
environment = terraform.workspace
region = data.aws_region.current.name
# リソースタイプごとの接尾辞ルール
suffix = {
vpc = "vpc"
subnet = "subnet"
instance = "ec2"
bucket = "s3"
}
}
# リソース名生成関数
name_prefix = "${local.naming.company}-${local.naming.environment}-${local.naming.region}"
# リソースタイプごとの名前生成
resource_names = {
vpc = "${local.name_prefix}-${local.naming.suffix.vpc}"
instance = "${local.name_prefix}-${local.naming.suffix.instance}"
bucket = "${local.name_prefix}-${local.naming.suffix.bucket}"
}
}
resource "aws_vpc" "main" {
cidr_block = local.vpc_cidr
tags = merge(local.common_tags, {
Name = local.resource_names.vpc
})
}
locals {
# 名前生成のための基本情報
naming = {
company = "example"
environment = terraform.workspace
region = data.aws_region.current.name
# リソースタイプごとの接尾辞ルール
suffix = {
vpc = "vpc"
subnet = "subnet"
instance = "ec2"
bucket = "s3"
}
}
# リソース名生成関数
name_prefix = "${local.naming.company}-${local.naming.environment}-${local.naming.region}"
# リソースタイプごとの名前生成
resource_names = {
vpc = "${local.name_prefix}-${local.naming.suffix.vpc}"
instance = "${local.name_prefix}-${local.naming.suffix.instance}"
bucket = "${local.name_prefix}-${local.naming.suffix.bucket}"
}
}
resource "aws_vpc" "main" {
cidr_block = local.vpc_cidr
tags = merge(local.common_tags, {
Name = local.resource_names.vpc
})
}
これらの実践的な使い方を組み合わせることで、保守性が高く、再利用可能なTerraformコードを実現できます。特に大規模なインフラストラクチャ管理では、これらのパターンを適切に活用することで、コードの品質と管理効率を大きく向上させることができます。
Terraform localsのベストプラクティス
効果的なlocalsの活用には、適切な設計と管理が不可欠です。以下では、実務で活用できる具体的なベストプラクティスを解説します。
適切な命名規則でコードの可読性を向上
localsの命名は、コードの可読性と保守性に大きな影響を与えます。以下の命名規則を推奨します:
- 目的を明確に示す命名
# Good Example
locals {
vpc_resource_tags = {
Name = "main-vpc"
Type = "network"
}
security_group_rules = {
ssh = {
port = 22
cidr = ["10.0.0.0/8"]
protocol = "tcp"
}
}
}
# Bad Example - 意味が不明確
locals {
tags1 = { /* ... */ }
rules = { /* ... */ }
}
# Good Example
locals {
vpc_resource_tags = {
Name = "main-vpc"
Type = "network"
}
security_group_rules = {
ssh = {
port = 22
cidr = ["10.0.0.0/8"]
protocol = "tcp"
}
}
}
# Bad Example - 意味が不明確
locals {
tags1 = { /* ... */ }
rules = { /* ... */ }
}
# Good Example
locals {
vpc_resource_tags = {
Name = "main-vpc"
Type = "network"
}
security_group_rules = {
ssh = {
port = 22
cidr = ["10.0.0.0/8"]
protocol = "tcp"
}
}
}
# Bad Example - 意味が不明確
locals {
tags1 = { /* ... */ }
rules = { /* ... */ }
}
- プレフィックスを活用した関連値のグループ化
locals {
# ネットワーク関連の設定をグループ化
network_vpc_cidr = "10.0.0.0/16"
network_subnet_bits = 8
network_public_subnets = ["10.0.1.0/24", "10.0.2.0/24"]
# セキュリティ関連の設定をグループ化
security_allowed_ips = ["192.168.1.0/24"]
security_admin_users = ["admin1", "admin2"]
}
locals {
# ネットワーク関連の設定をグループ化
network_vpc_cidr = "10.0.0.0/16"
network_subnet_bits = 8
network_public_subnets = ["10.0.1.0/24", "10.0.2.0/24"]
# セキュリティ関連の設定をグループ化
security_allowed_ips = ["192.168.1.0/24"]
security_admin_users = ["admin1", "admin2"]
}
locals {
# ネットワーク関連の設定をグループ化
network_vpc_cidr = "10.0.0.0/16"
network_subnet_bits = 8
network_public_subnets = ["10.0.1.0/24", "10.0.2.0/24"]
# セキュリティ関連の設定をグループ化
security_allowed_ips = ["192.168.1.0/24"]
security_admin_users = ["admin1", "admin2"]
}
locals分割による管理性の向上テクニック
大規模なTerraformコードでは、localsを論理的に分割することで管理性を向上させることができます:
- ファイル分割による整理
# locals.tf - 基本設定
locals {
project = "example"
environment = terraform.workspace
}
# locals.network.tf - ネットワーク関連
locals {
network = {
vpc_cidr = "10.0.0.0/16"
subnet_mask = 24
}
}
# locals.compute.tf - コンピューティング関連
locals {
compute = {
instance_type = terraform.workspace == "prod" ? "t3.large" : "t3.small"
volume_size = terraform.workspace == "prod" ? 100 : 20
}
}
# locals.tf - 基本設定
locals {
project = "example"
environment = terraform.workspace
}
# locals.network.tf - ネットワーク関連
locals {
network = {
vpc_cidr = "10.0.0.0/16"
subnet_mask = 24
}
}
# locals.compute.tf - コンピューティング関連
locals {
compute = {
instance_type = terraform.workspace == "prod" ? "t3.large" : "t3.small"
volume_size = terraform.workspace == "prod" ? 100 : 20
}
}
# locals.tf - 基本設定
locals {
project = "example"
environment = terraform.workspace
}
# locals.network.tf - ネットワーク関連
locals {
network = {
vpc_cidr = "10.0.0.0/16"
subnet_mask = 24
}
}
# locals.compute.tf - コンピューティング関連
locals {
compute = {
instance_type = terraform.workspace == "prod" ? "t3.large" : "t3.small"
volume_size = terraform.workspace == "prod" ? 100 : 20
}
}
- 階層構造による整理
locals {
# 環境設定の階層化
config = {
project = {
name = "example"
team = "platform"
}
network = {
vpc = {
cidr = "10.0.0.0/16"
name = "main-vpc"
}
subnets = {
public = ["10.0.1.0/24", "10.0.2.0/24"]
private = ["10.0.3.0/24", "10.0.4.0/24"]
}
}
}
}
locals {
# 環境設定の階層化
config = {
project = {
name = "example"
team = "platform"
}
network = {
vpc = {
cidr = "10.0.0.0/16"
name = "main-vpc"
}
subnets = {
public = ["10.0.1.0/24", "10.0.2.0/24"]
private = ["10.0.3.0/24", "10.0.4.0/24"]
}
}
}
}
locals {
# 環境設定の階層化
config = {
project = {
name = "example"
team = "platform"
}
network = {
vpc = {
cidr = "10.0.0.0/16"
name = "main-vpc"
}
subnets = {
public = ["10.0.1.0/24", "10.0.2.0/24"]
private = ["10.0.3.0/24", "10.0.4.0/24"]
}
}
}
}
テスト容易性を考慮したlocals設計
localsの設計時には、テスト容易性も考慮することが重要です:
- モジュラー化された計算ロジック
locals {
# 基本パラメータ
base_params = {
instance_count = 3
cpu_units = 1024
}
# テスト可能な計算ロジック
calculated_params = {
total_cpu = local.base_params.instance_count * local.base_params.cpu_units
memory_reservation = floor(local.base_params.cpu_units * 2)
}
}
locals {
# 基本パラメータ
base_params = {
instance_count = 3
cpu_units = 1024
}
# テスト可能な計算ロジック
calculated_params = {
total_cpu = local.base_params.instance_count * local.base_params.cpu_units
memory_reservation = floor(local.base_params.cpu_units * 2)
}
}
locals {
# 基本パラメータ
base_params = {
instance_count = 3
cpu_units = 1024
}
# テスト可能な計算ロジック
calculated_params = {
total_cpu = local.base_params.instance_count * local.base_params.cpu_units
memory_reservation = floor(local.base_params.cpu_units * 2)
}
}
- 条件分岐の明確化
locals {
# 環境条件の明確化
is_production = terraform.workspace == "prod"
is_high_availability = local.is_production || var.force_ha
# 条件に基づく設定
cluster_config = {
min_size = local.is_high_availability ? 2 : 1
max_size = local.is_high_availability ? 10 : 3
desired_capacity = local.is_high_availability ? 3 : 1
}
}
locals {
# 環境条件の明確化
is_production = terraform.workspace == "prod"
is_high_availability = local.is_production || var.force_ha
# 条件に基づく設定
cluster_config = {
min_size = local.is_high_availability ? 2 : 1
max_size = local.is_high_availability ? 10 : 3
desired_capacity = local.is_high_availability ? 3 : 1
}
}
locals {
# 環境条件の明確化
is_production = terraform.workspace == "prod"
is_high_availability = local.is_production || var.force_ha
# 条件に基づく設定
cluster_config = {
min_size = local.is_high_availability ? 2 : 1
max_size = local.is_high_availability ? 10 : 3
desired_capacity = local.is_high_availability ? 3 : 1
}
}
これらのベストプラクティスを適用する際の重要なポイント:
- コードの見通しを優先し、過度な抽象化を避ける
- 関連する値は論理的にグループ化する
- テスト可能性を考慮した設計を心がける
- 命名規則は一貫性を保つ
- コメントで複雑な計算ロジックを説明する
これらのプラクティスを適切に組み合わせることで、保守性が高く、チームでの開発がしやすいTerraformコードを実現できます。
Terraform localsの活用事例と実装例
実際のプロジェクトでのlocalsの活用事例と具体的な実装例を紹介します。これらの例を参考に、自身のプロジェクトに適した実装を検討してください。
マルチ環境構成における共通設定の管理
開発環境(dev)、ステージング環境(staging)、本番環境(prod)で異なる設定を効率的に管理する実装例です。
locals {
# 環境別の基本設定
environments = {
dev = {
instance_type = "t3.small"
disk_size = 20
replica_count = 1
monitoring = {
detailed_monitoring = false
retention_days = 7
alarm_threshold = 80
}
}
staging = {
instance_type = "t3.medium"
disk_size = 50
replica_count = 2
monitoring = {
detailed_monitoring = true
retention_days = 14
alarm_threshold = 75
}
}
prod = {
instance_type = "t3.large"
disk_size = 100
replica_count = 3
monitoring = {
detailed_monitoring = true
retention_days = 30
alarm_threshold = 70
}
}
}
# 現在の環境の設定を選択
current_env = terraform.workspace
env_config = local.environments[local.current_env]
# 環境共通の設定
common_config = {
vpc_cidr = "10.0.0.0/16"
region = data.aws_region.current.name
project_name = var.project_name
}
}
# 設定の適用例
resource "aws_instance" "app" {
count = local.env_config.replica_count
instance_type = local.env_config.instance_type
root_block_device {
volume_size = local.env_config.disk_size
}
monitoring = local.env_config.monitoring.detailed_monitoring
tags = {
Name = "${local.common_config.project_name}-${local.current_env}-app-${count.index + 1}"
Environment = local.current_env
}
}
locals {
# 環境別の基本設定
environments = {
dev = {
instance_type = "t3.small"
disk_size = 20
replica_count = 1
monitoring = {
detailed_monitoring = false
retention_days = 7
alarm_threshold = 80
}
}
staging = {
instance_type = "t3.medium"
disk_size = 50
replica_count = 2
monitoring = {
detailed_monitoring = true
retention_days = 14
alarm_threshold = 75
}
}
prod = {
instance_type = "t3.large"
disk_size = 100
replica_count = 3
monitoring = {
detailed_monitoring = true
retention_days = 30
alarm_threshold = 70
}
}
}
# 現在の環境の設定を選択
current_env = terraform.workspace
env_config = local.environments[local.current_env]
# 環境共通の設定
common_config = {
vpc_cidr = "10.0.0.0/16"
region = data.aws_region.current.name
project_name = var.project_name
}
}
# 設定の適用例
resource "aws_instance" "app" {
count = local.env_config.replica_count
instance_type = local.env_config.instance_type
root_block_device {
volume_size = local.env_config.disk_size
}
monitoring = local.env_config.monitoring.detailed_monitoring
tags = {
Name = "${local.common_config.project_name}-${local.current_env}-app-${count.index + 1}"
Environment = local.current_env
}
}
locals {
# 環境別の基本設定
environments = {
dev = {
instance_type = "t3.small"
disk_size = 20
replica_count = 1
monitoring = {
detailed_monitoring = false
retention_days = 7
alarm_threshold = 80
}
}
staging = {
instance_type = "t3.medium"
disk_size = 50
replica_count = 2
monitoring = {
detailed_monitoring = true
retention_days = 14
alarm_threshold = 75
}
}
prod = {
instance_type = "t3.large"
disk_size = 100
replica_count = 3
monitoring = {
detailed_monitoring = true
retention_days = 30
alarm_threshold = 70
}
}
}
# 現在の環境の設定を選択
current_env = terraform.workspace
env_config = local.environments[local.current_env]
# 環境共通の設定
common_config = {
vpc_cidr = "10.0.0.0/16"
region = data.aws_region.current.name
project_name = var.project_name
}
}
# 設定の適用例
resource "aws_instance" "app" {
count = local.env_config.replica_count
instance_type = local.env_config.instance_type
root_block_device {
volume_size = local.env_config.disk_size
}
monitoring = local.env_config.monitoring.detailed_monitoring
tags = {
Name = "${local.common_config.project_name}-${local.current_env}-app-${count.index + 1}"
Environment = local.current_env
}
}
セキュリティ設定の一元化による運用効率化
セキュリティ関連の設定を一元管理し、一貫性のある実装を実現する例です。
locals {
# セキュリティグループのルール定義
security_rules = {
base = {
name = "base-rules"
ingress = {
ssh = {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = var.admin_cidrs
description = "SSH access"
}
https = {
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
description = "HTTPS access"
}
}
}
app = {
name = "app-rules"
ingress = {
app = {
from_port = 8080
to_port = 8080
protocol = "tcp"
cidr_blocks = [local.common_config.vpc_cidr]
description = "Application access"
}
}
}
}
# IAMポリシーの定義
iam_policies = {
s3_read = {
effect = "Allow"
actions = [
"s3:GetObject",
"s3:ListBucket"
]
resources = [
"arn:aws:s3:::${local.common_config.project_name}-${local.current_env}-*"
]
}
cloudwatch_write = {
effect = "Allow"
actions = [
"cloudwatch:PutMetricData",
"cloudwatch:CreateLogStream",
"cloudwatch:PutLogEvents"
]
resources = ["*"]
}
}
}
# セキュリティグループの作成
resource "aws_security_group" "app" {
name_prefix = "${local.security_rules.app.name}-"
vpc_id = aws_vpc.main.id
dynamic "ingress" {
for_each = local.security_rules.app.ingress
content {
from_port = ingress.value.from_port
to_port = ingress.value.to_port
protocol = ingress.value.protocol
cidr_blocks = ingress.value.cidr_blocks
description = ingress.value.description
}
}
}
locals {
# セキュリティグループのルール定義
security_rules = {
base = {
name = "base-rules"
ingress = {
ssh = {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = var.admin_cidrs
description = "SSH access"
}
https = {
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
description = "HTTPS access"
}
}
}
app = {
name = "app-rules"
ingress = {
app = {
from_port = 8080
to_port = 8080
protocol = "tcp"
cidr_blocks = [local.common_config.vpc_cidr]
description = "Application access"
}
}
}
}
# IAMポリシーの定義
iam_policies = {
s3_read = {
effect = "Allow"
actions = [
"s3:GetObject",
"s3:ListBucket"
]
resources = [
"arn:aws:s3:::${local.common_config.project_name}-${local.current_env}-*"
]
}
cloudwatch_write = {
effect = "Allow"
actions = [
"cloudwatch:PutMetricData",
"cloudwatch:CreateLogStream",
"cloudwatch:PutLogEvents"
]
resources = ["*"]
}
}
}
# セキュリティグループの作成
resource "aws_security_group" "app" {
name_prefix = "${local.security_rules.app.name}-"
vpc_id = aws_vpc.main.id
dynamic "ingress" {
for_each = local.security_rules.app.ingress
content {
from_port = ingress.value.from_port
to_port = ingress.value.to_port
protocol = ingress.value.protocol
cidr_blocks = ingress.value.cidr_blocks
description = ingress.value.description
}
}
}
locals {
# セキュリティグループのルール定義
security_rules = {
base = {
name = "base-rules"
ingress = {
ssh = {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = var.admin_cidrs
description = "SSH access"
}
https = {
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
description = "HTTPS access"
}
}
}
app = {
name = "app-rules"
ingress = {
app = {
from_port = 8080
to_port = 8080
protocol = "tcp"
cidr_blocks = [local.common_config.vpc_cidr]
description = "Application access"
}
}
}
}
# IAMポリシーの定義
iam_policies = {
s3_read = {
effect = "Allow"
actions = [
"s3:GetObject",
"s3:ListBucket"
]
resources = [
"arn:aws:s3:::${local.common_config.project_name}-${local.current_env}-*"
]
}
cloudwatch_write = {
effect = "Allow"
actions = [
"cloudwatch:PutMetricData",
"cloudwatch:CreateLogStream",
"cloudwatch:PutLogEvents"
]
resources = ["*"]
}
}
}
# セキュリティグループの作成
resource "aws_security_group" "app" {
name_prefix = "${local.security_rules.app.name}-"
vpc_id = aws_vpc.main.id
dynamic "ingress" {
for_each = local.security_rules.app.ingress
content {
from_port = ingress.value.from_port
to_port = ingress.value.to_port
protocol = ingress.value.protocol
cidr_blocks = ingress.value.cidr_blocks
description = ingress.value.description
}
}
}
コスト管理のための設定集約化
コスト最適化のための設定を一元管理する実装例です。
locals {
# コスト管理関連の設定
cost_management = {
# インスタンスのライフサイクル設定
instance_lifecycle = {
dev = {
scheduled_start = "0 8 * * 1-5" # 平日朝8時起動
scheduled_stop = "0 20 * * 1-5" # 平日夜8時停止
weekend_running = false
}
staging = {
scheduled_start = "0 7 * * 1-5"
scheduled_stop = "0 22 * * 1-5"
weekend_running = true
}
prod = {
scheduled_start = null # 24/7稼働
scheduled_stop = null
weekend_running = true
}
}
# オートスケーリング設定
autoscaling = {
dev = {
min_size = 1
max_size = 2
target_cpu_utilization = 75
}
staging = {
min_size = 2
max_size = 4
target_cpu_utilization = 70
}
prod = {
min_size = 3
max_size = 10
target_cpu_utilization = 65
}
}
# バックアップ保持期間
backup_retention = {
dev = 7
staging = 14
prod = 30
}
}
# 現在の環境のコスト管理設定
current_lifecycle = local.cost_management.instance_lifecycle[local.current_env]
current_scaling = local.cost_management.autoscaling[local.current_env]
backup_days = local.cost_management.backup_retention[local.current_env]
# コスト最適化タグ
cost_tags = {
CostCenter = var.cost_center
Environment = local.current_env
AutoStop = local.current_lifecycle.scheduled_stop != null ? "true" : "false"
}
}
# 自動起動/停止のEventBridgeルール
resource "aws_cloudwatch_event_rule" "start_instances" {
count = local.current_lifecycle.scheduled_start != null ? 1 : 0
name = "${local.common_config.project_name}-${local.current_env}-start-instances"
description = "Start instances during working hours"
schedule_expression = "cron(${local.current_lifecycle.scheduled_start})"
}
locals {
# コスト管理関連の設定
cost_management = {
# インスタンスのライフサイクル設定
instance_lifecycle = {
dev = {
scheduled_start = "0 8 * * 1-5" # 平日朝8時起動
scheduled_stop = "0 20 * * 1-5" # 平日夜8時停止
weekend_running = false
}
staging = {
scheduled_start = "0 7 * * 1-5"
scheduled_stop = "0 22 * * 1-5"
weekend_running = true
}
prod = {
scheduled_start = null # 24/7稼働
scheduled_stop = null
weekend_running = true
}
}
# オートスケーリング設定
autoscaling = {
dev = {
min_size = 1
max_size = 2
target_cpu_utilization = 75
}
staging = {
min_size = 2
max_size = 4
target_cpu_utilization = 70
}
prod = {
min_size = 3
max_size = 10
target_cpu_utilization = 65
}
}
# バックアップ保持期間
backup_retention = {
dev = 7
staging = 14
prod = 30
}
}
# 現在の環境のコスト管理設定
current_lifecycle = local.cost_management.instance_lifecycle[local.current_env]
current_scaling = local.cost_management.autoscaling[local.current_env]
backup_days = local.cost_management.backup_retention[local.current_env]
# コスト最適化タグ
cost_tags = {
CostCenter = var.cost_center
Environment = local.current_env
AutoStop = local.current_lifecycle.scheduled_stop != null ? "true" : "false"
}
}
# 自動起動/停止のEventBridgeルール
resource "aws_cloudwatch_event_rule" "start_instances" {
count = local.current_lifecycle.scheduled_start != null ? 1 : 0
name = "${local.common_config.project_name}-${local.current_env}-start-instances"
description = "Start instances during working hours"
schedule_expression = "cron(${local.current_lifecycle.scheduled_start})"
}
locals {
# コスト管理関連の設定
cost_management = {
# インスタンスのライフサイクル設定
instance_lifecycle = {
dev = {
scheduled_start = "0 8 * * 1-5" # 平日朝8時起動
scheduled_stop = "0 20 * * 1-5" # 平日夜8時停止
weekend_running = false
}
staging = {
scheduled_start = "0 7 * * 1-5"
scheduled_stop = "0 22 * * 1-5"
weekend_running = true
}
prod = {
scheduled_start = null # 24/7稼働
scheduled_stop = null
weekend_running = true
}
}
# オートスケーリング設定
autoscaling = {
dev = {
min_size = 1
max_size = 2
target_cpu_utilization = 75
}
staging = {
min_size = 2
max_size = 4
target_cpu_utilization = 70
}
prod = {
min_size = 3
max_size = 10
target_cpu_utilization = 65
}
}
# バックアップ保持期間
backup_retention = {
dev = 7
staging = 14
prod = 30
}
}
# 現在の環境のコスト管理設定
current_lifecycle = local.cost_management.instance_lifecycle[local.current_env]
current_scaling = local.cost_management.autoscaling[local.current_env]
backup_days = local.cost_management.backup_retention[local.current_env]
# コスト最適化タグ
cost_tags = {
CostCenter = var.cost_center
Environment = local.current_env
AutoStop = local.current_lifecycle.scheduled_stop != null ? "true" : "false"
}
}
# 自動起動/停止のEventBridgeルール
resource "aws_cloudwatch_event_rule" "start_instances" {
count = local.current_lifecycle.scheduled_start != null ? 1 : 0
name = "${local.common_config.project_name}-${local.current_env}-start-instances"
description = "Start instances during working hours"
schedule_expression = "cron(${local.current_lifecycle.scheduled_start})"
}
これらの実装例は、実際のプロジェクトで使用されている設計パターンを基に作成されています。環境や要件に応じて適切にカスタマイズすることで、効率的なインフラストラクチャ管理を実現できます。
よくあるlocals活用時の失敗パターンと対策
Terraform localsは強力な機能ですが、適切に使用しないと保守性の低下やバグの原因となることがあります。ここでは、よくある失敗パターンとその対策について解説します。
過度な集約による可読性低下を防ぐ
localsブロックに過度に多くの設定を集約すると、かえってコードの可読性が低下する場合があります。
失敗パターン
locals {
# 巨大な設定オブジェクト - 避けるべき例
config = {
vpc = {
cidr = "10.0.0.0/16"
subnets = {
public = {
azs = ["ap-northeast-1a", "ap-northeast-1c"]
cidrs = ["10.0.1.0/24", "10.0.2.0/24"]
tags = {
Tier = "Public"
Access = "Internet"
}
}
private = {
azs = ["ap-northeast-1a", "ap-northeast-1c"]
cidrs = ["10.0.3.0/24", "10.0.4.0/24"]
tags = {
Tier = "Private"
Access = "Internal"
}
}
}
}
security = {
# ... さらに大量の設定が続く
}
}
}
locals {
# 巨大な設定オブジェクト - 避けるべき例
config = {
vpc = {
cidr = "10.0.0.0/16"
subnets = {
public = {
azs = ["ap-northeast-1a", "ap-northeast-1c"]
cidrs = ["10.0.1.0/24", "10.0.2.0/24"]
tags = {
Tier = "Public"
Access = "Internet"
}
}
private = {
azs = ["ap-northeast-1a", "ap-northeast-1c"]
cidrs = ["10.0.3.0/24", "10.0.4.0/24"]
tags = {
Tier = "Private"
Access = "Internal"
}
}
}
}
security = {
# ... さらに大量の設定が続く
}
}
}
locals {
# 巨大な設定オブジェクト - 避けるべき例
config = {
vpc = {
cidr = "10.0.0.0/16"
subnets = {
public = {
azs = ["ap-northeast-1a", "ap-northeast-1c"]
cidrs = ["10.0.1.0/24", "10.0.2.0/24"]
tags = {
Tier = "Public"
Access = "Internet"
}
}
private = {
azs = ["ap-northeast-1a", "ap-northeast-1c"]
cidrs = ["10.0.3.0/24", "10.0.4.0/24"]
tags = {
Tier = "Private"
Access = "Internal"
}
}
}
}
security = {
# ... さらに大量の設定が続く
}
}
}
改善策
# ネットワーク設定を別ファイルに分割
# locals.network.tf
locals {
network = {
vpc_cidr = "10.0.0.0/16"
}
subnet_config = {
public = {
azs = ["ap-northeast-1a", "ap-northeast-1a"]
cidrs = ["10.0.1.0/24", "10.0.2.0/24"]
}
private = {
azs = ["ap-northeast-1a", "ap-northeast-1c"]
cidrs = ["10.0.3.0/24", "10.0.4.0/24"]
}
}
}
# タグ設定を別ファイルに分割
# locals.tags.tf
locals {
tier_tags = {
public = {
Tier = "Public"
Access = "Internet"
}
private = {
Tier = "Private"
Access = "Internal"
}
}
}
# ネットワーク設定を別ファイルに分割
# locals.network.tf
locals {
network = {
vpc_cidr = "10.0.0.0/16"
}
subnet_config = {
public = {
azs = ["ap-northeast-1a", "ap-northeast-1a"]
cidrs = ["10.0.1.0/24", "10.0.2.0/24"]
}
private = {
azs = ["ap-northeast-1a", "ap-northeast-1c"]
cidrs = ["10.0.3.0/24", "10.0.4.0/24"]
}
}
}
# タグ設定を別ファイルに分割
# locals.tags.tf
locals {
tier_tags = {
public = {
Tier = "Public"
Access = "Internet"
}
private = {
Tier = "Private"
Access = "Internal"
}
}
}
# ネットワーク設定を別ファイルに分割
# locals.network.tf
locals {
network = {
vpc_cidr = "10.0.0.0/16"
}
subnet_config = {
public = {
azs = ["ap-northeast-1a", "ap-northeast-1a"]
cidrs = ["10.0.1.0/24", "10.0.2.0/24"]
}
private = {
azs = ["ap-northeast-1a", "ap-northeast-1c"]
cidrs = ["10.0.3.0/24", "10.0.4.0/24"]
}
}
}
# タグ設定を別ファイルに分割
# locals.tags.tf
locals {
tier_tags = {
public = {
Tier = "Public"
Access = "Internet"
}
private = {
Tier = "Private"
Access = "Internal"
}
}
}
循環参照を避けるための設計方針
localsブロック内での循環参照は、Terraformの実行エラーの原因となります。
失敗パターン
# 循環参照が発生するパターン - 避けるべき例
locals {
instance_name = "${local.resource_prefix}-instance"
resource_prefix = "${local.instance_name}-prod" # 循環参照!
}
# 循環参照が発生するパターン - 避けるべき例
locals {
instance_name = "${local.resource_prefix}-instance"
resource_prefix = "${local.instance_name}-prod" # 循環参照!
}
# 循環参照が発生するパターン - 避けるべき例
locals {
instance_name = "${local.resource_prefix}-instance"
resource_prefix = "${local.instance_name}-prod" # 循環参照!
}
改善策
locals {
# 基本となる値を先に定義
base_name = "myapp"
environment = "prod"
# 他の値はこれらを参照
resource_prefix = "${local.base_name}-${local.environment}"
instance_name = "${local.resource_prefix}-instance"
}
locals {
# 基本となる値を先に定義
base_name = "myapp"
environment = "prod"
# 他の値はこれらを参照
resource_prefix = "${local.base_name}-${local.environment}"
instance_name = "${local.resource_prefix}-instance"
}
locals {
# 基本となる値を先に定義
base_name = "myapp"
environment = "prod"
# 他の値はこれらを参照
resource_prefix = "${local.base_name}-${local.environment}"
instance_name = "${local.resource_prefix}-instance"
}
デバッグ時の効率的なトラブルシューティング
localsを使用したコードのデバッグは、適切な戦略がないと時間がかかる場合があります。
デバッグを困難にする実装パターン
# デバッグが困難な実装 - 避けるべき例
locals {
complex_calculation = {
for k, v in var.input_map :
k => merge(
{
computed_value = v.base_value * 2
},
local.additional_settings[k],
local.override_values
)
}
}
# デバッグが困難な実装 - 避けるべき例
locals {
complex_calculation = {
for k, v in var.input_map :
k => merge(
{
computed_value = v.base_value * 2
},
local.additional_settings[k],
local.override_values
)
}
}
# デバッグが困難な実装 - 避けるべき例
locals {
complex_calculation = {
for k, v in var.input_map :
k => merge(
{
computed_value = v.base_value * 2
},
local.additional_settings[k],
local.override_values
)
}
}
デバッグしやすい実装パターン
locals {
# 段階的に計算を分解
base_calculations = {
for k, v in var.input_map :
k => {
computed_value = v.base_value * 2
}
}
# 中間結果を別々に定義
with_additional_settings = {
for k, v in local.base_calculations :
k => merge(v, local.additional_settings[k])
}
# 最終結果
final_values = {
for k, v in local.with_additional_settings :
k => merge(v, local.override_values)
}
}
# 出力を追加してデバッグを容易に
output "debug_base_calculations" {
value = local.base_calculations
}
output "debug_with_additional_settings" {
value = local.with_additional_settings
}
locals {
# 段階的に計算を分解
base_calculations = {
for k, v in var.input_map :
k => {
computed_value = v.base_value * 2
}
}
# 中間結果を別々に定義
with_additional_settings = {
for k, v in local.base_calculations :
k => merge(v, local.additional_settings[k])
}
# 最終結果
final_values = {
for k, v in local.with_additional_settings :
k => merge(v, local.override_values)
}
}
# 出力を追加してデバッグを容易に
output "debug_base_calculations" {
value = local.base_calculations
}
output "debug_with_additional_settings" {
value = local.with_additional_settings
}
locals {
# 段階的に計算を分解
base_calculations = {
for k, v in var.input_map :
k => {
computed_value = v.base_value * 2
}
}
# 中間結果を別々に定義
with_additional_settings = {
for k, v in local.base_calculations :
k => merge(v, local.additional_settings[k])
}
# 最終結果
final_values = {
for k, v in local.with_additional_settings :
k => merge(v, local.override_values)
}
}
# 出力を追加してデバッグを容易に
output "debug_base_calculations" {
value = local.base_calculations
}
output "debug_with_additional_settings" {
value = local.with_additional_settings
}
これらの失敗パターンを防ぐためのベストプラクティス:
- 設定の分割と整理
- 論理的なまとまりごとにファイルを分割
- 関連する設定を適切にグループ化
- 命名規則の一貫性を保持
- 依存関係の明確化
- 基本となる値を先に定義
- 依存関係を一方向に保つ
- 複雑な参照を避ける
- デバッグ容易性の確保
- 複雑な計算は段階的に分解
- 中間結果を確認できるようにする
- 適切なコメントを追加
- コードレビューのポイント
- 循環参照の可能性をチェック
- 設定の重複や矛盾がないか確認
- 命名の一貫性を確認
これらの対策を実装することで、保守性が高く、問題が発生しにくいTerraformコードを実現できます。