Inject GitLab CI Variables into Terraform Variables

Question

I'm having a set of Terraform files and in particular one variables.tf file which sort of holds my variables like aws access key, aws access token etc. I want to now automate the resource creation on AWS using GitLab CI / CD.

My plan is the following:

1. Write a .gitlab-ci-yml file

2. Have the terraform calls in the .gitlab-ci.yml file

I know that I can have secret environment variables in GitLab, but I'm not sure how I can push those variables into my Terraform variables.tf file which looks like this now!

# AWS Config

variable "aws_access_key" {
  default = "YOUR_ADMIN_ACCESS_KEY"
}

variable "aws_secret_key" {
  default = "YOUR_ADMIN_SECRET_KEY"
}

variable "aws_region" {
  default = "us-west-2"
}

In my .gitlab-ci.yml, I have access to the secrets like this:

- 'AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}' 
- 'AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}' 
- 'AWS_DEFAULT_REGION=${AWS_DEFAULT_REGION}'

How can I pipe it to my Terraform scripts? Any ideas? I would need to read the secrets from GitLab's environment and pass it on to the Terraform scripts!

Answer 1

Which executor are you using for your GitLab runners?

You don't necessarily need to use the Docker executor but can use a runner installed on a bare-metal machine or in a VM.

If you install the gettext package on the respective machine/VM as well you can use the same method as I described in Referencing gitlab secrets in Terraform for the Docker executor.

Another possibility could be that you set

job:
    stage: ...
    variables: 
        TF_VAR_SECRET1: ${GITLAB_SECRET}

or

job:
    stage: ...
    script:
        - export TF_VAR_SECRET1=${GITLAB_SECRET}

in your CI job configuration and interpolate these. Please see Getting an Environment Variable in Terraform configuration? as well