Your Terraform configuration to this point functions as intended and creates resources in your Azure account. However, hardcoding values in your configuration is not a long term pattern for success. In this tutorial, you will declare and define your infrastructure with input variables. Input variables ensure your configuration can be read, changed, and reused easily by declaring and defining variables that Terraform uses in your plan, apply, and destroy operations.
For the complete configuration, clone this GitHub repository
»Define your variables
In your learn-terraform-azure
directory, create a new file called variables.tf
. Copy and paste the variable declarations below.
variable "location" {}
variable "prefix" {
type = string
default = "my"
}
variable "tags" {
type = map
default = {
Environment = "Terraform GS"
Dept = "Engineering"
}
}
variable "sku" {
default = {
westus2 = "16.04-LTS"
eastus = "18.04-LTS"
}
}
The declarations define four new variables within your Terraform configuration, three of which are required. The location
has empty brackets, which tells you that the variable is required and the type of the variable will be determined by the input value.
Your original configuration used two variables declared in main.tf
. The variables admin_username
and admin_password
define the type and a contextual description that is displayed when Terraform requests input. You can declare variables in any terraform configuration file.
»Assign values to your variables.
Terraform can populate variables using values from a file. For all files which match terraform.tfvars
or *.auto.tfvars
present in the
current directory, Terraform automatically loads them to populate variables.
To persist variable values, create a file named terraform.tfvars
and copy and paste the values below.
location = "westus2"
prefix = "tf"
Save this file.
»Update your Terraform configuration with your variables
A map value is a lookup table of string name = value pairs. We are going to use a map variable to specify tags for the resources we create in Azure. Resource tags store metadata for the resource. The variables.tf
contains two maps, one for tags, and one for sku.
variable "tags" {
type = map
default = {
Environment = "Terraform GS"
Dept = "Engineering"
}
}
variable "sku" {
default = {
westus2 = "16.04-LTS"
eastus = "18.04-LTS"
}
}
A variable can have a map
type assigned explicitly, or it can be implicitly
declared as a map by specifying a default value that is a map. The above
demonstrates both.
A map is a collection of string values grouped together. When it is necessary to group different kinds of values, for example strings, bool values, and/or numbers, you will need to use an object type.
Let us imagine that you have a need to vary the virtual machine sku based on the region where the vm will be created. Modify the virtual machine block as follows:
storage_image_reference {
publisher = "Canonical"
offer = "UbuntuServer"
sku = lookup(var.sku, var.location)
version = "latest"
}
This introduces a built-in function call. The
lookup
function does a dynamic lookup in a map for a key. The
key is var.location
, which specifies that the value of the location
variable is the key to look up the corresponding sku.
»Assign sensitive variables in the command line
The best practice for assigning sensitive variables is to make sure your usernames and passwords are secure.
If you do not assign a value to your admin_username
or admin_password
variables, Terraform will prompt you each time you run a state-changing operation. To avoid being prompted for each variable, use the -var
flag to assign sensitive values to your variables.
Run your apply job with the -var
flag to assign values to your admin_username
and admin_password
variables.
$ terraform apply -var 'admin_username=plankton' -var 'admin_password=Password1234!'
You should never save passwords, certificates, connection strings, etc. in version control. When checking in your Terraform configurations to VCS, remove the sensitive strings before committing.
»Destroy your configuration
The terraform destroy
command destroys the resources from your current state file.
$ terraform destroy
Terraform will generate a destruction plan. You will be prompted to approve the action. Type yes
and Terraform will destroy your infrastructure.