Introduction
Till now we have pretty much kept the code written pretty simple and straight forward. In the real world, it is hardly ever is. Similar to other languages terraform also provides different types of variables and they can be used in many different ways. In this blog, we will introduce various types of terraform variables and see how we can use them inside the terraform code.
The blog post is divided into the following sections
Table of contents
As you can see it makes a pretty long read. But it will be very helpful in your projects. The various ways of passing variables to terraform helps you manage
- What is source controlled/what is NOT!
- How are secrets managed?
- How is terraform code executed?
This blog entry creates the same infra-structure which was built in the previous blog post but uses variables to make it more reusable. Before we get started all the source code for this blog entry is available on Github.
Types of Input Variables
All variables start with the keyword variable. All the variables are in a file vars.tf. You can call the file whatever you want.
Simple Variables
A simple variable is like a key-value and can be declared as shown below.
type = string
default = "t2.micro"
description = "Type of AWS instance"
}
Let’s understand what it all means
- Line 1 – Declares the name of the variable – cw_instance_type. Pattern – variable “Variable_Name”
- Line 2 – Declares the type of variable. Optional.
- Line 3 – Declares the default value of the variable in case no other value is assigned.
- Line 4 – Provide a description of the variable. Optional.
Lists
type = list
default = ["XX.XX.XX.XX/32","YY.YY.YY.YY/32"]
description = "List of IP ranges for incoming traffic"
}
Let’s understand what it all means
- Line 1 – Declares the name of the variable – cw_instance_type. Pattern – variable “Variable_Name”
- Line 2 – Declares the type of variable. Optional.
- Line 3 – Declares the default list of values assigned in case no other list is assigned.
- Line 4 – Provide a description of the variable. Optional.
Maps
Maps are a set of key-value pairs. Similar to map data-structure in various languages. An often used example for maps is about selecting an AMI based on AWS regions. It allows us to understand map variables quite easily.
type = map
default = {
"eu-west-1": "ami-03122be15033aa7ec"
"eu-west-2": "ami-0fc841be1f929d7d1"
"us-east-1": "ami-00f6a0c18edb19300"
}
description = "Map of AMIs and regions"
}
Let’s understand what it all means
- Line 1 – Declares the name of the variable – cw_instance_type. Pattern – variable “Variable_Name”
- Line 2 – Declares the type of variable. Optional.
- Line 3 – Declares the default map of key-value pairs assigned in case no other maps is assigned.
- Line 4 – Provide a description of the variable. Optional.
Usage of variables
Let’s use these variables now in our terraform code.
For Security Groups – security_group.tf
name = "cw-blog-3-sg-using-terraform"
#Incoming traffic
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = var.cw_ingress_cidr_block # Variable added.
}
#Outgoing traffic
egress {
from_port = 0
protocol = "-1"
to_port = 0
cidr_blocks = ["0.0.0.0/0"]
}
}
As you can see above we have added variable for cidr_blocks in our configuration of security groups
For EC2 instance – instance.tf
ami = lookup(var.cw_ami, "eu-west-2") # Variable added.
instance_type = var.cw_instance_type # Variable added.
key_name = aws_key_pair.my_blog_key.key_name
security_groups = ["cw-blog-3-sg-using-terraform"]
}
As you can see above we have added two variables. One for ami and another for instance_type.
Line 2 – Uses a standard terraform function lookup to find the correct AMI for creating an EC2 instance.
We now have a better version of our code and most of the parameters are now stored as variables with default values. Awesome!. Not that hard!.
Till now we have focused on creating variables and providing them with default values. Which is quite good as it makes our code reusable. However, there is still one more issue to address. The code needs to be modified if any of the variables need to change their default values. The next three sections focus on addressing this issue specifically using different approaches. So, in a sense provide much-desired flexibility.
Variables via Command line
In case you want to change the default value. Variable values can be passed via command line at the time of apply using a very simple syntax. Below is an example,
The screenshot of the provisioned EC2 instance in the console is below.

Be sure you destroy your infrastructure after you are done.
Variables via Environment Variables
If you don’t like supplying variables via command line you can also set these as environment variables and then terraform will automatically picks them!! It is pretty simple just create environment variables similar to the variables in the script and prefix them with TF_VAR_ . So you can do something like this
terraform apply
The screenshot of the provisioned EC2 instance in the console is below.

Be sure you destroy your infrastructure after you are done.
Variable Definition files
Extending this logic to many variables makes it a bit difficult to handle. In case, you have many variables to initialise you can pass them all in a file. The file extension being .tfvars. For the purpose of this blog entry, the variables are defined in an example.tfvars
cw_ingress_cidr_block = ["aaa.ab.ab.cd/xx","bbb.bb.bb.cd/xx"]
You can use the following syntax to use the above variables file and override the defaults set for the variables.
The screenshot of the provisioned EC2 instance in the console is below.

Be sure you destroy your infrastructure after you are done.
Output Variables
Finally, coming to the last section of this post. Till now we have been talking about input variables. But this section talks about output variables. As the name suggests they output values. Simply speaking they help the code output information about a resource. The output can be simple be sent to console. In a more complex case the output of Terraform modules but more on that a few blogs later.
Here we will see how to output some information to the console. Here is a simple requirement, we want to know what is the public IP address of the EC2 instance which was created without having to log in to the AWS console. Well, you guessed it right – output variables. See below, the updated instance.tf with the output variable right at the end. Actually the last three lines!
ami = lookup(var.cw_ami, "eu-west-2") # Variable added.
instance_type = var.cw_instance_type # Variable added.
key_name = aws_key_pair.my_blog_key.key_name
security_groups = ["cw-blog-3-sg-using-terraform"]
}
output "cw-public-ip" {
value = aws_instance.blog4-ec2.public_ip
}
The output of the execution is show below and as you can see you do not need to goto the AWS console to get the IP address. It is shown at the end of the execution.

Variable Precedence
When there are so many ways of defining a variable it is only natural that we have precedence also defined because it is possible that the same variable is defined in more than one place. So keeping it simple this is the order
- Environment variables
- Variables in terraform.tfvars
- Variables in terraform.tfvars.json
- Variables stored in files with the following pattern *.auto.tfvars
- Variables stored in files with the following pattern *.auto.tfvars.json
- Variables via -var or -var-file option
This brings us to the end of a longish post on terraform variables. I hope you find this post useful in your terraform journey. If you like this post please do share the post.
2 thoughts on “Terraform – Variables”