Terraform Variables
4 min readAug 9, 2022
Introduction
- Input variables
Assign variables when prompted using CLI
Override default value with -var argument
Override default value with environment variables
Assign with terraform.tfvars
Input variables — Assign with -var-file argument
Creating variables with .auto.tfvars
Input variables Complex constructors of type list
Variable type as map
Length and substring functions
Input variables Custom validation rules
Protect sensitive input variables
Variable definition Precedence
Terraform file functions - Output values
Terraform Outputs Sensitive values - Local values
Terraform Input variables
- It serve as parameter for terraform module Figure 1 and Figure 2
- Module to be customised without altering the module’s own source code
- Allow modules to be shared between different configurations
- Create a file name variables.tf and add this
Assign variables when prompted using CLI
- Just don’t add default in variable { }
Override default value with -var argument
- When we are executing plan and apply just add -var aws_region = “eu-central-1”
- And we can also do terraform plan-out v3plan.out and it will create a file and we don’t need to add -var argument again in terraform plan
Override default value with environment variables
- Example
- export TF_VAR_ec2_instance_count=1
- Unset TF_VAR_ec2_instance_count - This is the most preferred way for variables
Assign with terraform.tfvars
- Create terraform.tfvars
- It will override the all the variables file
- This is the second most preferred way
Input variables — Assign with -var-file argument
- For example lets’s say we have var1.tfvars file so we need to do
- Command:- terraform plan -var-file=“var1.tfvars”
Creating variables with .auto.tfvars
- It will be auto loaded during terraform plan and apply
- .auto.tfvars have more priority than terraform.tfvars
Input variables Complex constructors of type list
- For variable instance types
- When we have list want to get values from one of list value Figure 3 and Figure 4
Variable type as map
- This is how we can use maps in our EC2 instances Figure 5 and Figure 6
Length and substring functions
- Terraform console
- Interacting console for evaluating the expressions
- Length function
- Length of string, map and list
- Command:- length(“abc”) and it will give 3
- In map for one key value pair it will consider it as 1
- Substring function
- Example substr(“hello world”. Starting value, end value)
Input variables Custom validation rules
- Condition for pass and error
- https://brendanthompson.com/posts/2021/12/terraform-variable-validation
Protect sensitive input variables
- Add sensitive = true when any of the variable is having a sensitive information.
- And create secrets.tfvars file and add data in this.
- Terraform will raise an error if it find that this secret is assessable from anything
- Never check-in secrets.tfvars to git repository
- Terraform.state file is having all of the secrets so it’s really important to secure this.
Variable definition Precedence
- ***Important*** Environmental variables < terraform.tfvars file < terraform.tfvars.json < *.auto.tfvars < -var or -var-file
Terraform file functions
- Read content of file and return the string
- Eg file(abc.txt)
Terraform output values
- Return value of terraform. Modules
- A root module can use to print output in cli after running terraform apply
- A child module can use output to expose subset of it’s resource attributes to parent module
- When using remote state, root module outputs can be assessed by other configurations via a terraform_remote_state data source.
- Output types
- Depends on providers which will be argument or attribute references
- Attributes reference
- Argument reference
Terraform Outputs Sensitive values
- We can also see by terraform output / terraform output (name of output variable)
- Sensitive values
- Output { sensitive = true }
- But not very secure as terraform output (name of output variable) shows this information
- We can also do terraform output -json
Terraform local values
- DRY (Don’t repeat yourself) principal
- Local values assigns a name to expression, so we can use this name multiple times without repeating
- For replacing entire complex expressions
- If overused it will make confusions
- The ability to change the value in central place is the key advantage
