AWS with Terraform (Day 13)

Terraform Data Sources in AWS: Safely Using Existing VPCs, Subnets & AMIs

Today’s learning in my “30 Days of AWS & Terraform” series focuses on one of the most powerful concepts that enable real-world infrastructure management—Terraform Data Sources.

Many teams struggle with repeatedly hardcoding AMI IDs, VPC IDs, and subnet IDs inside Terraform configuration. These values change frequently and are usually managed externally by platform teams. Hardcoding them introduces fragility, makes templates non-portable, and requires manual changes on every update.

Terraform solves this problem through data sources, which allow you to query and reference existing cloud resources safely, instead of defining or recreating them.

Why Terraform Data Sources Matter

Data sources let you look up resources dynamically from AWS and consume their attributes without manually storing IDs.

Key benefits

ProblemSolution with Data Sources
Hardcoded AMI, VPC, or subnet IDs            Dynamically fetch IDs at runtime
Manual lookups and updating IDs            Eliminates human dependency
Risk of outdated AMIs            Always fetch the latest AMI
Resource duplication            Reuse existing shared infrastructure safely

Outcome: Cleaner, more automated, scalable Terraform configurations that adapt to multi-team shared cloud environments.

Core Example: Provision EC2 Without Hardcoding AMI & Subnet

Use Terraform to fetch:

  • The existing VPC by tag

  • A specific subnet inside that VPC

  • The latest Amazon Linux 2 AMI

Terraform Data Sources Implementation

data "aws_vpc" "datasource_vpc" {
  filter {
    name   = "tag:Name"
    values = ["default"]
  }
}

data "aws_subnets" "datasource_subnets" {
  filter {
    name   = "tag:Name"
    values = ["datasource-subnet"]
  }
  #vpc_id = data.aws_vpc.datasource_vpc.id
}

data "aws_ami" "datasource_ami" {
  most_recent = true
  owners      = ["amazon"]

  filter {
    name   = "name"
    values = ["amzn2-ami-hvm-*-x86_64-gp2"]
  }
  filter {
    name   = "virtualization-type"
    values = ["hvm"]
  }
}

Use data source in EC2 resource

resource "aws_instance" "datasource_instance" {
  ami           = data.aws_ami.datasource_ami
  instance_type = var.instance_type
  subnet_id     = data.aws_subnets.datasource_subnets.id

  tags = var.tags
}

Why This Approach Is Better

TraditionalWith Data Sources
ami = "ami-123456789"ami = data.aws_ami.linux2.id
subnet_id = "subnet-abc123"subnet_id = data.aws_subnet.shared.id
Manual AMI refreshAlways fetch latest AMI
Prone to errorsSelf-healing infra lookups

When To Use Data Sources

  • Referencing shared infrastructure (networking, IAM, KMS, ECR, etc.)

  • Provisioning resources across multiple environments or regions

  • When AMIs are frequently refreshed

  • When multiple teams share infra layers

Best Practices

RecommendationReason
Prefer tag-based filtering    Stable across accounts, readable
Use most_recent = true carefully    Avoid unexpected major upgrades
Keep data sources in data.tf    Maintain clean file structure
Always review with terraform plan    Validates correct resource selection

Quick Checklist Before Applying

  • Validate tag names exist on the target resources

  • Run:

terraform init
terraform plan

  • Review selected resource IDs in plan output

  • Destroy demo resources to avoid billing

Closing Summary

Terraform data sources bridge the gap between IaC and real cloud environments. They eliminate brittle hardcoded values, improve automation quality, and help teams safely consume shared infrastructure.

For EC2 provisioning:

Combine data.aws_vpc, data.aws_subnet, and data.aws_ami to deploy instances into existing VPCs and subnets while automatically selecting the appropriate AMI.

A simple framing:

“This AMI has a data source, now I can simply reference data.aws_ami.linux2.id instead of hardcoding values.”

Using Terraform data sources correctly results in safe, scalable, production-ready IaC.

Diagram




Here is my repo link: https://github.com/Mo-Adnan-Mo-Ayyub/Aws-with-Terraform

Here is the session link: 


Comments

Post a Comment

Popular posts from this blog

AWS with Terraform (Day 01)

Image
  Terraform Fundamentals – Day 01 (My Learning Notes as a DevOps Engineer) Today I wrapped up Day-01 of my Terraform with AWS series, and even with my DevOps background, this session helped me tighten my fundamentals and rethink how I approach cloud provisioning. Terraform is something I’ve used before, but today was more about understanding why IaC matters at scale and why Terraform continues to dominate in real-world DevOps ecosystems. Understanding Infrastructure as Code (IaC) As a DevOps engineer, IaC is not new to me. But today’s session broke it down in a way that clarified its real value. IaC = Infrastructure represented as code. Instead of building resources manually through AWS/Azure/GCP consoles, we define everything in .tf files. This ensures our setup is predictable, repeatable, and version-controlled. What I liked most is how clearly the contrast was shown: Cloud-Agnostic Tools (Terraform / Pulumi) Work across AWS, Azure, GCP, Kubernetes, GitHub, etc. ...
Read more

AWS with Terraform (Day 02)

Image
  AWS with Terraform – Day 02 Deep Dive into Providers, Versioning & the Real “Bridge” Between Code and Cloud Today’s session took me from simply writing Terraform code to actually understanding the engine behind it — the Provider layer . And honestly, once this clicks, Terraform stops feeling like just a tool and starts feeling like a real engineering system. Here’s what I learned and how I’ve started applying it. Providers: The Plugin That Makes Terraform Real The simplest way I now understand it: Terraform writes the story. Providers translate it into cloud actions. Before today, I treated the provider block as just two lines of mandatory code. Now I see it as the translator that turns HCL into actual AWS API calls . Example: I write: resource "aws_s3_bucket" "demo" { bucket = "my-app-demo" } The AWS provider turns that into the exact S3 API request. This layer saves us from manually hitting APIs, building payloads, or juggling ...
Read more

AWS with Terraform (Day 06)

Image
Mastering Terraform File Structure: Best Practices for Scalable AWS Infrastructure as Code You've built your first AWS resources with Terraform in one big main.tf file. It works fine at first. But as your project grows, that single file turns into a mess. Resources pile up. Variables hide in plain sight. Debugging takes forever. Good news. You can fix this now. Split your Terraform files the right way. Follow HashiCorp's tips for a clean setup. This boosts readability. It helps teams work together. Plus, it scales for big AWS setups like VPCs, EC2s, and S3 buckets. Stick with me. You'll see hands-on steps to organize your root module today. The Anatomy of a Well-Organized Terraform Root Module The root directory acts as your Terraform project's heart. It's the root module. Here, you keep all key files. No strict rules exist for names. But smart choices make life easier. Start simple. Break one fat main.tf into focused files. This stops resource clutter. You n...
Read more