Variables & Inputs
Variables and Inputs are an essential part of any Terraform project, allowing you to pass in data and configuration settings to your infrastructure resources.
In this section we’ll explore how to use variables and inputs in Terraform, including how to define, set them, and how to use them in your resource configurations!
Defining Variables
Section titled “Defining Variables”Variables in Terraform are used to store and reference values that may change frequently, such as IP addresses or environment settings and allow us to define the parameterization of Terraform configurations.
They can have defaults, be provided with a variables file, asked for at execution, or overridden via the CLI. They can be strings or maps and must be defined before they’re used.
To define a variable, you can use the variable block in your Terraform configuration file, like this:
variable "region" { type = string default = "eu-west-2" description = "The region name to use for the deployment"}This defines a variable called region, which is of type string and has a default value of eu-west-2.
Using descriptions for variables helps describe the purpose of the variable and what type of value is expected.
If you don’t provide a default value - you must assign variables using the command line, when applying changes:
terraform apply -var = "region=eu-west-2"Sensitive Variables
Section titled “Sensitive Variables”It is important to be aware that Terraform stores sensitive values in plain text in the state file. Therefore, the sensitive setting is simply designed to obscure values from logs and CLI output.
Often you need to configure your infrastructure using sensitive or secret information such as usernames, passwords, API tokens, or Personally Identifiable Information (PII). When you do so, you need to ensure that you do not accidentally expose this data in CLI output, log output, or source control.
For secrets, external secrets stores such as AWS Secrets Manager, AWS Systems Manager Parameter Store or HashiCorp Vault should be used instead.
Below is an example of configuring a variable with the sensitive setting set:
variable "password" { type = string sensitive = true}Using Variables
Section titled “Using Variables”To use a variable, you can simply reference it using the
the interpolation syntax such as ${var.<name>}.
variable "ami_id" { type = string default = "ami-0c55b159cbfafe1f0"}
variable "instance_type" { type = string default = "t2.micro"}
resource "aws_instance" "web" { ami = var.ami_id instance_type = var.instance_type}Here we use the instance_type variable in our aws_instance resource.
.tfvars
Section titled “.tfvars”A .tfvars file is a convenient way to store input variable values outside of your Terraform code. Simply create a file with the extension .tfvars and define your variables:
ami_id = "ami-0c55b159cbfafe1f0"
instance_type = "t2.micro"Variables and their associated values can be collected in files and passed all at once using the -var-file=foo.tfvars
flag.
If a file named terraform.tfvars is present in the current directory, Terraform automatically loads it to populate
variables.
Conclusion
Section titled “Conclusion”Variables and Inputs are powerful tools that allow you to parameterize and customize your infrastructure resources. By using variables and inputs, you can create flexible and reusable Terraform projects that can be easily adapted to different environments and use cases.
Input variables allow you to pass values into your code, while map variables provide a way to define key-value pairs. Sensitive variables should be stored securely using the sensitive argument.
Finally, .tfvars files provide a convenient way to define input variable values outside your Terraform code.