tf .12

2025-02-21 13:24:03 +01:00 · 2019-05-31 07:23:30 -07:00 · 2019-05-31 07:23:30 -07:00 · ce2d18b3ba
commit ce2d18b3ba
parent dfe50374a6
28 changed files with 444 additions and 406 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -2,7 +2,7 @@ variables:
  GIT_SUBMODULE_STRATEGY: none
  CI_DISPOSABLE_ENVIRONMENT: "true"
-image: blockstream/gcloud-docker@sha256:d5db1ec7faedfd46230fb53c859679e6abdd9173599209035e307c1a386a2189
+image: blockstream/gcloud-docker@sha256:2ab8222c44502282a614cdda4a9f1434d6f91e93888a39c56b82ebc52f6bd3b1
 stages:
  - build
  - plan
@ -83,7 +83,7 @@ plan_satapi:
         -var "rpcuser=$RPCUSER"
         -var "rpcpass=$RPCPASS"
         -input=false)
-
+         
 # This plan gets triggered only for miscellaneous branches/tags (i.e. tor, prometheus, etc), so make sure the branch/tag name starts with misc_
 plan_misc:
  stage: plan
--- a/terraform/data.tf
+++ b/terraform/data.tf
@ -1,10 +1,9 @@
 data "terraform_remote_state" "blc-mainnet" {
  backend = "gcs"
-  config {
+  config = {
-    bucket  = "tf-state-satellite-api"
+    bucket = "tf-state-satellite-api"
-    prefix  = "terraform/state"
+    prefix = "terraform/state"
    project = "satellite-api"
  }
  workspace = "prod"
@ -13,11 +12,11 @@ data "terraform_remote_state" "blc-mainnet" {
 data "terraform_remote_state" "blc-testnet" {
  backend = "gcs"
-  config {
+  config = {
-    bucket  = "tf-state-satellite-api"
+    bucket = "tf-state-satellite-api"
-    prefix  = "terraform/state"
+    prefix = "terraform/state"
    project = "satellite-api"
  }
  workspace = "testnet-prod"
 }
--- a/terraform/kms.tf
+++ b/terraform/kms.tf
@ -1,14 +1,15 @@
 resource "google_kms_key_ring" "tor-key-ring" {
-  project  = "${var.project}"
+  project  = var.project
  name     = "${var.name}-keyring"
-  location = "${var.region}"
+  location = var.region
-  count = "${local.create_misc}"
+  count = local.create_misc
 }
 resource "google_kms_crypto_key" "tor-crypto-key" {
  name     = "${var.name}-crypto-key"
-  key_ring = "${google_kms_key_ring.tor-key-ring.id}"
+  key_ring = google_kms_key_ring.tor-key-ring[0].id
-  count = "${local.create_misc}"
+  count = local.create_misc
 }
--- a/terraform/main.tf
+++ b/terraform/main.tf
@ -2,135 +2,141 @@ terraform {
  required_version = "> 0.11.0"
  backend "gcs" {
-    bucket  = "terraform-bs-source"
+    bucket = "terraform-bs-source"
-    prefix  = "satellite-api"
+    prefix = "satellite-api"
    project = "blockstream-source"
  }
 }
 provider "google" {
-  project = "${var.project}"
+  project = "var.project"
 }
 provider "google-beta" {
-  project = "${var.project}"
+  project = "var.project"
 }
 module "blc-mainnet" {
-  source = "modules/blc"
+  source = "./modules/blc"
-  project               = "${var.project}"
+  project               = var.project
  name                  = "satellite-api"
  network               = "default"
-  bitcoin_docker        = "${var.bitcoin_docker}"
+  bitcoin_docker        = var.bitcoin_docker
-  lightning_docker      = "${var.lightning_docker}"
+  lightning_docker      = var.lightning_docker
-  charge_docker         = "${var.charge_docker}"
+  charge_docker         = var.charge_docker
-  ionosphere_docker     = "${var.ionosphere_docker}"
+  ionosphere_docker     = var.ionosphere_docker
-  ionosphere_sse_docker = "${var.ionosphere_sse_docker}"
+  ionosphere_sse_docker = var.ionosphere_sse_docker
-  node_exporter_docker  = "${var.node_exporter_docker}"
+  node_exporter_docker  = var.node_exporter_docker
  net                   = "mainnet"
-  env                   = "${local.env}"
+  env                   = local.env
-  create_resources = "${local.create_mainnet}"
+  create_resources = local.create_mainnet
  # CI vars
-  region            = "${var.region}"
+  region            = var.region
-  zone              = "${var.zone}"
+  zone              = var.zone
-  instance_type     = "${var.instance_type[0]}"
+  instance_type     = var.instance_type[0]
-  host              = ["${var.host}"]
+  host              = var.host
-  space_host        = "${var.space_host}"
+  space_host        = var.space_host
-  ssl_cert          = ["${var.ssl_cert}"]
+  ssl_cert          = [var.ssl_cert]
-  timeout           = "${var.timeout}"
+  timeout           = var.timeout
-  prom_service_acct = "${var.prom_service_acct}"
+  prom_service_acct = var.prom_service_acct
-  opsgenie_key      = "${var.opsgenie_key}"
+  opsgenie_key      = var.opsgenie_key
-  rpcuser           = "${var.rpcuser}"
+  rpcuser           = var.rpcuser
-  rpcpass           = "${var.rpcpass}"
+  rpcpass           = var.rpcpass
 }
 module "blc-testnet" {
-  source = "modules/blc"
+  source = "./modules/blc"
-  project               = "${var.project}"
+  project               = var.project
  name                  = "satellite-api"
  network               = "default"
-  bitcoin_docker        = "${var.bitcoin_docker}"
+  bitcoin_docker        = var.bitcoin_docker
-  lightning_docker      = "${var.lightning_docker}"
+  lightning_docker      = var.lightning_docker
-  charge_docker         = "${var.charge_docker}"
+  charge_docker         = var.charge_docker
-  ionosphere_docker     = "${var.ionosphere_docker}"
+  ionosphere_docker     = var.ionosphere_docker
-  ionosphere_sse_docker = "${var.ionosphere_sse_docker}"
+  ionosphere_sse_docker = var.ionosphere_sse_docker
-  node_exporter_docker  = "${var.node_exporter_docker}"
+  node_exporter_docker  = var.node_exporter_docker
  net                   = "testnet"
-  env                   = "${local.env}"
+  env                   = local.env
-  create_resources = "${local.create_testnet}"
+  create_resources = local.create_testnet
  # CI vars
-  region            = "${var.region}"
+  region            = var.region
-  zone              = "${var.zone}"
+  zone              = var.zone
-  instance_type     = "${var.instance_type[0]}"
+  instance_type     = var.instance_type[0]
-  host              = ["${var.host}"]
+  host              = var.host
-  space_host        = "${var.space_host}"
+  space_host        = var.space_host
-  ssl_cert          = ["${var.ssl_cert}"]
+  ssl_cert          = [var.ssl_cert]
-  timeout           = "${var.timeout}"
+  timeout           = var.timeout
-  prom_service_acct = "${var.prom_service_acct}"
+  prom_service_acct = var.prom_service_acct
-  opsgenie_key      = "${var.opsgenie_key}"
+  opsgenie_key      = var.opsgenie_key
-  rpcuser           = "${var.rpcuser}"
+  rpcuser           = var.rpcuser
-  rpcpass           = "${var.rpcpass}"
+  rpcpass           = var.rpcpass
 }
 module "tor" {
-  source = "modules/tor"
+  source = "./modules/tor"
-  project              = "${var.project}"
+  project              = var.project
  network              = "default"
  name                 = "satapi-tor"
-  gcloud_docker        = "${var.gcloud_docker}"
+  gcloud_docker        = var.gcloud_docker
-  tor_docker           = "${var.tor_docker}"
+  tor_docker           = var.tor_docker
-  node_exporter_docker = "${var.node_exporter_docker}"
+  node_exporter_docker = var.node_exporter_docker
-  kms_key              = "${element(concat(google_kms_crypto_key.tor-crypto-key.*.name, list("")), 0)}"
+  kms_key              = element(concat(google_kms_crypto_key.tor-crypto-key.*.name, [""]), 0)
-  kms_key_ring         = "${element(concat(google_kms_key_ring.tor-key-ring.*.name, list("")), 0)}"
+  kms_key_ring         = element(concat(google_kms_key_ring.tor-key-ring.*.name, [""]), 0)
-  kms_key_link         = "${element(concat(google_kms_crypto_key.tor-crypto-key.*.self_link, list("")), 0)}"
+  kms_key_link = element(
-  tor_lb               = "${element(concat(google_compute_global_address.tor-lb.*.address, list("")), 0)}"
+    concat(google_kms_crypto_key.tor-crypto-key.*.self_link, [""]),
    0,
  )
  tor_lb = element(
    concat(google_compute_global_address.tor-lb.*.address, [""]),
    0,
  )
-  create_resources = "${local.create_misc}"
+  create_resources = local.create_misc
  # CI vars
-  region            = "${var.region}"
+  region            = var.region
-  zone              = "${var.zone}"
+  zone              = var.zone
-  instance_type     = "${var.instance_type[1]}"
+  instance_type     = var.instance_type[1]
-  onion_host        = "${var.onion_host}"
+  onion_host        = var.onion_host
-  prom_service_acct = "${var.prom_service_acct}"
+  prom_service_acct = var.prom_service_acct
 }
 module "prometheus" {
-  source = "modules/prometheus"
+  source = "./modules/prometheus"
-  project              = "${var.project}"
+  project              = var.project
  network              = "default"
  name                 = "satapi-prometheus"
-  prom_docker          = "${var.prom_docker}"
+  prom_docker          = var.prom_docker
-  node_exporter_docker = "${var.node_exporter_docker}"
+  node_exporter_docker = var.node_exporter_docker
-  create_resources = "${local.create_misc}"
+  create_resources = local.create_misc
  # CI vars
-  region                 = "${var.region}"
+  region                 = var.region
-  zone                   = "${var.zone}"
+  zone                   = var.zone
-  instance_type          = "${var.instance_type[2]}"
+  instance_type          = var.instance_type[2]
-  prom_allowed_source_ip = "${var.prom_allowed_source_ip}"
+  prom_allowed_source_ip = var.prom_allowed_source_ip
-  opsgenie_key           = "${var.opsgenie_key}"
+  opsgenie_key           = var.opsgenie_key
-  prom_service_acct      = "${var.prom_service_acct}"
+  prom_service_acct      = var.prom_service_acct
 }
 module "dns" {
-  source = "modules/dns"
+  source = "./modules/dns"
-  project = "${var.project}"
+  project = var.project
-  create_resources = "${local.create_misc}"
+  create_resources = local.create_misc
  # CI vars
-  satellite_lb             = "${var.satellite_lb}"
+  satellite_lb             = var.satellite_lb
-  satellite_api_lb         = "${var.satellite_api_lb}"
+  satellite_api_lb         = var.satellite_api_lb
-  satellite_api_lb_staging = "${var.satellite_api_lb_staging}"
+  satellite_api_lb_staging = var.satellite_api_lb_staging
 }
--- a/terraform/modules/blc/data.tf
+++ b/terraform/modules/blc/data.tf
@ -1,47 +1,49 @@
 data "google_compute_network" "blc" {
  name = "default"
  project = var.project
 }
 data "google_compute_image" "blc" {
  family  = "satapi-data-${var.net}-${var.env}"
-  project = "${var.project}"
+  project = var.project
-  count   = "${var.create_resources}"
+  count   = var.create_resources
 }
 data "template_file" "blc" {
-  template = "${file("${path.module}/cloud-init/blc.yaml")}"
+  template = file("${path.module}/cloud-init/blc.yaml")
-  count    = "${var.create_resources}"
+  count    = var.create_resources
-  vars {
+  vars = {
-    rpcuser               = "${var.rpcuser}"
+    rpcuser               = var.rpcuser
-    rpcpass               = "${var.rpcpass}"
+    rpcpass               = var.rpcpass
-    net                   = "${var.net}"
+    net                   = var.net
-    url_path              = "${var.net == "testnet" ? "/testnet" : ""}"
+    url_path              = var.net == "testnet" ? "/testnet" : ""
    bitcoin_cmd           = "bitcoind ${var.net == "testnet" ? "-testnet" : ""} -printtoconsole"
    lightning_cmd         = "lightningd ${var.net == "testnet" ? "--testnet" : "--mainnet"} --conf=/root/.lightning/lightning.conf --plugin-dir=/usr/local/bin/plugins"
    charge_cmd            = "charged -d /data/charge.db -l /root/.lightning"
-    announce_addr         = "${google_compute_address.blc.address}"
+    announce_addr         = google_compute_address.blc[0].address
    lightning_port        = 9735
-    bitcoin_docker        = "${var.bitcoin_docker}"
+    bitcoin_docker        = var.bitcoin_docker
-    lightning_docker      = "${var.lightning_docker}"
+    lightning_docker      = var.lightning_docker
-    charge_docker         = "${var.charge_docker}"
+    charge_docker         = var.charge_docker
    redis_port            = 6379
-    ionosphere_docker     = "${var.ionosphere_docker}"
+    ionosphere_docker     = var.ionosphere_docker
-    ionosphere_sse_docker = "${var.ionosphere_sse_docker}"
+    ionosphere_sse_docker = var.ionosphere_sse_docker
-    node_exporter_docker  = "${var.node_exporter_docker}"
+    node_exporter_docker  = var.node_exporter_docker
-    opsgenie_key          = "${var.opsgenie_key}"
+    opsgenie_key          = var.opsgenie_key
-    host                  = "${var.host[0]}"
+    host                  = var.host[0]
-    space_host            = "${var.host[1]}"
+    space_host            = var.host[1]
  }
 }
 data "template_cloudinit_config" "blc" {
  gzip          = false
  base64_encode = false
-  count         = "${var.create_resources}"
+  count         = var.create_resources
  part {
    content_type = "text/cloud-config"
-    content      = "${data.template_file.blc.rendered}"
+    content      = data.template_file.blc[0].rendered
  }
 }
--- a/terraform/modules/blc/firewall.tf
+++ b/terraform/modules/blc/firewall.tf
@ -1,7 +1,7 @@
 resource "google_compute_firewall" "blc" {
  name    = "${var.name}-${var.net}-fw-rule-${var.env}"
-  network = "${data.google_compute_network.blc.self_link}"
+  network = data.google_compute_network.blc.self_link
-  count   = "${var.create_resources}"
+  count   = var.create_resources
  allow {
    protocol = "tcp"
@ -9,14 +9,14 @@ resource "google_compute_firewall" "blc" {
  }
  target_service_accounts = [
-    "${google_service_account.blc.email}",
+    google_service_account.blc[0].email,
  ]
 }
 resource "google_compute_firewall" "blc-prom" {
  name    = "${var.name}-${var.net}-prometheus-access-${var.env}"
-  network = "${data.google_compute_network.blc.self_link}"
+  network = data.google_compute_network.blc.self_link
-  count   = "${var.create_resources}"
+  count   = var.create_resources
  allow {
    protocol = "tcp"
@ -24,10 +24,11 @@ resource "google_compute_firewall" "blc-prom" {
  }
  source_service_accounts = [
-    "${var.prom_service_acct}",
+    var.prom_service_acct,
  ]
  target_service_accounts = [
-    "${google_service_account.blc.email}",
+    google_service_account.blc[0].email,
  ]
 }
--- a/terraform/modules/blc/iam.tf
+++ b/terraform/modules/blc/iam.tf
@ -1,12 +1,13 @@
 resource "google_service_account" "blc" {
  account_id   = "${var.name}-${var.net}-${var.env}"
  display_name = "${var.name}-${var.net}-${var.env}"
-  count        = "${var.create_resources}"
+  count        = var.create_resources
 }
 resource "google_project_iam_member" "blc" {
-  project = "${var.project}"
+  project = var.project
  role    = "roles/editor"
-  member  = "serviceAccount:${google_service_account.blc.email}"
+  member  = "serviceAccount:${google_service_account.blc[0].email}"
-  count   = "${var.create_resources}"
+  count   = var.create_resources
 }
--- a/terraform/modules/blc/main.tf
+++ b/terraform/modules/blc/main.tf
@ -1,16 +1,16 @@
 # Instance group
 resource "google_compute_instance_group_manager" "blc" {
  name     = "${var.name}-ig-${var.net}-${var.env}"
-  count    = "${var.create_resources}"
+  count    = var.create_resources
-  provider = "google-beta"
+  provider = google-beta
  base_instance_name = "${var.name}-ig-${var.net}-${var.env}"
-  zone               = "${var.zone}"
+  zone               = var.zone
  target_size        = 1
  version {
    name              = "original"
-    instance_template = "${google_compute_instance_template.blc.self_link}"
+    instance_template = google_compute_instance_template.blc[0].self_link
  }
  update_policy {
@ -25,13 +25,13 @@ resource "google_compute_instance_group_manager" "blc" {
 resource "google_compute_disk" "blc" {
  name  = "${var.name}-data-${var.net}-${var.env}"
  type  = "pd-standard"
-  image = "${data.google_compute_image.blc.self_link}"
+  image = data.google_compute_image.blc[0].self_link
-  zone  = "${var.zone}"
+  zone  = var.zone
-  count = "${var.create_resources}"
+  count = var.create_resources
  lifecycle {
    prevent_destroy = true
-    ignore_changes  = ["image"]
+    ignore_changes  = [image]
  }
 }
@ -39,14 +39,14 @@ resource "google_compute_disk" "blc" {
 resource "google_compute_instance_template" "blc" {
  name_prefix  = "${var.name}-${var.net}-${var.env}-tmpl-"
  description  = "This template is used to create ${var.name} ${var.net} ${var.env} instances."
-  machine_type = "${var.instance_type}"
+  machine_type = var.instance_type
-  region       = "${var.region}"
+  region       = var.region
-  count        = "${var.create_resources}"
+  count        = var.create_resources
-  labels {
+  labels = {
    type = "lightning-app"
-    name = "${var.name}"
+    name = var.name
-    net  = "${var.net}"
+    net  = var.net
  }
  scheduling {
@ -55,7 +55,7 @@ resource "google_compute_instance_template" "blc" {
  }
  disk {
-    source_image = "${var.boot_image}"
+    source_image = var.boot_image
    disk_type    = "pd-ssd"
    auto_delete  = true
    boot         = true
@ -63,26 +63,26 @@ resource "google_compute_instance_template" "blc" {
  }
  disk {
-    source      = "${google_compute_disk.blc.name}"
+    source      = google_compute_disk.blc[0].name
    auto_delete = false
    device_name = "data"
  }
  network_interface {
-    network = "${data.google_compute_network.blc.self_link}"
+    network = data.google_compute_network.blc.self_link
    access_config {
-      nat_ip = "${google_compute_address.blc.address}"
+      nat_ip = google_compute_address.blc[0].address
    }
  }
-  metadata {
+  metadata = {
    google-logging-enabled = "true"
-    user-data              = "${data.template_cloudinit_config.blc.rendered}"
+    user-data              = data.template_cloudinit_config.blc[0].rendered
  }
  service_account {
-    email  = "${google_service_account.blc.email}"
+    email  = google_service_account.blc[0].email
    scopes = ["compute-ro", "storage-ro"]
  }
@ -90,3 +90,4 @@ resource "google_compute_instance_template" "blc" {
    create_before_destroy = true
  }
 }
--- a/terraform/modules/blc/network.tf
+++ b/terraform/modules/blc/network.tf
@ -1,8 +1,8 @@
 resource "google_compute_address" "blc" {
  name    = "${var.name}-${var.net}-external-ip-${var.env}-${count.index}"
-  project = "${var.project}"
+  project = var.project
-  region  = "${var.region}"
+  region  = var.region
-  count   = "${var.create_resources}"
+  count   = var.create_resources
 }
 # Backend service
@ -11,20 +11,20 @@ resource "google_compute_backend_service" "blc" {
  description = "Satellite API"
  protocol    = "HTTP"
  port_name   = "http"
-  timeout_sec = "${var.timeout}"
+  timeout_sec = var.timeout
-  count       = "${var.create_resources}"
+  count       = var.create_resources
  backend {
-    group = "${google_compute_instance_group_manager.blc.instance_group}"
+    group = google_compute_instance_group_manager.blc[0].instance_group
  }
-  health_checks = ["${google_compute_health_check.blc.self_link}"]
+  health_checks = [google_compute_health_check.blc[0].self_link]
 }
 # Health checks
 resource "google_compute_health_check" "blc" {
  name  = "${var.name}-${var.net}-health-check-${var.env}"
-  count = "${var.create_resources}"
+  count = var.create_resources
  check_interval_sec = 5
  timeout_sec        = 3
@ -33,3 +33,4 @@ resource "google_compute_health_check" "blc" {
    port = "80"
  }
 }
--- a/terraform/modules/blc/outputs.tf
+++ b/terraform/modules/blc/outputs.tf
@ -1,3 +1,7 @@
 output "backend_service" {
-  value = "${element(concat(google_compute_backend_service.blc.*.self_link, list("")), 0)}"
+  value = element(
    concat(google_compute_backend_service.blc.*.self_link, [""]),
    0,
  )
 }
--- a/terraform/modules/blc/variables.tf
+++ b/terraform/modules/blc/variables.tf
@ -1,97 +1,98 @@
 variable "project" {
-  type    = "string"
+  type    = string
  default = "satellite-api"
 }
 variable "boot_image" {
-  type    = "string"
+  type    = string
  default = "cos-cloud/cos-stable"
 }
 variable "create_resources" {
-  type = "string"
+  type = string
 }
 variable "rpcuser" {
-  type = "string"
+  type = string
 }
 variable "rpcpass" {
-  type = "string"
+  type = string
 }
 variable "env" {
-  type = "string"
+  type = string
 }
 variable "name" {
-  type = "string"
+  type = string
 }
 variable "network" {
-  type = "string"
+  type = string
 }
 variable "region" {
-  type = "string"
+  type = string
 }
 variable "zone" {
-  type = "string"
+  type = string
 }
 variable "instance_type" {
-  type = "string"
+  type = string
 }
 variable "net" {
-  type = "string"
+  type = string
 }
 variable "ssl_cert" {
-  type = "list"
+  type = list
 }
 variable "host" {
-  type = "list"
+  type = list
 }
 variable "space_host" {
-  type = "string"
+  type = string
 }
 variable "timeout" {
-  type = "string"
+  type = string
 }
 variable "opsgenie_key" {
-  type = "string"
+  type = string
 }
 variable "prom_service_acct" {
-  type = "string"
+  type = string
 }
 variable "bitcoin_docker" {
-  type = "string"
+  type = string
 }
 variable "charge_docker" {
-  type = "string"
+  type = string
 }
 variable "lightning_docker" {
-  type = "string"
+  type = string
 }
 variable "ionosphere_docker" {
-  type = "string"
+  type = string
 }
 variable "ionosphere_sse_docker" {
-  type = "string"
+  type = string
 }
 variable "node_exporter_docker" {
-  type = "string"
+  type = string
 }
--- a/terraform/modules/dns/blockstream-space.tf
+++ b/terraform/modules/dns/blockstream-space.tf
@ -2,8 +2,8 @@ resource "google_dns_managed_zone" "blockstream-space" {
  name        = "blockstream-space"
  dns_name    = "blockstream.space."
  description = "A long time ago, in a galaxy far, far away... P.S. Don't edit directly in Gcloud, but rather in the Satellite API repo (Otherwise, things break and Chase gets really mad)."
-  project     = "${var.project}"
+  project     = var.project
-  count       = "${var.create_resources}"
+  count       = var.create_resources
  labels = {
    managed-by = "terraform"
@ -11,31 +11,32 @@ resource "google_dns_managed_zone" "blockstream-space" {
 }
 resource "google_dns_record_set" "a-satellite" {
-  name         = "${google_dns_managed_zone.blockstream-space.dns_name}"
+  name         = google_dns_managed_zone.blockstream-space[0].dns_name
-  managed_zone = "${google_dns_managed_zone.blockstream-space.name}"
+  managed_zone = google_dns_managed_zone.blockstream-space[0].name
  type         = "A"
  ttl          = 300
-  count        = "${var.create_resources}"
+  count        = var.create_resources
-  rrdatas = ["${var.satellite_lb}"]
+  rrdatas = [var.satellite_lb]
 }
 resource "google_dns_record_set" "a-satellite-api" {
-  name         = "api.${google_dns_managed_zone.blockstream-space.dns_name}"
+  name         = "api.${google_dns_managed_zone.blockstream-space[0].dns_name}"
-  managed_zone = "${google_dns_managed_zone.blockstream-space.name}"
+  managed_zone = google_dns_managed_zone.blockstream-space[0].name
  type         = "A"
  ttl          = 300
-  count        = "${var.create_resources}"
+  count        = var.create_resources
-  rrdatas = ["${var.satellite_api_lb}"]
+  rrdatas = [var.satellite_api_lb]
 }
 resource "google_dns_record_set" "a-satellite-api-staging" {
-  name         = "staging-api.${google_dns_managed_zone.blockstream-space.dns_name}"
+  name         = "staging-api.${google_dns_managed_zone.blockstream-space[0].dns_name}"
-  managed_zone = "${google_dns_managed_zone.blockstream-space.name}"
+  managed_zone = google_dns_managed_zone.blockstream-space[0].name
  type         = "A"
  ttl          = 300
-  count        = "${var.create_resources}"
+  count        = var.create_resources
-  rrdatas = ["${var.satellite_api_lb_staging}"]
+  rrdatas = [var.satellite_api_lb_staging]
 }
--- a/terraform/modules/dns/variables.tf
+++ b/terraform/modules/dns/variables.tf
@ -1,19 +1,20 @@
 variable "project" {
-  type = "string"
+  type = string
 }
 variable "satellite_lb" {
-  type = "string"
+  type = string
 }
 variable "satellite_api_lb" {
-  type = "string"
+  type = string
 }
 variable "satellite_api_lb_staging" {
-  type = "string"
+  type = string
 }
 variable "create_resources" {
-  type = "string"
+  type = string
 }
--- a/terraform/modules/prometheus/data.tf
+++ b/terraform/modules/prometheus/data.tf
@ -1,15 +1,16 @@
 data "google_compute_network" "default" {
  name = "default"
  project = var.project
 }
 data "template_file" "prometheus" {
-  template = "${file("${path.module}/cloud-init/prometheus.yml")}"
+  template = file("${path.module}/cloud-init/prometheus.yml")
-  vars {
+  vars = {
-    prom_docker          = "${var.prom_docker}"
+    prom_docker          = var.prom_docker
-    node_exporter_docker = "${var.node_exporter_docker}"
+    node_exporter_docker = var.node_exporter_docker
-    retention            = "${var.retention}"
+    retention            = var.retention
-    opsgenie_key         = "${var.opsgenie_key}"
+    opsgenie_key         = var.opsgenie_key
  }
 }
@ -19,6 +20,7 @@ data "template_cloudinit_config" "prometheus" {
  part {
    content_type = "text/cloud-config"
-    content      = "${data.template_file.prometheus.rendered}"
+    content      = data.template_file.prometheus.rendered
  }
 }
--- a/terraform/modules/prometheus/firewall.tf
+++ b/terraform/modules/prometheus/firewall.tf
@ -1,8 +1,8 @@
 resource "google_compute_firewall" "all-traffic" {
  name    = "prometheus-${var.name}-all-traffic-access"
-  network = "${data.google_compute_network.default.self_link}"
+  network = data.google_compute_network.default.self_link
-  count = "${var.create_resources}"
+  count = var.create_resources
  allow {
    protocol = "tcp"
@ -12,6 +12,7 @@ resource "google_compute_firewall" "all-traffic" {
  source_ranges = ["${var.prom_allowed_source_ip}/32"]
  target_service_accounts = [
-    "${google_service_account.prometheus.email}",
+    google_service_account.prometheus[0].email,
  ]
 }
--- a/terraform/modules/prometheus/iam.tf
+++ b/terraform/modules/prometheus/iam.tf
@ -1,14 +1,15 @@
 resource "google_service_account" "prometheus" {
-  account_id   = "${var.name}"
+  account_id   = var.name
-  display_name = "${var.name}"
+  display_name = var.name
-  count = "${var.create_resources}"
+  count = var.create_resources
 }
 resource "google_project_iam_member" "prometheus" {
-  project = "${var.project}"
+  project = var.project
  role    = "roles/editor"
-  member  = "serviceAccount:${google_service_account.prometheus.email}"
+  member  = "serviceAccount:${google_service_account.prometheus[0].email}"
-  count = "${var.create_resources}"
+  count = var.create_resources
 }
--- a/terraform/modules/prometheus/main.tf
+++ b/terraform/modules/prometheus/main.tf
@ -1,47 +1,47 @@
 resource "google_compute_disk" "prometheus-data" {
  name    = "${var.name}-data-disk"
-  project = "${var.project}"
+  project = var.project
  type    = "pd-standard"
-  zone    = "${var.zone}"
+  zone    = var.zone
  size    = "50"
-  count   = "${var.create_resources}"
+  count   = var.create_resources
 }
 resource "google_compute_address" "prometheus-address" {
  name    = "${var.name}-address"
-  project = "${var.project}"
+  project = var.project
-  region  = "${var.region}"
+  region  = var.region
-  count   = "${var.create_resources}"
+  count   = var.create_resources
 }
 resource "google_compute_address" "prometheus-internal-address" {
  name         = "${var.name}-internal-address"
-  project      = "${var.project}"
+  project      = var.project
-  region       = "${var.region}"
+  region       = var.region
  address_type = "INTERNAL"
-  count        = "${var.create_resources}"
+  count        = var.create_resources
 }
 locals {
-  service_account = "${terraform.workspace == "misc" ? element(concat(google_service_account.prometheus.*.email, list("")), 0) : var.prom_service_acct}"
+  service_account = terraform.workspace == "misc" ? element(concat(google_service_account.prometheus.*.email, [""]), 0) : var.prom_service_acct
 }
 resource "google_compute_instance" "prometheus-server" {
-  name                      = "${var.name}"
+  name                      = var.name
-  machine_type              = "${var.instance_type}"
+  machine_type              = var.instance_type
-  zone                      = "${var.zone}"
+  zone                      = var.zone
-  project                   = "${var.project}"
+  project                   = var.project
  allow_stopping_for_update = true
-  count                     = "${var.create_resources}"
+  count                     = var.create_resources
-  labels {
+  labels = {
    type    = "prometheus"
-    name    = "${var.name}"
+    name    = var.name
-    network = "${var.network}"
+    network = var.network
  }
  service_account {
-    email = "${local.service_account}"
+    email = local.service_account
    scopes = [
      "https://www.googleapis.com/auth/compute.readonly",
@ -53,25 +53,32 @@ resource "google_compute_instance" "prometheus-server" {
  boot_disk {
    initialize_params {
      size  = "10"
-      image = "${var.boot_image}"
+      image = var.boot_image
    }
  }
  attached_disk {
-    source      = "${element(google_compute_disk.prometheus-data.*.name, count.index)}"
+    source      = element(google_compute_disk.prometheus-data.*.name, count.index)
    device_name = "data"
  }
  network_interface {
-    network    = "${data.google_compute_network.default.self_link}"
+    network = data.google_compute_network.default.self_link
-    network_ip = "${element(google_compute_address.prometheus-internal-address.*.address, count.index)}"
+    network_ip = element(
      google_compute_address.prometheus-internal-address.*.address,
      count.index,
    )
    access_config {
-      nat_ip = "${element(google_compute_address.prometheus-address.*.address, count.index)}"
+      nat_ip = element(
        google_compute_address.prometheus-address.*.address,
        count.index,
      )
    }
  }
-  metadata {
+  metadata = {
-    "user-data" = "${data.template_cloudinit_config.prometheus.rendered}"
+    user-data = data.template_cloudinit_config.prometheus.rendered
  }
 }
--- a/terraform/modules/prometheus/outputs.tf
+++ b/terraform/modules/prometheus/outputs.tf
@ -1,3 +1,4 @@
 output "prom_svc_acct" {
-  value = "${element(concat(google_service_account.prometheus.*.email, list("")), 0)}"
+  value = element(concat(google_service_account.prometheus.*.email, [""]), 0)
 }
--- a/terraform/modules/prometheus/variables.tf
+++ b/terraform/modules/prometheus/variables.tf
@ -1,58 +1,59 @@
 variable "boot_image" {
-  type    = "string"
+  type    = string
  default = "cos-cloud/cos-stable"
 }
 variable "network" {
-  type    = "string"
+  type    = string
  default = "default"
 }
 variable "retention" {
-  type    = "string"
+  type    = string
  default = "31d"
 }
 variable "project" {
-  type = "string"
+  type = string
 }
 variable "name" {
-  type = "string"
+  type = string
 }
 variable "region" {
-  type = "string"
+  type = string
 }
 variable "zone" {
-  type = "string"
+  type = string
 }
 variable "instance_type" {
-  type = "string"
+  type = string
 }
 variable "create_resources" {
-  type = "string"
+  type = string
 }
 variable "prom_service_acct" {
-  type = "string"
+  type = string
 }
 variable "prom_allowed_source_ip" {
-  type = "string"
+  type = string
 }
 variable "opsgenie_key" {
-  type = "string"
+  type = string
 }
 variable "prom_docker" {
-  type = "string"
+  type = string
 }
 variable "node_exporter_docker" {
-  type = "string"
+  type = string
 }
--- a/terraform/modules/tor/data.tf
+++ b/terraform/modules/tor/data.tf
@ -1,22 +1,22 @@
 data "google_compute_network" "default" {
  name = "default"
  project = var.project
 }
 data "template_file" "tor" {
-  template = "${file("${path.module}/cloud-init/tor.yaml")}"
+  template = file("${path.module}/cloud-init/tor.yaml")
-  vars {
+  vars = {
-    tor_lb  = "${var.tor_lb}"
+    tor_lb               = var.tor_lb
-    v3_host = "${var.onion_host}"
+    v3_host              = var.onion_host
-    v3_pk   = "${file("${path.module}/v3.pk")}"
+    v3_pk                = file("${path.module}/v3.pk")
-    v3_pubk = "${file("${path.module}/v3.pubk")}"
+    v3_pubk              = file("${path.module}/v3.pubk")
-
+    tor_docker           = var.tor_docker
-    tor_docker           = "${var.tor_docker}"
+    gcloud_docker        = var.gcloud_docker
-    gcloud_docker        = "${var.gcloud_docker}"
+    node_exporter_docker = var.node_exporter_docker
-    node_exporter_docker = "${var.node_exporter_docker}"
+    kms_key              = var.kms_key
-    kms_key              = "${var.kms_key}"
+    kms_key_ring         = var.kms_key_ring
-    kms_key_ring         = "${var.kms_key_ring}"
+    kms_location         = var.region
    kms_location         = "${var.region}"
  }
 }
@ -26,6 +26,7 @@ data "template_cloudinit_config" "tor" {
  part {
    content_type = "text/cloud-config"
-    content      = "${data.template_file.tor.rendered}"
+    content      = data.template_file.tor.rendered
  }
 }
--- a/terraform/modules/tor/firewall.tf
+++ b/terraform/modules/tor/firewall.tf
@ -1,8 +1,8 @@
 resource "google_compute_firewall" "tor-healthcheck" {
  name    = "${var.name}-healthcheck"
-  network = "${data.google_compute_network.default.self_link}"
+  network = data.google_compute_network.default.self_link
-  count = "${var.create_resources}"
+  count = var.create_resources
  allow {
    protocol = "tcp"
@ -12,15 +12,15 @@ resource "google_compute_firewall" "tor-healthcheck" {
  source_ranges = ["130.211.0.0/22", "35.191.0.0/16", "10.0.0.0/8"]
  target_service_accounts = [
-    "${google_service_account.tor.email}",
+    google_service_account.tor[0].email,
  ]
 }
 resource "google_compute_firewall" "prom-traffic" {
  name    = "${var.name}-prometheus-access"
-  network = "${data.google_compute_network.default.self_link}"
+  network = data.google_compute_network.default.self_link
-  count = "${var.create_resources}"
+  count = var.create_resources
  allow {
    protocol = "tcp"
@ -28,10 +28,11 @@ resource "google_compute_firewall" "prom-traffic" {
  }
  source_service_accounts = [
-    "${var.prom_service_acct}",
+    var.prom_service_acct,
  ]
  target_service_accounts = [
-    "${google_service_account.tor.email}",
+    google_service_account.tor[0].email,
  ]
 }
--- a/terraform/modules/tor/iam.tf
+++ b/terraform/modules/tor/iam.tf
@ -1,25 +1,26 @@
 resource "google_service_account" "tor" {
-  account_id   = "${var.name}"
+  account_id   = var.name
-  display_name = "${var.name}"
+  display_name = var.name
-  count = "${var.create_resources}"
+  count = var.create_resources
 }
 resource "google_project_iam_member" "tor" {
-  project = "${var.project}"
+  project = var.project
  role    = "roles/editor"
-  member  = "serviceAccount:${google_service_account.tor.email}"
+  member  = "serviceAccount:${google_service_account.tor[0].email}"
-  count = "${var.create_resources}"
+  count = var.create_resources
 }
 resource "google_kms_crypto_key_iam_binding" "crypto-key" {
-  crypto_key_id = "${var.kms_key_link}"
+  crypto_key_id = var.kms_key_link
  role          = "roles/cloudkms.cryptoKeyDecrypter"
-  count = "${var.create_resources}"
+  count = var.create_resources
  members = [
-    "serviceAccount:${google_service_account.tor.email}",
+    "serviceAccount:${google_service_account.tor[0].email}",
  ]
 }
--- a/terraform/modules/tor/main.tf
+++ b/terraform/modules/tor/main.tf
@ -3,7 +3,7 @@ resource "google_compute_health_check" "tor" {
  timeout_sec        = 5
  check_interval_sec = 10
-  count = "${var.create_resources}"
+  count = var.create_resources
  tcp_health_check {
    port = "9050"
@ -12,16 +12,16 @@ resource "google_compute_health_check" "tor" {
 resource "google_compute_region_instance_group_manager" "tor" {
  name     = "${var.name}-ig"
-  count    = "${var.create_resources}"
+  count    = var.create_resources
-  provider = "google-beta"
+  provider = google-beta
-  region             = "${var.region}"
+  region             = var.region
-  base_instance_name = "${var.name}"
+  base_instance_name = var.name
  target_size        = 1
  version {
    name              = "original"
-    instance_template = "${google_compute_instance_template.tor.self_link}"
+    instance_template = google_compute_instance_template.tor[0].self_link
  }
  update_policy {
@ -36,17 +36,17 @@ resource "google_compute_region_instance_group_manager" "tor" {
 resource "google_compute_instance_template" "tor" {
  name_prefix  = "${var.name}-template-"
  description  = "This template is used to create ${var.name} instances."
-  machine_type = "${var.instance_type}"
+  machine_type = var.instance_type
-  count        = "${var.create_resources}"
+  count        = var.create_resources
-  labels {
+  labels = {
    type    = "tor"
-    name    = "${var.name}"
+    name    = var.name
-    network = "${var.network}"
+    network = var.network
  }
  disk {
-    source_image = "${var.boot_image}"
+    source_image = var.boot_image
    boot         = true
    auto_delete  = true
    disk_type    = "pd-ssd"
@ -55,18 +55,19 @@ resource "google_compute_instance_template" "tor" {
  }
  network_interface {
-    network = "${data.google_compute_network.default.self_link}"
+    network = data.google_compute_network.default.self_link
-    access_config {}
+    access_config {
    }
  }
-  metadata {
+  metadata = {
    google-logging-enabled = "true"
-    "user-data"            = "${data.template_cloudinit_config.tor.rendered}"
+    user-data              = data.template_cloudinit_config.tor.rendered
  }
  service_account {
-    email = "${google_service_account.tor.email}"
+    email = google_service_account.tor[0].email
    scopes = [
      "https://www.googleapis.com/auth/cloudkms",
@ -79,3 +80,4 @@ resource "google_compute_instance_template" "tor" {
    create_before_destroy = true
  }
 }
--- a/terraform/modules/tor/variables.tf
+++ b/terraform/modules/tor/variables.tf
@ -1,70 +1,71 @@
 variable "boot_image" {
-  type    = "string"
+  type    = string
  default = "cos-cloud/cos-stable"
 }
 variable "region" {
-  type = "string"
+  type = string
 }
 variable "project" {
-  type = "string"
+  type = string
 }
 variable "name" {
-  type = "string"
+  type = string
 }
 variable "network" {
-  type    = "string"
+  type    = string
  default = "default"
 }
 variable "zone" {
-  type = "string"
+  type = string
 }
 variable "instance_type" {
-  type = "string"
+  type = string
 }
 variable "tor_lb" {
-  type = "string"
+  type = string
 }
 variable "onion_host" {
-  type = "string"
+  type = string
 }
 variable "create_resources" {
-  type = "string"
+  type = string
 }
 variable "prom_service_acct" {
-  type = "string"
+  type = string
 }
 variable "kms_key_link" {
-  type = "string"
+  type = string
 }
 variable "kms_key" {
-  type = "string"
+  type = string
 }
 variable "kms_key_ring" {
-  type    = "string"
+  type    = string
  default = ""
 }
 variable "tor_docker" {
-  type = "string"
+  type = string
 }
 variable "node_exporter_docker" {
-  type = "string"
+  type = string
 }
 variable "gcloud_docker" {
-  type = "string"
+  type = string
 }
--- a/terraform/network-tor.tf
+++ b/terraform/network-tor.tf
@ -1,31 +1,31 @@
 resource "google_compute_global_address" "tor-lb" {
  name    = "${var.name}-lb"
-  project = "${var.project}"
+  project = var.project
-  count   = "${local.create_misc}"
+  count   = local.create_misc
 }
 resource "google_compute_global_forwarding_rule" "tor-rule" {
  name        = "${var.name}-forwarding-rule"
-  target      = "${google_compute_target_http_proxy.tor-proxy.self_link}"
+  target      = google_compute_target_http_proxy.tor-proxy[0].self_link
  port_range  = "80"
  ip_protocol = "TCP"
-  ip_address  = "${google_compute_global_address.tor-lb.address}"
+  ip_address  = google_compute_global_address.tor-lb[0].address
-  count = "${local.create_misc}"
+  count = local.create_misc
 }
 resource "google_compute_target_http_proxy" "tor-proxy" {
  name    = "${var.name}-http-proxy"
-  url_map = "${google_compute_url_map.tor-proxy.self_link}"
+  url_map = google_compute_url_map.tor-proxy[0].self_link
-  count = "${local.create_misc}"
+  count = local.create_misc
 }
 resource "google_compute_url_map" "tor-proxy" {
  name            = "${var.name}-urlmap"
-  default_service = "${google_compute_backend_bucket.tor_deadhole_backend.self_link}"
+  default_service = google_compute_backend_bucket.tor_deadhole_backend[0].self_link
-  count = "${local.create_misc}"
+  count = local.create_misc
  host_rule {
    hosts        = ["*"]
@ -34,43 +34,43 @@ resource "google_compute_url_map" "tor-proxy" {
  path_matcher {
    name            = "deadpaths"
-    default_service = "${google_compute_backend_bucket.tor_deadhole_backend.self_link}"
+    default_service = google_compute_backend_bucket.tor_deadhole_backend[0].self_link
    path_rule {
      paths   = ["/*"]
-      service = "${google_compute_backend_bucket.tor_deadhole_backend.self_link}"
+      service = google_compute_backend_bucket.tor_deadhole_backend[0].self_link
    }
  }
  host_rule {
-    hosts        = ["${var.onion_host}"]
+    hosts        = [var.onion_host]
    path_matcher = "allpaths"
  }
  path_matcher {
    name            = "allpaths"
-    default_service = "${data.terraform_remote_state.blc-mainnet.blc_backend_service_mainnet}"
+    default_service = data.terraform_remote_state.blc-mainnet.outputs.blc_backend_service_mainnet
    path_rule {
      paths   = ["/*"]
-      service = "${data.terraform_remote_state.blc-mainnet.blc_backend_service_mainnet}"
+      service = data.terraform_remote_state.blc-mainnet.outputs.blc_backend_service_mainnet
    }
    path_rule {
      paths   = ["/testnet", "/testnet/*"]
-      service = "${data.terraform_remote_state.blc-testnet.blc_backend_service_testnet}"
+      service = data.terraform_remote_state.blc-testnet.outputs.blc_backend_service_testnet
    }
  }
  test {
-    service = "${data.terraform_remote_state.blc-mainnet.blc_backend_service_mainnet}"
+    service = data.terraform_remote_state.blc-mainnet.outputs.blc_backend_service_mainnet
-    host    = "${var.onion_host}"
+    host    = var.onion_host
    path    = "/queue.html"
  }
  test {
-    service = "${google_compute_backend_bucket.tor_deadhole_backend.self_link}"
+    service = google_compute_backend_bucket.tor_deadhole_backend[0].self_link
-    host    = "${google_compute_global_address.tor-lb.address}"
+    host    = google_compute_global_address.tor-lb[0].address
    path    = "/*"
  }
 }
@ -78,15 +78,16 @@ resource "google_compute_url_map" "tor-proxy" {
 resource "google_compute_backend_bucket" "tor_deadhole_backend" {
  name        = "${var.name}-deadhole-backend-bucket"
  description = "Unmatched hosts end up in this deadhole"
-  bucket_name = "${google_storage_bucket.tor_deadhole.name}"
+  bucket_name = google_storage_bucket.tor_deadhole[0].name
  enable_cdn  = false
-  count = "${local.create_misc}"
+  count = local.create_misc
 }
 resource "google_storage_bucket" "tor_deadhole" {
  name     = "${var.name}-deadhole-bucket"
  location = "US"
-  count = "${local.create_misc}"
+  count = local.create_misc
 }
--- a/terraform/network.tf
+++ b/terraform/network.tf
@ -1,92 +1,93 @@
 # IP address
 resource "google_compute_global_address" "lb" {
  name    = "satellite-api-client-lb-${local.env}"
-  project = "${var.project}"
+  project = var.project
-  count   = "${local.create_mainnet}"
+  count   = local.create_mainnet
 }
 # Forwarding rules
 resource "google_compute_global_forwarding_rule" "rule-https" {
  name        = "satellite-api-https-forwarding-rule-${local.env}"
-  target      = "${google_compute_target_https_proxy.https-proxy.self_link}"
+  target      = google_compute_target_https_proxy.https-proxy[0].self_link
  port_range  = "443"
  ip_protocol = "TCP"
-  ip_address  = "${google_compute_global_address.lb.address}"
+  ip_address  = google_compute_global_address.lb[0].address
-  count       = "${local.create_mainnet}"
+  count       = local.create_mainnet
 }
 resource "google_compute_global_forwarding_rule" "rule-http" {
  name        = "satellite-api-http-forwarding-rule-${local.env}"
-  target      = "${google_compute_target_http_proxy.http-proxy.self_link}"
+  target      = google_compute_target_http_proxy.http-proxy[0].self_link
  port_range  = "80"
  ip_protocol = "TCP"
-  ip_address  = "${google_compute_global_address.lb.address}"
+  ip_address  = google_compute_global_address.lb[0].address
-  count       = "${local.create_mainnet}"
+  count       = local.create_mainnet
 }
 # Target proxies
 resource "google_compute_target_http_proxy" "http-proxy" {
  name    = "satellite-api-http-proxy-${local.env}"
-  url_map = "${google_compute_url_map.http.self_link}"
+  url_map = google_compute_url_map.http[0].self_link
-  count   = "${local.create_mainnet}"
+  count   = local.create_mainnet
 }
 resource "google_compute_target_https_proxy" "https-proxy" {
  name             = "satellite-api-https-proxy-${local.env}"
-  url_map          = "${google_compute_url_map.https.self_link}"
+  url_map          = google_compute_url_map.https[0].self_link
-  ssl_certificates = ["${var.ssl_cert}"]
+  ssl_certificates = var.ssl_cert
-  count            = "${local.create_mainnet}"
+  count            = local.create_mainnet
 }
 # URL maps
 resource "google_compute_url_map" "http" {
  name            = "satellite-api-http-urlmap-${local.env}"
-  default_service = "${data.terraform_remote_state.blc-mainnet.blc_backend_service_mainnet}"
+  default_service = data.terraform_remote_state.blc-mainnet.outputs.blc_backend_service_mainnet
-  count           = "${local.create_mainnet}"
+  count           = local.create_mainnet
  host_rule {
-    hosts        = ["${var.host}"]
+    hosts        = var.host
    path_matcher = "allpaths"
  }
  path_matcher {
    name            = "allpaths"
-    default_service = "${data.terraform_remote_state.blc-mainnet.blc_backend_service_mainnet}"
+    default_service = data.terraform_remote_state.blc-mainnet.outputs.blc_backend_service_mainnet
    path_rule {
      paths   = ["/*"]
-      service = "${data.terraform_remote_state.blc-mainnet.blc_backend_service_mainnet}"
+      service = data.terraform_remote_state.blc-mainnet.outputs.blc_backend_service_mainnet
    }
    path_rule {
      paths   = ["/testnet", "/testnet/*", "/api", "/api/*"]
-      service = "${data.terraform_remote_state.blc-testnet.blc_backend_service_testnet}"
+      service = data.terraform_remote_state.blc-testnet.outputs.blc_backend_service_testnet
    }
  }
 }
 resource "google_compute_url_map" "https" {
  name            = "satellite-api-https-urlmap-${local.env}"
-  default_service = "${data.terraform_remote_state.blc-mainnet.blc_backend_service_mainnet}"
+  default_service = data.terraform_remote_state.blc-mainnet.outputs.blc_backend_service_mainnet
-  count           = "${local.create_mainnet}"
+  count           = local.create_mainnet
  host_rule {
-    hosts        = ["${var.host}"]
+    hosts        = var.host
    path_matcher = "allpaths"
  }
  path_matcher {
    name            = "allpaths"
-    default_service = "${data.terraform_remote_state.blc-mainnet.blc_backend_service_mainnet}"
+    default_service = data.terraform_remote_state.blc-mainnet.outputs.blc_backend_service_mainnet
    path_rule {
      paths   = ["/*"]
-      service = "${data.terraform_remote_state.blc-mainnet.blc_backend_service_mainnet}"
+      service = data.terraform_remote_state.blc-mainnet.outputs.blc_backend_service_mainnet
    }
    path_rule {
      paths   = ["/testnet", "/testnet/*", "/api", "/api/*"]
-      service = "${data.terraform_remote_state.blc-testnet.blc_backend_service_testnet}"
+      service = data.terraform_remote_state.blc-testnet.outputs.blc_backend_service_testnet
    }
  }
 }
--- a/terraform/outputs.tf
+++ b/terraform/outputs.tf
@ -1,12 +1,13 @@
 # Production only (tor)
 output "blc_backend_service_testnet" {
-  value = "${module.blc-testnet.backend_service}"
+  value = module.blc-testnet.backend_service
 }
 output "blc_backend_service_mainnet" {
-  value = "${module.blc-mainnet.backend_service}"
+  value = module.blc-mainnet.backend_service
 }
 output "prom_svc_acct" {
-  value = "${module.prometheus.prom_svc_acct}"
+  value = module.prometheus.prom_svc_acct
 }
--- a/terraform/variables.tf
+++ b/terraform/variables.tf
@ -6,28 +6,24 @@ locals {
      create_testnet = 0
      create_misc    = 0
    }
    "prod" = {
      env            = "prod"
      create_mainnet = 1
      create_testnet = 0
      create_misc    = 0
    }
    "testnet-staging" = {
      env            = "staging"
      create_mainnet = 0
      create_testnet = 1
      create_misc    = 0
    }
    "testnet-prod" = {
      env            = "prod"
      create_mainnet = 0
      create_testnet = 1
      create_misc    = 0
    }
    "misc" = {
      env            = ""
      create_mainnet = 0
@ -36,150 +32,151 @@ locals {
    }
  }
-  env            = "${lookup(local.context_variables[terraform.workspace], "env")}"
+  env            = local.context_variables[terraform.workspace]["env"]
-  create_mainnet = "${lookup(local.context_variables[terraform.workspace], "create_mainnet")}"
+  create_mainnet = local.context_variables[terraform.workspace]["create_mainnet"]
-  create_testnet = "${lookup(local.context_variables[terraform.workspace], "create_testnet")}"
+  create_testnet = local.context_variables[terraform.workspace]["create_testnet"]
-  create_misc    = "${lookup(local.context_variables[terraform.workspace], "create_misc")}"
+  create_misc    = local.context_variables[terraform.workspace]["create_misc"]
 }
 variable "project" {
-  type    = "string"
+  type    = string
  default = "satellite-api"
 }
 variable "name" {
-  type    = "string"
+  type    = string
  default = "satapi-tor"
 }
 variable "create_resources" {
-  type    = "string"
+  type    = string
  default = ""
 }
 variable "ssl_cert" {
-  type    = "list"
+  type    = list(string)
  default = ["", ""]
 }
 variable "rpcuser" {
-  type    = "string"
+  type    = string
  default = ""
 }
 variable "rpcpass" {
-  type    = "string"
+  type    = string
  default = ""
 }
 variable "host" {
-  type    = "list"
+  type    = list(string)
  default = ["", ""]
 }
 variable "space_host" {
-  type    = "string"
+  type    = string
  default = ""
 }
 variable "onion_host" {
-  type    = "string"
+  type    = string
  default = ""
 }
 variable "region" {
-  type    = "string"
+  type    = string
  default = ""
 }
 variable "zone" {
-  type    = "string"
+  type    = string
  default = ""
 }
 variable "instance_type" {
-  type    = "list"
+  type    = list(string)
  default = ["", "", ""]
 }
 variable "timeout" {
-  type    = "string"
+  type    = string
  default = 15
 }
 variable "prom_service_acct" {
-  type    = "string"
+  type    = string
  default = ""
 }
 variable "prom_allowed_source_ip" {
-  type    = "string"
+  type    = string
  default = ""
 }
 variable "opsgenie_key" {
-  type    = "string"
+  type    = string
  default = ""
 }
 variable "satellite_lb" {
-  type    = "string"
+  type    = string
  default = ""
 }
 variable "satellite_api_lb" {
-  type    = "string"
+  type    = string
  default = ""
 }
 variable "satellite_api_lb_staging" {
-  type    = "string"
+  type    = string
  default = ""
 }
 # Overwritten by CI
 variable "ionosphere_docker" {
-  type    = "string"
+  type    = string
  default = ""
 }
 variable "ionosphere_sse_docker" {
-  type    = "string"
+  type    = string
  default = ""
 }
 # Less frequently updated images
 variable "bitcoin_docker" {
-  type    = "string"
+  type    = string
  default = "blockstream/bitcoind@sha256:91ba0790a0080a99a529e73ef9b14e2d6cf0a30f81d54bfa3729bb47b105b36c"
 }
 variable "lightning_docker" {
-  type    = "string"
+  type    = string
  default = "blockstream/lightningd@sha256:b577dcb8d00ec4bc340884a26f5dfffb7be25dcc4ece48b7e465b3238944ec2c"
 }
 variable "charge_docker" {
-  type    = "string"
+  type    = string
  default = "blockstream/charged@sha256:0d49c1202b8b718b5a93f7e82509d3d724f9d18ff6c14376347f67866ac47ff8"
 }
 variable "tor_docker" {
-  type    = "string"
+  type    = string
  default = "blockstream/tor@sha256:f4d1373cde79fd79b467d2d6da88e37b0da137924bc10ae2d51a83c686c2c125"
 }
 variable "node_exporter_docker" {
-  type    = "string"
+  type    = string
  default = "prom/node-exporter@sha256:55302581333c43d540db0e144cf9e7735423117a733cdec27716d87254221086"
 }
 variable "prom_docker" {
-  type    = "string"
+  type    = string
  default = "blockstream/prometheus@sha256:cab8c2359ab187aa6c9e9c7fcfcc3060b62742417030a77862c747e091d3c6d6"
 }
 variable "gcloud_docker" {
-  type    = "string"
+  type    = string
  default = "google/cloud-sdk@sha256:78e68a98c5d6aa36eca45099bae38a1544a1688fd16b506fb914a29fdf6e4afa"
 }