Environment Variables and Commands in Terraform

Terraform Commands you must know.

Photo by Markus Spiske on Unsplash

Environment variables are like parameters or arguments of a function with values. They can be defined in a separate file and used throughout our configuration. The purpose of this is that Terraform tool should have the same infrastructure provisioning values across environments and consistency across the environments.

In general, some variables are particular to Terraform, we can use these variables to adjust the configuration of Terraform from the terminal to suit what we want. Some of them include TF_LOG, TF_LOG_PATH, TF_INPUT, TF_VAR_name, TF_DATA_DIR, TF_WORKSPACE, TF_IN_AUTOMATION, TF_CLI_CONFIG_FILE, TF_IGNORE and many more. To pass values of variables, there are different ways to pass in variable values into our Terraform application, we can follow the pattern TF_VAR_variable_name convention to specify a value for an existing variable from our Terraform project.

For example, if we defined our variable called DB_PASSWORD as follows:

variable "DB_PASSWORD" {
    type = string
    description = 'Specify the password of the database.'
}

We can specify the value for our environment variables as shown in the example below in a terminal:

export TF_VAR_DB_PASSWORD='XXXXXXXXXXXXXX'

Also, we can declare the values of our variables in a file and then we can pass our credentials into Terraform execution using this file. Then, we can pass in environment variables into Terraform with terraform plan --var-file=credentials.tfvars.

###-----------------credentials.tfvars---------------------------
bucket_name="api_data_bucket"

One interesting thing about this file is that we can give this file any name and pass in secrets into Terraform. Our variable file would look like the following.

###-----------------variables.tf---------------------------
variable "bucket_name" {
  description = "The name of your s3 bucket name"
  type        = string
}

The next thing is to provide the configuration for our resources in the Terraform configuration files. For example in the main.tf file.

###-----------------main.tf------------------
resource "aws_s3_bucket" "bronze_data" {
  bucket = var.bucket_name

  tags = {
    Name        = "Data Lake Bronze Bucket"
    Environment = "Dev"
  }
}

With this, we have created the main.tf, variables.tf, and the credentials.tfvars for the variable values. One interesting thing about the environment variable file is we can give this file any name and pass in secrets into Terraform using the command below:

terraform plan - var-file=credentials.tfvars

The result for the execution is shown below, the value for the AWS S3 bucket name has been updated to the one specified in the credentials.tfvars.

Terraform used the selected providers to generate the following execution plan. Resource
actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # aws_s3_bucket.bronze_data will be created
  + resource "aws_s3_bucket" "bronze_data" {
      + acceleration_status         = (known after apply)
      + acl                         = (known after apply)
      + arn                         = (known after apply)
      + bucket                      = "api_data_bucket"
      + bucket_domain_name          = (known after apply)
      + bucket_prefix               = (known after apply)
      + bucket_regional_domain_name = (known after apply)
      + force_destroy               = false
      + hosted_zone_id              = (known after apply)
      + id                          = (known after apply)
      + object_lock_enabled         = (known after apply)
      + policy                      = (known after apply)
      + region                      = (known after apply)
      + request_payer               = (known after apply)
      + tags                        = {
          + "Environment" = "Dev"
          + "Name"        = "Data Lake Bronze Bucket"
        }
      + tags_all                    = {
          + "Environment" = "Dev"
          + "Name"        = "Data Lake Bronze Bucket"
        }
      + website_domain              = (known after apply)
      + website_endpoint            = (known after apply)
    }

Plan: 1 to add, 0 to change, 0 to destroy.

───────────────────────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take
exactly these actions if you run "terraform apply" now.

Terraform commands

The first important Terraform command is the terraform -help. Terraform has a built-in help system that we can use to access commands that we are not familiar with, it might also be of great help when we want to learn more about a particular Terraform command. We can get specific help for any specific command, we only need to use the -help option with the relevant subcommand. For example, to see help about the “state” subcommand you can run terraform state -help.

terraform -help

Knowing commands to use in situations is very important in Terraform product development. They help to develop faster and more intelligently. For example, we need terraform init to initialise our project and install all the necessary modules we would need in our project. Also, we can initialise our Terraform setup to start provisioning resources on AWS using the command below:

terraform init

Also, whenever we need to review the resources that Terraform is about to create. We can review our configuration and verify that the resources that Terraform will create will match our expectations. If it does not, then this is the best time to adjust it before we provision those resources. We can include the --var-file=dev.tfvars tag to pass in our environment variables in runtime but for a start, we might not need the --var-file tag. We can plan our infrastructure deployment with the command below.

terraform plan

The command above will list all the resources and actions that would be performed when you apply the infrastructure plan using terraform apply.

terraform plan --var-file=dev.tfvars

We can format our Terraform configuration in the standard style, by entering the following command. The command reformats and makes our Terraform code clean. Pass in the tag -recursive so that all the configuration files in the subdirectories are also formatted.

terraform fmt -recursive

Terraform validate is another important command we need to know. With terraform validate, we can check whether our configuration is valid, if it’s not then Terraform will let us know, and then we can fix it and move forward.

terraform validate

Now, we can apply the Terraform configuration by running the following command and then entering yes at the prompt.

terraform apply

We can pass in the environment variable files using the --var-file tag to pass in the values of the variables at runtime.

terraform apply --var-file=dev.tfvars

We can inform Terraform to auto-approve our configuration when using the terraform apply just like terraform destroy as well. These commands will not prompt us to type yes or no when we use the terraform apply or terraform destroy with the --auto-approve tag.

terraform apply --auto-approve

Very importantly, we will always make sure to tear down our resources each time we are done developing. We don’t want to leave resources we don’t need running in our development environment, we will shut them down if we don’t need them anymore.

terraform destroy --auto-approve

Conclusion

Using the .tfvars to pass environment variable values into our Terraform developments is scalable, it makes development and production deployments stable, reproducible and clean. Instead of passing multiple variable values from the terminal we can do this from the file and don't miss out on any variable on production deployment. Also, knowing all the Terraform commands provided in the post is gold, we can always use these commands to perform some ad-hoc operations. With these commands and our knowledge of environment variables, we are good to go, we can now start to provision cloud resources using Terraform.