Explaining Terraform Input Variables

The aim of this page📝 is explaining working with input type of variables in Terraform configuration.

Before goint into input, note that there are three types of variables in Terraform. The two last are briefly described at the end of the doc.

1. input — like function parameters that must be submitted during runtime, often referred from environment variables, Consul, other modules, etc.
2. output — like function return values
3. locals — like function’s temporary local variables

input variables are parameters used to pass information to Terraform at runtime

• passing info at runtime ==> when you are generating a plan
• the variables are defined inside the configuration, but can refer to other enviromnents
• values are supplied when plan is executed

input variable block starts with variable block followed by a single lable

• also https://github.com/pkutaj/kb/blob/master/terraform/TF1-02.09-Terraform-Config-Files-and-Object-Types.md#3-datasources-obtaining-data-about-services-such-as-available-amis-or-information-about-azs

<!-- SYNTAX -->
variable <name_label> {
    # optional! 
    <argument_name>:<argument_value>
}

• The block can be empty — and that’s acceptable.
• To refer to the variable, use the syntax var.<name_label>

<!-- EXAMPLE -->
var.aws_region

• You can use 6 arguments for a variable block

type

• define data type, provide level of error checking — if mismatch, terraform throws error

variable "aws_region" {
  type = string
  description = "Region to use for AWS resources"
  default = "us-east-1"
}

description

• purpose behind input variable
• included in error message
• gives context when creating modules

default

• all input variables needs to have a value submitted at runtime.
• default is used if no value's submitted.
• Otherwise, you’re prompted at command line to supply a value.
• Therefore, default makes submitting a value optional
• e.g. I can have aws_access_key_custom set in environment variables, but terraform goes ahead even if I don't

variable aws_access_key_custom {
    default = ""
}

sensitive

• Limits Terraform UI output when the variable is used in configuration.
• if true, value of variable is not included in terminal/output
• useful for secret handling

validation

• A block to define validation rules, usually in addition to type constraints.

nullable

• Specify if the variable can be null within the module.

let’s use the example of input using the environment variable passed into the config (main.tf)

##################################################################################
# PROVIDERS
##################################################################################

provider "aws" {
  access_key = var.aws_access_key_mrp
  secret_key = var.aws_secret_key_mrp
  region     = "eu-central-1"
}

##################################################################################
# VARIABLES
##################################################################################

variable "aws_access_key_mrp" {}
variable "aws_secret_key_mrp" {}

• if aws_access_key_mrp is not defined as environment variable, you'll be prompted for the value at runtime
• therefore we may use default = "" argument, in which case the authentication will fail, but there would be no prompts

local values inside the configuration can be referenced throughout the config

• in other programming languages, locals are simply called variables
• the values for locals are not submitted directly from external inputs
• values can be computed based on input variables and internal references

output is data is returned by Terraform

• outputs are defined in the configuration
• the value of each output will depend on what it references within the configuration
• just like locals, outputs can be constructed from multiple elements

LINKS

• Input Variables — Configuration Language | Terraform | HashiCorp Developer