Learn Terraform - Variables
- 1. Live Learn Terraform in 45 min By Brainboard’s team (Focus: Variables)
- 2. Objective of the training today ✅ Learn everything about Terraform variables and how to use them.
- 3. What you will learn 1. How variables works and their types 2. CLI & environment variables 3. Locals 4. How to use variables 5. Variables in CI/CD 6. Secrets 7. Best practices
- 4. Variables & locals Input: means variables It’s… a block 😀 variable <NAME> { # Block } Arguments type can be: 1/ string, number, bool. 2/ list, tuple, map, object, set. 3/ any 😀 👉 you can combine types default if present, the variable is optional description validation conditions to accept the variable sensitive hidden from logs & outputs nullable can be null or not? 💡Tips - Start with the simplest form possible and add constraints organically. - Use Terraform function - sensitive is also a Terraform function
- 6. Variables’ values Where do we put the values then? 1. In a file: - terraform.tfvars (terraform.tfvars.json) - *.auto.tfvars (*.auto.tfvars.json) 2. Command line “-var=’value_1’” 3. Environment variables TF_VAR_* 💡Tips - Avoid vars in command line if possible - Pick one method and use it, don’t mix - Usually *.tfvars is the best way 4. Internal variables: module.<NAME>.<OUTPUT> path.module count.index each in for_each
- 8. Variables in CI/CD Best practices: - Never put the values of variables in the *.tf - Never commit the *.tfvars to git - Using terraform.tfvars or *.auto.tfvars in your workflow is more useful for complex structures - Naming variables is extremely important variables.tf = containers of the variables vs *.tfvars that are real values
- 9. Locals local: is more like an alias to an expression (that may include variables) It’s… a block 😀 but a whole block locals { cidr = var.cidr } 💡Tips - Are extremely flexible compared to vars - Use it as an alias to access repeatedly the same expression - Central place for repeated expressions - Don’t confuse them with variables
- 10. Secrets Secrets should be treated as secrets: - Lifecycle - Fetched from an external source - Should be revoked easily - Blast radius of a secret - Secrets ≠ variables - It’s better to use a vault (Vault, KMS, Azure Key Vault…) - Use Terraform vault provider to use them
- 11. Join our Slack Community 🙋♂️🙋♀️ https://join.slack.com/t/brainboard-community/shared_invite/zt-19hmgmc92-MixDFmaADwxexAPSa5N~pg
- 12. Brainboard Visually build & manage cloud infrastructures.
Editor's Notes
- #2: Thanks everyone for joining us today. As usual we’ll be waiting for 5 min. Put music https://open.spotify.com/playlist/4idpO55zNoCMNTtuqP0rlB?si=56914a0f6fd94054&nd=1#login For future training, webinars and use cases, follow our LinkedIn page. CTA like the Linkedin page -> share the LinkedIn page: https://www.linkedin.com/company/brainboard-co
- #3: Especially in the CI/CD and automation in general but also cross environments It means we may have errors that we debug together, we may simulate errors to better understand how it works….
- #4: Explain the different topics quickly We’ll be taking questions regularly, so if you have any questions ask in the chat and the team will handle it
- #5: How variables are defined and used in the CI/CD pipeline: variables.tf vs *.tfvars To show case the different argument create a vpc + subnet + instance -> this is a real use case The purpose here is also to see the thinking process, start with the simplest form you can and add organically constraints Input = variables & locals Let’s start with variables as they slightly differ from locals Arguments, type: list(string) Map List of map or object list(object({ internal = number external = number protocol = string })) Map or map(string) If default and type are present, the default should be in the specified type. Show an example In validation you can use Terraform functions like. Show an example: length(var.toto) > 4 Sensitive: show an example of a resource containing a sensitive information sensitive in TF is week, it’s better to treat sensitive as secrets and hide them with your vault because if it’s part of the id it will be printed even if it’s sensitive Use random_pet Error messages
- #7: I know the value of my variable, so where do I put it’s value? tfvars: this is how tf passes vars in their cloud offering and this how bb also do it Show bb separation between variables.tf and variables.tfvars Space around = are not tolerated…. In command line vars TF_VAR_varname=”toto” difference between env vars and files is with env var there are no warnings or error messages
- #10: How variables are defined and used in the CI/CD pipeline: variables.tf vs *.tfvars To show case the different argument create a vpc + subnet + instance -> this is a real use case The purpose here is also to see the thinking process, start with the simplest form you can and add organically constraints Input = variables & locals Let’s start with variables as they slightly differ from locals Arguments, type: list(string) Map List of map or object list(object({ internal = number external = number protocol = string })) Map or map(string) If default and type are present, the default should be in the specified type. Show an example In validation you can use Terraform functions like. Show an example: length(var.toto) > 4 Sensitive: show an example of a resource containing a sensitive information sensitive in TF is week, it’s better to treat sensitive as secrets and hide them with your vault because if it’s part of the id it will be printed even if it’s sensitive Use random_pet Error messages
- #13: Quick introduction about what we are working on at Brainboard. Bidirectional way from code to design and vice versa.