# Variables in Terraform Some of the variables that we are going to use in our code could be very sensitive, for example credentials and access keys. There should not be gone into version control. Therefore, it is possible to fetch these variable values using an additional file named `terraform.tfvars`. When values are populating for variables, Terraform will fetch vaules for vairables from this file and pass them into the code. For example, let's again provision a simple EC2 instance, Create a file with the named `instance.tf`, ``` resource "aws_instance" "example" { ami = var.AMIS[var.AWS_REGION] instance_type = "t2.micro" } ``` In above code, Terraform is going to search for two variables, `AMIS` and `AWS_REGION`. Create a file with the named `provider.tf`, ``` provider "aws" { access_key = var.AWS_ACCESS_KEY secret_key = var.AWS_SECRET_KEY region = var.AWS_REGION } ``` As usual, this is going to initialize the aws provider for Terraform. It requires access key, secret key and region taken in from variables. Now, access key and secret key are sensitive and therefore we should preferably take these from a `terraform.tfvars`. Create a file named `terraform.tfvars`, ``` AWS_ACCESS_KEY= AWS_SECRET_KEY= ``` In above file I have stilled ignored specifying the region, which can be taken from the normal `vars.tf` file. Create a file named `vars.tf`, ``` variable "AWS_ACCESS_KEY" { } variable "AWS_SECRET_KEY" { } variable "AWS_REGION" { default = "eu-west-1" } variable "AMIS" { type = map(string) default = { us-east-1 = "ami-13be557e" us-west-2 = "ami-06b94666" eu-west-1 = "ami-0d729a60" } } ``` According to above file, `AWS_ACCESS_KEY` and `AWS_SECRET_KEY` will be fetched from `terraform.tfvars` since we haven't provided any value in there and rest of the variables works as usual. Initialize the provides, ``` $ terraform init ``` Inspect what's going to be deployed, ``` $ terraform plan Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # aws_instance.example will be created + resource "aws_instance" "example" { + ami = "ami-0d729a60" + arn = (known after apply) + associate_public_ip_address = (known after apply) + availability_zone = (known after apply) + cpu_core_count = (known after apply) + cpu_threads_per_core = (known after apply) + get_password_data = false + host_id = (known after apply) + id = (known after apply) + instance_initiated_shutdown_behavior = (known after apply) + instance_state = (known after apply) + instance_type = "t2.micro" + ipv6_address_count = (known after apply) + ipv6_addresses = (known after apply) + key_name = (known after apply) + outpost_arn = (known after apply) + password_data = (known after apply) + placement_group = (known after apply) + primary_network_interface_id = (known after apply) + private_dns = (known after apply) + private_ip = (known after apply) + public_dns = (known after apply) + public_ip = (known after apply) + secondary_private_ips = (known after apply) + security_groups = (known after apply) + source_dest_check = true + subnet_id = (known after apply) + tags_all = (known after apply) + tenancy = (known after apply) + vpc_security_group_ids = (known after apply) + ebs_block_device { + delete_on_termination = (known after apply) + device_name = (known after apply) + encrypted = (known after apply) + iops = (known after apply) + kms_key_id = (known after apply) + snapshot_id = (known after apply) + tags = (known after apply) + throughput = (known after apply) + volume_id = (known after apply) + volume_size = (known after apply) + volume_type = (known after apply) } + enclave_options { + enabled = (known after apply) } + ephemeral_block_device { + device_name = (known after apply) + no_device = (known after apply) + virtual_name = (known after apply) } + metadata_options { + http_endpoint = (known after apply) + http_put_response_hop_limit = (known after apply) + http_tokens = (known after apply) } + network_interface { + delete_on_termination = (known after apply) + device_index = (known after apply) + network_interface_id = (known after apply) } + root_block_device { + delete_on_termination = (known after apply) + device_name = (known after apply) + encrypted = (known after apply) + iops = (known after apply) + kms_key_id = (known after apply) + tags = (known after apply) + throughput = (known after apply) + volume_id = (known after apply) + volume_size = (known after apply) + volume_type = (known after apply) } } Plan: 1 to add, 0 to change, 0 to destroy. Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply" now. ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://isurus.gitbook.io/infrastructure-and-platform-notes/terraform-22/terraform-basics/04-terraform-variables.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.