Terraform Variables
Terraform Variables: Best Practices and Use Cases
This guide covers the different types of variables in **Terraform**, their use cases, and best practices to manage them efficiently.
1. Overview of Terraform Variables
Variables in Terraform allow for the parameterization of configurations, making deployments more flexible and reusable.
Terraform supports three primary types of variables:
- **Input Variables (var)** – Define dynamic values for Terraform modules.
- **Environment Variables (TF_VAR_name)** – Pass values externally without modifying files.
- **Output Variables (output)** – Display key information after deployment.
2. Defining Input Variables
Input variables make Terraform configurations more dynamic and reusable.
Example of Variable Definition
Create a file named variables.tf:
variable "vpc_cidr" {
description = "CIDR block for the VPC"
type = string
default = "10.0.0.0/16"
}
Using Variables in Terraform Code
Use the defined variable in a Terraform resource:
resource "aws_vpc" "main" {
cidr_block = var.vpc_cidr
}
Passing Variables
Variables can be passed in multiple ways:
- **Using a .tfvars file:** Create terraform.tfvars with the following content:
vpc_cidr = "10.1.0.0/16"
Run Terraform with:
terraform apply -var-file=terraform.tfvars
- **Passing via CLI:**
terraform apply -var="vpc_cidr=10.2.0.0/16"
- **Using Environment Variables:**
export TF_VAR_vpc_cidr="10.3.0.0/16" terraform apply
3. Variable Types and Best Practices
Terraform supports different data types for variables:
String
variable "region" {
type = string
default = "us-east-1"
}
Number
variable "instance_count" {
type = number
default = 2
}
Boolean
variable "enable_logging" {
type = bool
default = true
}
List
variable "azs" {
type = list(string)
default = ["us-east-1a", "us-east-1b"]
}
Map
variable "instance_type_map" {
type = map(string)
default = {
dev = "t2.micro"
prod = "t3.medium"
}
}
Usage:
instance_type = var.instance_type_map[terraform.workspace]
Object
variable "vpc_config" {
type = object({
cidr_block = string
enable_dns_support = bool
})
default = {
cidr_block = "10.0.0.0/16"
enable_dns_support = true
}
}
4. Output Variables
Output variables provide visibility into infrastructure values after deployment.
Example of an Output Variable
output "vpc_id" {
value = aws_vpc.main.id
description = "The ID of the created VPC"
}
Retrieve outputs after running Terraform:
terraform output vpc_id
5. Best Practices for Terraform Variables
- **Use Type Constraints** – Define variable types explicitly for validation.
- **Separate Variables into Files** – Organize `variables.tf` and `terraform.tfvars` separately.
- **Use Default Values Sparingly** – Ensure flexibility by not over-relying on defaults.
- **Use Sensitive Variables for Secrets** – Mark sensitive data to prevent it from being exposed in logs:
variable "db_password" {
type = string
sensitive = true
}
- **Utilize Workspace-Specific Variables** – Adapt values based on workspaces (e.g., `dev`, `prod`).
- **Secure State Files** – Store state files securely in S3 with encryption and DynamoDB state locking.
This guide ensures **secure**, **scalable**, and **efficient** usage of Terraform variables to optimize infrastructure as code (IaC) deployments!