🐶
Terraform

Using Bash Environment Variables in Terraform

By Ondřej Dolanský on 01/01/2025

Learn how to leverage the power of Bash environment variables in your Terraform projects for dynamic and flexible configurations.

Using Bash Environment Variables in Terraform

Table of Contents

Introduction

This guide explains how to utilize environment variables within your Terraform projects. We'll cover setting environment variables, accessing them in your Terraform configurations, and using them within scripts executed by Terraform. Additionally, we'll address handling special characters and important considerations for security and variable scope.

Step-by-Step Guide

  1. Set environment variables in your shell:

    export TF_VAR_my_variable="value"

    Replace "value" with the desired value for your variable.

  2. Access environment variables in Terraform:

    resource "example_resource" "example" {
      name = var.my_variable
    }

    Terraform automatically recognizes environment variables prefixed with TF_VAR_.

  3. Use environment variables in scripts within Terraform:

    resource "null_resource" "example" {
      provisioner "local-exec" {
        command = "echo $TF_VAR_my_variable"
        environment = {
          CUSTOM_VAR = "another value"
        }
      }
    }
    • You can pass environment variables directly to scripts using $VAR_NAME.
    • The environment block within local-exec lets you set additional environment variables for the script.
  4. Handle special characters and spaces:

    • When setting environment variables with spaces, use single quotes:
      export TF_VAR_my_variable='value with spaces'
    • In scripts, enclose variables in double quotes to handle spaces correctly:
      echo "$TF_VAR_my_variable"
  5. Remember:

    • Environment variables are case-sensitive.
    • Terraform reads environment variables when it starts running. Changes made after Terraform starts won't be reflected.
    • Avoid storing sensitive information directly in environment variables. Consider using a secrets management solution.

Code Example

The code demonstrates using environment variables in Terraform to configure an AWS EC2 instance. It sets environment variables for instance type and region, defines Terraform variables with defaults, and uses these variables in provider and resource configurations. A script within a null resource demonstrates accessing environment variables and a custom variable set within the script's environment. The example emphasizes handling potential spaces in environment variable values and using secure practices for sensitive information.

This example demonstrates how to use environment variables to configure a simple AWS EC2 instance.

1. Set environment variables:

export TF_VAR_instance_type="t2.micro"
export TF_VAR_aws_region="us-west-2"

2. Define your Terraform code:

# Variables with default values (can be overridden by environment variables)
variable "instance_type" {
  default = "t3.micro"
}

variable "aws_region" {
  default = "us-east-1"
}

# Provider configuration
provider "aws" {
  region = var.aws_region
}

# Resource definition
resource "aws_instance" "example" {
  ami           = "ami-0c55b31ad2299a701" # Replace with your desired AMI
  instance_type = var.instance_type

  tags = {
    Name = "Terraform Example Instance"
  }
}

# Output the public IP address of the instance
output "public_ip" {
  value = aws_instance.example.public_ip
}

3. Use environment variables in a script:

resource "null_resource" "startup_script" {
  provisioner "local-exec" {
    command = <<-EOT
      #!/bin/bash
      echo "Instance type: $TF_VAR_instance_type" > /tmp/instance_info.txt
      echo "Region: $TF_VAR_aws_region" >> /tmp/instance_info.txt
      echo "Custom variable: ${CUSTOM_VAR}" >> /tmp/instance_info.txt
    EOT
    environment = {
      CUSTOM_VAR = "This is a custom value"
    }
  }

  # Ensure this resource runs after the instance is created
  depends_on = [aws_instance.example]
}

Explanation:

  • We define environment variables for instance_type and aws_region.
  • The Terraform code uses these variables to configure the AWS provider and the EC2 instance.
  • The local-exec provisioner demonstrates accessing environment variables within a script.
  • We use double quotes around "$TF_VAR_instance_type" and "$TF_VAR_aws_region" in the script to handle potential spaces in the values.
  • The environment block within local-exec sets an additional environment variable CUSTOM_VAR for the script.

Running the code:

  1. Save the Terraform code as main.tf.
  2. Run terraform init to initialize the working directory.
  3. Run terraform apply to create the infrastructure.

This example shows how to leverage environment variables to customize your Terraform deployments. Remember to handle sensitive information securely and avoid storing it directly in environment variables.

Additional Notes

  • Best Practices:
    • Use .tfvars files or the command line to pass variables for better maintainability and version control, especially for non-sensitive values.
    • Use environment variables primarily for values that change frequently or are environment-specific (like development, staging, production).
  • Alternatives for Sensitive Information:
    • Terraform Vault Integration: Store sensitive data in HashiCorp Vault and fetch it securely during Terraform runs.
    • AWS Secrets Manager, Azure Key Vault, GCP Secret Manager: Use cloud provider-specific secrets management services.
  • Variable Scope:
    • Environment variables have global scope within a Terraform run.
    • Consider using local variables or modules to manage variable scope within your configuration.
  • Debugging:
    • Use terraform output or terraform console to inspect the values of variables during your Terraform workflow.
  • Advanced Usage:
    • You can use environment variables to dynamically configure Terraform backends, workspaces, and other settings. Refer to the Terraform documentation for more details.
  • Security Considerations:
    • Be cautious about logging or displaying environment variables, as they might contain sensitive information.
    • Regularly rotate secrets and credentials stored in environment variables.
  • Platform Differences:
    • The way environment variables are set and accessed might slightly differ across operating systems (Windows, Linux, macOS). Refer to your OS documentation for specific instructions.

Summary

This document outlines how to leverage environment variables within your Terraform projects.

Key Takeaways:

  • Setting Variables: Define environment variables in your shell using the format export TF_VAR_your_variable="your_value".
  • Accessing in Terraform: Terraform automatically recognizes and makes available any environment variable prefixed with TF_VAR_. Access these values within your Terraform code using var.your_variable.
  • Using in Scripts: Pass environment variables directly to scripts invoked by Terraform using the standard $VAR_NAME syntax. The environment block within the local-exec provisioner allows defining additional environment variables specifically for that script.
  • Handling Special Characters: Use single quotes when defining environment variables containing spaces. When referencing these variables within scripts, enclose them in double quotes.
  • Important Considerations:
    • Environment variables are case-sensitive.
    • Terraform reads environment variables only once, at startup.
    • Avoid storing sensitive information directly in environment variables. Utilize a dedicated secrets management solution instead.

Conclusion

This comprehensive guide detailed how to effectively use environment variables within your Terraform projects. From setting and accessing them in configurations and scripts to handling special characters and security considerations, you now have the knowledge to leverage environment variables for dynamic and flexible deployments. Remember to prioritize security by avoiding storing sensitive information directly in environment variables and explore robust secrets management solutions for enhanced protection. By following the best practices outlined, you can streamline your Terraform workflows and enhance the security and maintainability of your infrastructure as code.

References

Were You Able to Follow the Instructions?

😍Love it!
😊Yes
😐Meh-gical
😞No
🤮Clickbait