Managed Kubernetes now available in Open Beta. Test out the new service yourself at your Control Panel.
Managed Kubernetes now available in Open Beta. Test out the new service yourself at your Control Panel.
Variables in Terraform are a great way to define centrally controlled reusable values. The information in Terraform variables is saved independently from the deployment plans, which makes the values easy to read and edit from a single file.
In this guide, we’ll go over the types of available variables in Terraform, how to define them, and how to put them to use. You can use the general information about the variables as a quick cheat-sheet but the examples are a direct continuation to our Terraform beginners article. If you haven’t installed Terraform yet, follow the guide here to get started.
Need help with Terraform? Get a free consultation here!
Terraform supports a few different variable formats. Depending on the usage, the variables are generally divided into inputs and outputs.
The input variables are used to define values that configure your infrastructure. These values can be used again and again without having to remember their every occurrence in the event it needs to be updated.
Output variables, in contrast, are used to get information about the infrastructure after deployment. These can be useful for passing on information such as IP addresses for connecting to the server.
Input variables are usually defined by stating a name, type and a default value. However, the type and default values are not strictly necessary. Terraform can deduct the type of the variable from the default or input value.
Variables can be predetermined in a file or included in the command-line options. As such, the simplest variable is just a name while the type and value are selected based on the input.
variable "variable_name" {}
terraform apply -var variable_name="value"
The input variables, like the one above, use a couple of different types: strings, lists, maps, and boolean. Here are some examples of how each type are defined and used.
Strings mark a single value per structure and are commonly used to simplify and make complicated values more user-friendly. Below is an example of a string variable definition.
variable "template" { type = string default = "01000000-0000-4000-8000-000030080200" }
A string variable can then be used in resource plans. Surrounded by double quotes, string variables are a simple substitution such as the example underneath.
storage = var.template
Another type of Terraform variables lists. They work much like a numbered catalogue of values. Each value can be called by their corresponding index in the list. Here is an example of a list variable definition.
variable "users" { type = list default = ["root", "user1", "user2"] }
Lists can be used in the resource plans similarly to strings, but you’ll also need to denote the index of the value you are looking for.
username = var.users[0]
Maps are a collection of string keys and string values. These can be useful for selecting values based on predefined parameters such as the server configuration by the monthly price.
variable "plans" { type = map default = { "5USD" = "1xCPU-1GB" "10USD" = "1xCPU-2GB" "20USD" = "2xCPU-4GB" } }
You can access the right value by using the matching key. For example, the variable below would set the plan to "1xCPU-1GB".
plan = var.plans["5USD"]
The values matching their keys can also be used to look up information in other maps. For example, underneath is a shortlist of plans and their corresponding storage sizes.
variable "storage_sizes" { type = map default = { "1xCPU-1GB" = "25" "1xCPU-2GB" = "50" "2xCPU-4GB" = "80" } }
These can then be used to find the right storage size based on the monthly price as defined in the previous example.
size = lookup(var.storage_sizes, var.plans["5USD"])
The last of the available variable type is boolean. They give the option to employ simple true or false values. For example, you might wish to have a variable that decides when to generate the root user password on a new deployment.
variable "set_password" { default = false }
The above example boolean can be used similarly to a string variable by simply marking down the correct variable.
create_password = var.set_password
By default, the value is set to false in this example. However, you can overwrite the variable at deployment by assigning a different value in a command-line variable.
terraform apply -var set_password="true"
Output variables provide a convenient way to get useful information about your infrastructure. As you might have noticed, much of the server details are calculated at deployment and only become available afterwards. Using output variables you can extract any server-specific values including the calculated details.
Configuring output variables is really quite simple. All you need to do is define a name for the output and what value it should represent. For example, you could have Terraform show your server’s IP address after deployment with the output variable below.
output "public_ip" { value = upcloud_server.server_name.network_interface[0].ip_address }
Note that the place of the public network interface on the list of network interfaces depends on which the order the NICs are defined in the resources.
Terraform would then output the public IP address at the end of the apply command process. Alternatively, output variables can also be called on-demand using terraform output command. Next, continue on to set up a variable file for server configuration.
You should have a Terraform project with a basic plan already set up. If not, follow our getting started guide for Terraform to begin.
Go to your Terraform project directory.
cd ~/terraform/base
Terraform variables can be defined within the infrastructure plan but are recommended to be stored in their own variables file. All files in your Terraform directory using the .tf file format will be automatically loaded during operations.
Create a variables file, for example, variables.tf and open the file for edit.
Add the below variable declarations to the variables file. Replace the SSH key private file path and the public key with our own.
variable "private_key_path" { type = string default = "/home/user/.ssh/terraform_rsa" } variable "public_key" { type = string default = "ssh-rsa terraform_public_key" } variable "zones" { type = map default = { "amsterdam" = "nl-ams1" "london" = "uk-lon1" "frankfurt" = "de-fra1" "helsinki1" = "fi-hel1" "helsinki2" = "fi-hel2" "chicago" = "us-chi1" "sanjose" = "us-sjo1" "singapore" = "sg-sin1" } } variable "plans" { type = map default = { "5USD" = "1xCPU-1GB" "10USD" = "1xCPU-2GB" "20USD" = "2xCPU-4GB" } } variable "storage_sizes" { type = map default = { "1xCPU-1GB" = "25" "1xCPU-2GB" = "50" "2xCPU-4GB" = "80" } } variable "templates" { type = map default = { "ubuntu18" = "01000000-0000-4000-8000-000030080200" "centos7" = "01000000-0000-4000-8000-000050010300" "debian9" = "01000000-0000-4000-8000-000020040100" } } variable "set_password" { type = bool default = false } variable "users" { type = list default = ["root", "user1", "user2"] } variable "plan" { type = string default = "10USD" } variable "template" { type = string default = "ubuntu18" }
The above example is really just information storage. It uses the Terraform map variable for the most part which allows you to change the values to more human-readable.
Variables set in the file can be overridden at deployment. This allows you to reuse the variables file while still customising the configuration at deployment. For example, although set_password is false in the variables file, you could enable it on the command line.
terraform apply -var set_password="true"
In the same way, you could override the other variables as well.
The variables file as described in the previous section can easily be used across many configurations. However, if you need to make more than a couple of changes, it’s worth putting the customisation to a file too.
A variable definitions file uses the same basic syntax as Terraform language files but consists only of variable name assignments.
Terraform automatically loads a number of variable definitions files if named the following way:
Files named exactly terraform.tfvars or terraform.tfvars.json.
Any files with names ending in .auto.tfvars or .auto.tfvars.json.
Now, create a new file to define the custom variables called terraform.tfvars then add the following content.
set_password = "true" users = ["root", "admin"] plan = "20USD" templates = {"ubuntu20":"01000000-0000-4000-8000-000030080200", "centos8":"01000000-0000-4000-8000-000050010300"} template = "ubuntu20"
If you want to use JSON formatting instead, files with .tfvars.json ending are parsed as JSON objects. The root object properties correspond to variable names.
{ "set_password": "true", "users": ["root", "admin"], "plan": "20USD" "templates": {"ubuntu20":"01000000-0000-4000-8000-000030200200", "centos8":"01000000-0000-4000-8000-000050010400"}, "template": "ubuntu20" }
Next, continue on with the section below on how to put the variables in use.
The values defined in the variables.tf files can be used in the Terraform plans to avoid hard-coding parameters. The following example uses the highlighted variables to select the parameters for deploying a new cloud server.
Notice the two last variables set in variables.tf which are used as selectors to choose the server plan and OS template.
resource "upcloud_server" "server1" { # System hostname hostname = "terraform.example.com" # Availability zone zone = var.zones["amsterdam"] # Number of CPUs and memory in GB plan = var.plans[var.plan] template { # OS root disk size size = lookup(var.storage_sizes, var.plans[var.plan]) # Template UUID for Ubuntu 18.04 storage = var.templates[var.template] } network_interface { type = "public" } network_interface { type = "utility" } # Include at least one public SSH key login { user = var.users[0] create_password = var.set_password keys = [ var.public_key ] } connection { host = self.network_interface[0].ip_address type = "ssh" user = var.users[0] private_key = file(var.private_key_path) } }
Terraform variables are useful for defining server details without having to remember infrastructure specific values. They are similarly handy for reusing shared parameters like public SSH keys that do not change between configurations.
It is also important that the resource plans remain clear of personal details for security reasons. Using the variables, sensitive information such as private keys and usernames won’t get shared unintentionally.
Output variables provide a convenient way to get useful information about your infrastructure. As you might have noticed, much of the server details are calculated at deployment and only become available afterwards. Using output variables you can extract any server-specific values including the calculated details.
Configuring output variables is really quite simple. All you need to do is define a name for the output and what value it should correspond to. These can be included in your Terraform plan or in their own file.
Start by creating an output variables file called output.tf and open it for edit.
Add the following three variable definitions in the file to output the server’s IP addresses and hostname after deployment. Replace the server_name with the name of your Terraform host.
output "public_ip" { value = upcloud_server.server_name.network_interface[0].ip_address } output "utility_ip" { value = upcloud_server.server_name.network_interface[1].ip_address } output "hostname" { value = upcloud_server.server_name.hostname }
Save the file and test the output by deploying the server with the usual commands below.
terraform plan
terraform apply
upcloud_server.server1: Creation complete after 39s (ID: 00b784aa-15c1-44dc-8252-f4bad865f853) Apply complete! Resources: 1 added, 0 changed, 0 destroyed. Outputs: hostname = terraform.example.com private_ip = 10.5.4.82 public_ip = 94.237.45.221
The variables you defined will be shown at the end of the deployment like in the example above. However, you can also retrieve these at any time using the Terraform command. For example, to get the public IP address, you can use the example command below.
terraform output public_ip
94.237.45.221
The same way you could ask Terraform about any other output variables.
You can also set sensitive variables in your environment variables with the TF_VAR_ prefix avoiding the need to save them in a file. For example, set your password in your local environmental variables.
export TF_VAR_PASSWORD="password"
You’ll also need to declare the password variable in your variables.tf fie.
variable PASSWORD { default = "" }
The password variable is then usable in the Terraform resources.
provisioner "remote-exec" { inline = [ "useradd ${var.users[0]}", "echo '${var.users[0]}:${var.PASSWORD}' | chpasswd" ] }
When deployed, the remote execution provisioner will create a new user according to the users variable with the PASSWORD as set in the environmental variable.
Terraform variables provide many convenient uses for infrastructure management. Dividing your deployment plan and configuration parameters in their own files help to keep everything in order. However, that is just the general purpose of Terraform variables. Defining your infrastructure using variables is the first step towards the advanced features in Terraform.
Raj
How do I calculate the index of list variables automatically ? Like If i need to get all the user names without giving index numbers 0,1,2
Federico
Hello Janne. How do you manage the fact that the change of a value of a variable does not generate a change in the tfstate? (so, the output plan doesnt recognize a change in the infraestructure). Thanks in advance
Sandeep
hi Janne, created VM using terraform. Now want to create second VM using same code but by changing hostname varible, Size, etc for second VM. when i plan the code says it will delete existing VM, which is expected. how do i create second VM without deleting existing one? lets say i have to create 2 VMs everyday for different team/departments.
Second question is, how do i create multiple local users on windows server?
Martin
Hi Janne, is possible use a output as variable ? for example I make a VPC and I need srtorage the id vpc in varibale.
aditya
We’are using var. variable name from the resource file, is the “var” object ? or what
Devil Ahir
Hello Janne Ruostemaa,
I am using list type variable and I have more than one value in that list as a string but I want make default one from them how can I do that?
Thanks in Advance.
baileyguy
trying to find a way in terraform 11 to output all attributes for a variable.
balinder
How can I change /set value of a map variable’s item in main.tf file
for example I have following in my variable list
“`variable “appservice_as1” {
type = map(string)
default = {
“mysetting1” = “something”
“mysetting2” = “else”
}
}“`
and now I want to update appservice_as1 -> mysetting2 to some dynamic value from a created resource `azurerm_resource_group.mynewresourcerg.name`
Leonardo
Hello,
is it possible to share variables among different directories?
I’m explaining the scenario I’d like to have:
here is the folder tree:
cloudwatch/
vars.tf –> here i want to define all variables
service1/
alarms.tf –> here i want to use the variables
…………
service2/
alarms.tf –> here i want to use the variables too
With ${var.blabla} I have no reference of the variable, it should be something like ../${var.blabla} but I don’t know if it is possible, and the syntax.
Thanks in advance,
Leonardo
MarcT
I know it’s easy to override a value at commandline, like terraform plan -var private_key_path=”/a/different/path”
You’ve defined a list of users. How can I change that value on commandline (powershell)?
I’ve tried terraform plan -var users=[“root”]
fails. -var users='[“root”]’. fails. -var ‘users=[“root”]’ fails. -var=’users=[“root”]’ fails. I know I must have doublequotes around root.
I do know setting an environment variable works. but I don’t want to use that.
If I try overriding a list’s default value via commandline, I get variables not allowed.
Francisco
Hello. Nice article.
Got here looking for a way to define a vars file that feeds variables to a module. I’m trying to use an autovars file (specific to one of the environments say staging) to feed variables to the modules I use. But I don’t know if that is even possible. Do you know if that is possible?
Keerthana
That was an excellent article on Terraform Variables!
I want to store my password or some other sensitive information to my terraform variable file. How can I protect it from not been accessible to anyone else in my team. Do you have any other articles related to Terraform/CICD variables ?
your help would be appreciated. Thanks in advance !
Keerthana
Thank you very much for your prompt response !
I am loading few content to APIGEE organization using Terraform via Gitlab-CICD pipeline. What is the best way I can store my Access_Token and other credentials/ sensitive information?
your guidance would be appreciated ! Thanks in advance !
Sunny
Hi @Janne Ruostemaa,
How can i access the terraform output variables in jenkins pipeline job.
Damo
Does export TF_VAR_testvar=”test1″ value override testvar=”test2″ defined in variables.tfvars ? as I set this based on custom variable testvar value during my pipeline runtime. If not selected I would like to use the variables.tfvars by default. Please provide your suggestion.
Tom
Can I have an class- like variable that contains multiple fields. For example, instead of two strings – one each for resource_group_name and resource_group_location, I would like a resource group class resource_group that contains a name and location field.
shekhar
This is really nice post and very easy to use and understand.
Raos
Good article refer regarding terraform variables
I have a unique requirement that I have to assign list of strings from jenkins file to tfvars variable
I can hardcode the list to the variable but then the requirement has changed, list of strings will be dynamically generated from the jenkins which I have to assign it to tfvars variable.
something like this
az_list: [“az1″,”az2″,”az3”]
env.tfvars file
Availability_Zones : [“${var.az_list}”]
the above one is clearly not working, How can I go about this
Josh
I believe you are essentially telling TF to run this:
Availability_Zones: [” [“az1″,”az2″,”az3”]”]
Which i don’t believe is valid.
Try changing two things:
1. Remove the brackets from Availability_Zones;
2. Remove the “”s wrapping var.az_list, from Availability_Zones
Example:
env.tfvars:
az_list: [“az1″,”az2″,”az3”]
main.tf:
Availability_Zones: [var.az_list]
Hope that helps :)
Josh
1. Remove curly brackets and $ from Availability_Zones**
2. Remove “”s
Sorry that wasn’t clear, the example above illustrates exactly what I intended on advising :)