Outputs
Outputs are a way to extract information from your modules and resources in order to make it available to other resources or scripts and for them to consume that value.
One of the most common use cases in Terraform for using outputs, is the ability to expose data from one module to another!
For example you may want to expose information from the module or root module, such as resource IDs, IP addresses,
or any other information that may be needed by other modules or to display after a Terraform apply has run.
In a project, outputs are typically stored in a file named outputs.tf - Keeping outputs in a dedicated file continues to
help maintain organization and clarity within your code.
Defining Outputs
Section titled “Defining Outputs”To define an output in Terraform, you use the output keyword followed by the name of the output and the value that you want to extract.
Here’s an example:
output "instance_ip" { value = aws_instance.example.public_ip}In this example, we define an output called instance_ip that extracts the public IP address of an AWS instance named
example.
Using Outputs
Section titled “Using Outputs”To use an output in your Terraform code, you reference it by name using the syntax module.<module_name>.<output_name> if
it’s an output from a module, or simply <output_name> if it’s defined in the current module. Here’s an example of how
you can use an output:
resource "aws_security_group_rule" "allow_ssh" { type = "ingress" from_port = 22 to_port = 22 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] security_group_id = module.example_sg.sg_id}In this example, we create an AWS security group rule that allows SSH traffic. We use an output called sg_id from a
module called example_sg to get the ID of the security group. This ID is then passed to the security_group_id parameter
of the aws_security_group_rule resource.
Sensitive Outputs
Section titled “Sensitive Outputs”Similar to Sensitive Inputs in the earlier module - Sensitive Outputs are designed to handle information, such
as passwords, API keys, or other confidential data, in a secure manner.
When an output is marked as sensitive, its value is masked in the Terraform CLI output and stored securely in the Terraform state, so it is not exposed in plain text.
Additionally, when using remote state backends, the sensitive output values can be encrypted, providing an extra layer of security (depending on your provider).
To define a sensitive output in Terraform, you can use the sensitive argument within the output block.
output "password" { value = "abcd1234" sensitive = true}Outputting Multiple Values
Section titled “Outputting Multiple Values”You can also define multiple outputs in a single Terraform module. For example:
output "public_subnet_ids" { value = aws_subnet.public.*.id}
output "private_subnet_ids" { value = aws_subnet.private.*.id}In this example, we define two outputs called public_subnet_ids and private_subnet_ids. Both outputs extract the IDs of AWS subnets, but public_subnet_ids extracts the IDs of public subnets, and private_subnet_ids extracts the IDs of private subnets.
Once an apply has run you will get an output in the console similar to this:
Apply complete! Resources: 4 added, 0 changed, 0 destroyed.
Outputs:
public_subnet_ids = [ "subnet-98765432100fedcba", "subnet-0fedcba9876543210"]
private_subnet_ids = [ "subnet-0123456789abcdef0", "subnet-0abcdef1234567890"]Conclusion
Section titled “Conclusion”Outputs are a powerful feature that allows you to extract information from your infrastructure as code and make it available to other resources or scripts.
You can use outputs to extract information such as IP addresses, resource IDs, or any other data that you need to access and make it usable across modules and from outside your Terraform code!