Mappings can’t do complex expressions like looping over a resource for each item in some list in a variable
Or conjugating a bunch of variables together into value
Also conditionals on blocks within the cloud formation template
With jinja you can have an if block around parts of the thing you’re building so you only built them for example if the environment is prod or if some Boolean is true etc
So you can support a much wider set of use cases because of the flexibility
you can have one template for literally every time you want to make an S3 bucket that supports every possible S3 configuration just by passing in some runtime parameters
And that helps a lot if you establish standard conventions for runtime values that will be available like from an application manifest or CMDB
Even if it’s as simple as knowing every application has a name and environment that you can use in your resource naming across the board
Cool. I see how this could be very useful.
Before terraform was a well established thing I did this for azure ARM, we built a whole library of Ansible roles for every resource and you could just call the roles in a playbook to create all the resources you needed
Was used across hundreds of applications
and you used j2 to customize the azure infra based on where it was being deployed?
Based on a whole manifest, so like each application had a manifest that set things like it’s primary region it’s disaster recovery region for each environment
So every application had the same manifest schema and Ansible uses that schema to generate all of the values typically needed and make any other values available to the application team.
It meant you had a room of information available to you at runtime, and roles could support parameters like HA: bool
And then automatically give you multi-region infrastructure if you set it to true
Like we did this for sql server and azure cache for redis
So you the application team could set something like HA equals true if environment equals prod else false
And use the exact same code to deploy every environment
We could also do this in the role itself and give opinionated defaults you would expect for dev vs prod
