Using Bash Environment Variables in Terraform

• Introduction
• Step-by-Step Guide
• Code Example
• Additional Notes
• Summary
• Conclusion
• References

This guide explains how to utilize environment variables within your Terraform projects. We'll cover setting environment variables, accessing them in your Terraform configurations, and using them within scripts executed by Terraform. Additionally, we'll address handling special characters and important considerations for security and variable scope.

1. Set environment variables in your shell:

   export TF_VAR_my_variable="value"

   Replace "value" with the desired value for your variable.

2. Access environment variables in Terraform:

   resource "example_resource" "example" {
     name = var.my_variable
   }

   Terraform automatically recognizes environment variables prefixed with TF_VAR_.

3. Use environment variables in scripts within Terraform:

   resource "null_resource" "example" {
     provisioner "local-exec" {
       command = "echo $TF_VAR_my_variable"
       environment = {
         CUSTOM_VAR = "another value"
       }
     }
   }

   • You can pass environment variables directly to scripts using $VAR_NAME.
   • The environment block within local-exec lets you set additional environment variables for the script.

4. Handle special characters and spaces:

   • When setting environment variables with spaces, use single quotes:

     export TF_VAR_my_variable='value with spaces'

   • In scripts, enclose variables in double quotes to handle spaces correctly:

     echo "$TF_VAR_my_variable"

5. Remember:

   • Environment variables are case-sensitive.
   • Terraform reads environment variables when it starts running. Changes made after Terraform starts won't be reflected.
   • Avoid storing sensitive information directly in environment variables. Consider using a secrets management solution.

The code demonstrates using environment variables in Terraform to configure an AWS EC2 instance. It sets environment variables for instance type and region, defines Terraform variables with defaults, and uses these variables in provider and resource configurations. A script within a null resource demonstrates accessing environment variables and a custom variable set within the script's environment. The example emphasizes handling potential spaces in environment variable values and using secure practices for sensitive information.

This example demonstrates how to use environment variables to configure a simple AWS EC2 instance.

1. Set environment variables:

export TF_VAR_instance_type="t2.micro"
export TF_VAR_aws_region="us-west-2"

2. Define your Terraform code:

# Variables with default values (can be overridden by environment variables)
variable "instance_type" {
  default = "t3.micro"
}

variable "aws_region" {
  default = "us-east-1"
}

# Provider configuration
provider "aws" {
  region = var.aws_region
}

# Resource definition
resource "aws_instance" "example" {
  ami           = "ami-0c55b31ad2299a701" # Replace with your desired AMI
  instance_type = var.instance_type

  tags = {
    Name = "Terraform Example Instance"
  }
}

# Output the public IP address of the instance
output "public_ip" {
  value = aws_instance.example.public_ip
}

3. Use environment variables in a script:

resource "null_resource" "startup_script" {
  provisioner "local-exec" {
    command = <<-EOT
      #!/bin/bash
      echo "Instance type: $TF_VAR_instance_type" > /tmp/instance_info.txt
      echo "Region: $TF_VAR_aws_region" >> /tmp/instance_info.txt
      echo "Custom variable: ${CUSTOM_VAR}" >> /tmp/instance_info.txt
    EOT
    environment = {
      CUSTOM_VAR = "This is a custom value"
    }
  }

  # Ensure this resource runs after the instance is created
  depends_on = [aws_instance.example]
}

Explanation:

• We define environment variables for instance_type and aws_region.
• The Terraform code uses these variables to configure the AWS provider and the EC2 instance.
• The local-exec provisioner demonstrates accessing environment variables within a script.
• We use double quotes around "$TF_VAR_instance_type" and "$TF_VAR_aws_region" in the script to handle potential spaces in the values.
• The environment block within local-exec sets an additional environment variable CUSTOM_VAR for the script.

Running the code:

1. Save the Terraform code as main.tf.
2. Run terraform init to initialize the working directory.
3. Run terraform apply to create the infrastructure.

This example shows how to leverage environment variables to customize your Terraform deployments. Remember to handle sensitive information securely and avoid storing it directly in environment variables.

• Best Practices:
  • Use .tfvars files or the command line to pass variables for better maintainability and version control, especially for non-sensitive values.
  • Use environment variables primarily for values that change frequently or are environment-specific (like development, staging, production).
• Alternatives for Sensitive Information:
  • Terraform Vault Integration: Store sensitive data in HashiCorp Vault and fetch it securely during Terraform runs.
  • AWS Secrets Manager, Azure Key Vault, GCP Secret Manager: Use cloud provider-specific secrets management services.
• Variable Scope:
  • Environment variables have global scope within a Terraform run.
  • Consider using local variables or modules to manage variable scope within your configuration.
• Debugging:
  • Use terraform output or terraform console to inspect the values of variables during your Terraform workflow.
• Advanced Usage:
  • You can use environment variables to dynamically configure Terraform backends, workspaces, and other settings. Refer to the Terraform documentation for more details.
• Security Considerations:
  • Be cautious about logging or displaying environment variables, as they might contain sensitive information.
  • Regularly rotate secrets and credentials stored in environment variables.
• Platform Differences:
  • The way environment variables are set and accessed might slightly differ across operating systems (Windows, Linux, macOS). Refer to your OS documentation for specific instructions.

This document outlines how to leverage environment variables within your Terraform projects.

Key Takeaways:

• Setting Variables: Define environment variables in your shell using the format export TF_VAR_your_variable="your_value".
• Accessing in Terraform: Terraform automatically recognizes and makes available any environment variable prefixed with TF_VAR_. Access these values within your Terraform code using var.your_variable.
• Using in Scripts: Pass environment variables directly to scripts invoked by Terraform using the standard $VAR_NAME syntax. The environment block within the local-exec provisioner allows defining additional environment variables specifically for that script.
• Handling Special Characters: Use single quotes when defining environment variables containing spaces. When referencing these variables within scripts, enclose them in double quotes.
• Important Considerations:
  • Environment variables are case-sensitive.
  • Terraform reads environment variables only once, at startup.
  • Avoid storing sensitive information directly in environment variables. Utilize a dedicated secrets management solution instead.

This comprehensive guide detailed how to effectively use environment variables within your Terraform projects. From setting and accessing them in configurations and scripts to handling special characters and security considerations, you now have the knowledge to leverage environment variables for dynamic and flexible deployments. Remember to prioritize security by avoiding storing sensitive information directly in environment variables and explore robust secrets management solutions for enhanced protection. By following the best practices outlined, you can streamline your Terraform workflows and enhance the security and maintainability of your infrastructure as code.

• shell - Quoting within $(command substitution) in Bash - Unix ... | Mar 6, 2014 ... In my Bash environment I use variables containing spaces, and I use these variables within command substitution. ... variables, can I just keep on ...
• How to use environmental variables in Terraform? - Stack Overflow | Mar 29, 2019 ... terraform doesn't get system environment variable as your way export PASS="passwordfoo". change in .env as below code and source it, ...
• Can shell variable name include a hyphen or dash (-)? - Unix ... | Oct 31, 2011 ... You can access a hyphenated variable using an indirect reference. $ env 'my-hyphenated-variable=hello' /bin/bash $ name='my-hyphenated- ...
• bash - How to insert Terraform variable in shell script - Stack Overflow | Feb 18, 2022 ... You can tell the local-exec provisioner to set environment variables when it launches the child program: provisioner "local-exec" { command ...
• How can I pass an environment variable to a script? - Unix & Linux ... | Jul 13, 2015 ... all shell scripts will understand the environment variables by default.... which shell are you using to run this? go and set env in the ...
• change terrafrom variables from bash script : r/Terraform | Posted by u/Next_Concert1122 - 7 votes and 19 comments
• How to provide the Terraform Cloud API token using an environment ... | Jul 17, 2019 ... This can be done with environment variables of the form TF_TOKEN_${sanitized_hostname} . For example for Terraform Cloud:
• Using variables within strings in local-exec provisioner - Terraform ... | I have the following null_resource: resource "null_resource" "kubespray" { provisioner "local-exec" { command = <<-EOT if [ ! -d ~/kubespray ]; then git clone https://github.com/kubernetes-sigs/kubespray.git ~/kubespray sudo apt-get autoremove -y sudo apt-get update sudo apt-get install python3-pip -y sudo -H pip3 install -r ~/kubespray/requirements.txt fi if [ -d ~/kubespray/inventory/$KI]; then mv ~/kubespray/inventory/$...
• Environment Variables | Terraform | HashiCorp Developer | Terraform refers to a number of environment variables to customize various aspects of its behavior. None of these environment variables are required when using ...