Menu
When defining the aws provider in terraform,
provider "aws" {
access_key = "<AWS_ACCESS_KEY>"
secret_key = "<AWS_SECRET_KEY>"
region = "<AWS_REGION>"
}
I'd like to be able to just use the, already defined, system variables
AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY
Is there any way to have the tf files read environment variables? doing something like,
provider "aws" {
access_key = env.AWS_ACCESS_KEY_ID
secret_key = env.AWS_SECRET_KEY_ID
region = env.AWS_REGION
}
207
Terraform can directly access environment variables that are named using the pattern TF_VAR_ , for example TF_VAR_foo=bar will provide the value bar to the variable declared using variable "foo" {} .
Additionally, input variable values can also be set using Terraform environment variables. To do so, simply set the environment variable in the format TF_VAR_<variable name> . The variable name part of the format is the same as the variables declared in the variables.tf file.
Terraform refers to a number of environment variables to customize various aspects of its behavior. None of these environment variables are required when using Terraform, but they can be used to change some of Terraform's default behaviors in unusual situations, or to increase output verbosity for debugging.
Yes, can read environment variables in Terraform. There is a very specific way that this has to be done. You will need to make the environment variable a variable in terraform.
For example I want to pass in a super_secret_variable to terraform. I will need to create a variable for it in my terraform file.
variable "super_secret_variable" {
type = "string
}
Then based on convention I will have to prefix my environment variable with TF_VAR_ like this:
TF_VAR_super_secret_variable
Then terraform will automatically detect it and use it. Terraform processors variables based on a specific order that order is -var option, -var-file option, environment variable, then default values if defined in your tf file.
Alternative you can pass environment variables in through the CLI to set variables in terraform like so.
> terraform apply -var super_secret_variable=$super_secret_variable
This doesn't require that you prefix it so if they are something you can't change that may be your best course of action.
You can read more here in the docs.
145
You could just use bare provider like so:
provider "aws" {}
And make sure env vars available in your shell session:
$ export AWS_ACCESS_KEY_ID="your-key-id"
$ export AWS_SECRET_ACCESS_KEY="your-secret-key"
$ export AWS_DEFAULT_REGION="your-region"
Then, check if the above works:
terraform plan
If you satisfy the the plan, you might perform terraform apply to make the change.
For more details: https://www.terraform.io/docs/providers/aws/#environment-variables
33
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
