Variables are used to remove hardcoded config values from your Terraform scripts and can be placed in the same file as the script that you are executing or in a dedicated [variables.tf](http://variables.tf) file (best practice).
You can provide default values to the variables and override them through the CLI or environment variables if you placed the [variables.tf](http://variables.tf) in the root module.
variables.tf
You can declare a variable with the variable block inside a *.tf script or in a dedicated [variables.tf](http://variables.tf) file.
variable "vpc_cidr" {
type = string
default = "172.31.0.0/16"
}
And then use the variable in another file within the same module.
resource "aws_vpc" "main" {
cidr_block = var.vpc_cidr
instance_tenancy = "default"
}
Calling the terraform plan command will use the default value of the vpc_cidr variable.
variables terraform plan
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_vpc.main will be created
+ resource "aws_vpc" "main" {
+ arn = (known after apply)
+ cidr_block = "172.31.0.0/16"
+ default_network_acl_id = (known after apply)
+ default_route_table_id = (known after apply)
+ default_security_group_id = (known after apply)
+ dhcp_options_id = (known after apply)
+ enable_classiclink = (known after apply)
+ enable_classiclink_dns_support = (known after apply)
+ enable_dns_hostnames = (known after apply)
+ enable_dns_support = true
+ enable_network_address_usage_metrics = (known after apply)
+ id = (known after apply)
+ instance_tenancy = "default"
+ ipv6_association_id = (known after apply)
+ ipv6_cidr_block = (known after apply)
+ ipv6_cidr_block_network_border_group = (known after apply)
+ main_route_table_id = (known after apply)
+ owner_id = (known after apply)
+ tags_all = (known after apply)
}
Plan: 1 to add, 0 to change, 0 to destroy.
Overriding defaults
The value of the variable var.vpc_cidr can be overwritten with the environment or through the CLI.
Override with environment variables
All environment variable overrides need to match the pattern TF_VAR_<var_name> to override a variable.
export TF_VAR_vpc_cidr="0.0.0.0/16"
terraform plan
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_vpc.main will be created
+ resource "aws_vpc" "main" {
+ arn = (known after apply)
+ cidr_block = "0.0.0.0/16"
+ default_network_acl_id = (known after apply)
+ default_route_table_id = (known after apply)
+ default_security_group_id = (known after apply)
+ dhcp_options_id = (known after apply)
+ enable_classiclink = (known after apply)
+ enable_classiclink_dns_support = (known after apply)
+ enable_dns_hostnames = (known after apply)
+ enable_dns_support = true
+ enable_network_address_usage_metrics = (known after apply)
+ id = (known after apply)
+ instance_tenancy = "default"
+ ipv6_association_id = (known after apply)
+ ipv6_cidr_block = (known after apply)
+ ipv6_cidr_block_network_border_group = (known after apply)
+ main_route_table_id = (known after apply)
+ owner_id = (known after apply)
+ tags_all = (known after apply)
}
Plan: 1 to add, 0 to change, 0 to destroy.
Override with the CLI
Use the -var <var_name>="<value>" parameter to override a variable with the CLI.
terraform plan -var vpc_cidr="0.0.0.0/16"
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_vpc.main will be created
+ resource "aws_vpc" "main" {
+ arn = (known after apply)
+ cidr_block = "0.0.0.0/16"
+ default_network_acl_id = (known after apply)
+ default_route_table_id = (known after apply)
+ default_security_group_id = (known after apply)
+ dhcp_options_id = (known after apply)
+ enable_classiclink = (known after apply)
+ enable_classiclink_dns_support = (known after apply)
+ enable_dns_hostnames = (known after apply)
+ enable_dns_support = true
+ enable_network_address_usage_metrics = (known after apply)
+ id = (known after apply)
+ instance_tenancy = "default"
+ ipv6_association_id = (known after apply)
+ ipv6_cidr_block = (known after apply)
+ ipv6_cidr_block_network_border_group = (known after apply)
+ main_route_table_id = (known after apply)
+ owner_id = (known after apply)
+ tags_all = (known after apply)
}
Plan: 1 to add, 0 to change, 0 to destroy.
Top comments (2)
This one trips me up when I was learning terraform.
Now I know to add
TF_VAR_to the variables :DGreat series, Dennis!
Hey Jerry, happy that it was helpful for you. I also use the same
TF_VAR_PROFILEevery time and I just make a reverse search on the shell to export the value. That's really neat. :)