Terraform: Difference between revisions

Latest revision as of 22:47, 19 January 2026

curl -fsSL https://apt.releases.hashicorp.com/gpg\
 | sudo tee /etc/apt/keyrings/hashicorp.asc >/dev/null

DISTRIBUTION=$(. /etc/os-release && echo "${VERSION_CODENAME}")
cat << SRC | sudo tee /etc/apt/sources.list.d/hashicorp.list >/dev/null
deb [arch=$(dpkg --print-architecture)\
 signed-by=/etc/apt/keyrings/hashicorp.asc]\
 https://apt.releases.hashicorp.com ${DISTRIBUTION} main
SRC

sudo apt update  && sudo apt list  --upgradeable
sudo apt upgrade && sudo apt install terraform
terraform version

Structure

sdlc/
├─ main.tf                   # Main Terraform config file
├─ variables.tf              # Variable declarations
├─ terraform.tfvars          # Variable assigned
├─ outputs.tf                # Output definitions
├─ provider.tf               # Provider-specific config
├─ terraform.tfstate         # Terraform state file
├─ terraform.tfstate.backup  # Terraform state backup file
├─ terraform.auto.tfvars     # User Sensitive Data
├─ dev.tf                    # Dev  Env config for development
├─ prod.tf                   # Prod Env config for production
├─ modules/                  # Directory for custom modules
│  ├─ module1/               # Custom module 1
│  │  ├─ main.tf             # Module-specific Terraform config
│  │  ├─ variables.tf        # Module-specific variables
│  │  └─ outputs.tf          # Module-specific outputs
│  └─ module2/               # Custom module 2
│     ├─ main.tf
│     ├─ variables.tf
│     └─ outputs.tf
├─ environments/             # Directory for env
│  ├─ dev/                   # Development env
│  │  ├─ main.tf             # Env specific Terraform config
│  │  ├─ variables.tf
│  │  └─ outputs.tf
│  └─ prod/                  # Production env
│     ├─ main.tf
│     ├─ variables.tf
│     └─ outputs.tf
├─ scripts/                  # Scripts or utility for IaC
└── README.md

Summary

Summary
`variables.tf` is essentially the variable declarations needed to make the module work. More specifically, the variables you want to be able to pass into the module for it to work the way you want it to. From a beginner's POV, the module in question is the root module. If you're unclear what I mean by this, this is the directory where you've got all your `.tf` files when you're first starting out, and where you also have your `terraform.tfvars` file. Once you get to the point that you're ready to write a separate module, then that module (in another dir) will itself have its own `variables.tf` file. So when you call the module, you will want to pass values to the variables named in the module's `variables.tf` file. Rephrasing:* `terraform.tfvars` contains bootstrap values that get passed to the root module's `variables.tf` file. When you call a module, you don't have access to a separate `terraform.tfvars` file, but you do expressly pass them when you call the module. Those variable names need to match the declared variables in the module's `variables.tf` file. If you set a variable in `terraform.tfvars` but it doesn't exist in `variables.tf`, you'll get a warning that the variable doesn't exist and is therefore ignored. Very briefly: A collection of `.tf` files in a single directory is a module If those `.tf` files exist in the root level directory of a stack (ie, where you cd to in order to run terraform), then you have the option of creating `terraform.tfvars`, rather than always editing values into `variables.tf` If those `.tf` files exist in a module other than the root level directory, you do not have the option of using `terraform.tfvars` in that directory `terraform.tfvars` should be considered your way of setting variables for your deployment; if you're still editing `variables.tf` for every one of your unique deployments, then your stack still needs work before you can consider it ready to be shared with others A bit murkier:* Naming the file `variables.tf` is merely a convention. You could call it `yourname.tf` and it'll still work just fine. Terraform will read all `.tf` files in the directory and treat the contents the same regardless of how the file is named. Murkier still:* There are other files along with `terraform.tfvars` that can be used, but just like `terraform.tfvars`, only used in the root module's directory. Those files follow a naming format of `.auto.tfvars` or `.auto.tfvars.json`. The former follow the same formatting rules as `terraform.tfvars`, whereas the latter need to follow standard JSON notation. A good example: Would be a file named `mypasswords.auto.tfvars` This allows you to have local password definitions that don't get checked into git/GitHub, whereas checking `terraform.tfvars` into the repo, while perhaps being too specific to your particular usage, won't end up compromising your deployments with an accidentally shared set of credentials. It could even contain a set of reasonable defaults that you and your team may want to change, depending on needs. Heck: You could create `deployment1.auto.tfvars` and completely ignore using `terraform.tfvars`, if that's how you want to roll. I should note that `variables.tf` can set default values (overridden by whatever you set in `terraform.tfvars`), as well as doing validation on what is passed to it. TL;DR `terraform.tfvars` is what you pass to your stack to make it meaningfully distinct from any other deployment. `variables.tf` declares the variable names that you need to pass to the stack.

Backend » HTTP

cat << HCL | tee -a ./backend.tf >/dev/null
terraform {
  backend "http" {
  }
}
HCL

terraform init -backend-config=./nexus.http.tfbackend


terraform init -backend-config=./gitlab.http.tfbackend
terraform init -backend-config=./gitlab.http.tfbackend -reconfigure
terraform init -backend-config=./gitlab.http.tfbackend -migrate-state

cat << HCL | tee -a ./gitlab.http.tfbackend >/dev/null
unlock_address = "https://gitlab.chorke.org/api/v4/projects/123/terraform/state/aws-chorke/unlock"
lock_address   = "https://gitlab.chorke.org/api/v4/projects/123/terraform/state/aws-chorke/lock"
address        = "https://gitlab.chorke.org/api/v4/projects/123/terraform/state/aws-chorke"
username       = "academia"
password       = "sadaqah!"
unlock_method  = DELETE
lock_method    = POST
retry_wait_min = 5
HCL

cat << HCL | tee -a ./nexus.http.tfbackend >/dev/null
unlock_address = "https://nexus.chorke.org/repository/terraform/chorke-sdlc/state/aws-chorke/unlock"
lock_address   = "https://nexus.chorke.org/repository/terraform/chorke-sdlc/state/aws-chorke/lock"
address        = "https://nexus.chorke.org/repository/terraform/chorke-sdlc/state/aws-chorke"
username       = "academia@chorke.org"
password       = "sadaqah!"
unlock_method  = DELETE
lock_method    = POST
retry_wait_min = 5
HCL

Playground

Playground
aws configure --profile academia aws configure help aws configure list aws configure	terraform fmt -diff -recursive -write=false terraform fmt -diff -recursive terraform fmt -check -recursive terraform plan -out=tfplan	terraform init terraform plan terraform apply terraform destroy
cat << INI \| tee -a ${HOME}/.aws/config >/dev/null [default] region = ap-southeast-1 output = table INI	cat << INI \| tee -a ${HOME}/.aws/credentials >/dev/null [academia] aws_access_key_id = AKIBVWTF7RISAULV8Q6Q aws_secret_access_key = w2JVkDIE9zRTIP/S4m7Mm4cWKlFEYlzg1iGzfCnj INI	cat << INI \| tee -a ${HOME}/.aws/config >/dev/null [profile academia] region = ap-southeast-1 output = json INI
export AWS_DEFAULT_PROFILE=academia export AWS_PROFILE=academia aws ec2 describe-vpcs aws s3 ls	cdktf init --template="python" –local --providers="aws@5.58.0" brew install cdktf	cat ~/.terraform.d/credentials.tfrc.json cat ~/.aws/credentials cat ~/.aws/config
terraform init -backend-config=./gitlab.http.tfbackend terraform init -backend-config=./nexus.http.tfbackend	terraform init -backend-config=./nexus.http.tfbackend \ -migrate-state	terraform init -backend-config=./nexus.http.tfbackend \ -reconfigure
cat <<-'HCL'\| terraform console format("Hello %s from %s", "Terraform", "env0") HCL	echo 'cidrhost("10.10.0.0/16", 1)'\|terraform console echo 'cidrhost("10.10.1.0/24", 1)'\|terraform console echo 'cidrhost("10.10.2.0/24", 1)'\|terraform console	echo 'cidrsubnet("10.10.0.0/16", 0, 0)'\|terraform console echo 'cidrsubnet("10.10.0.0/16", 8, 0)'\|terraform console echo 'cidrsubnet("10.10.0.0/16", 8, 1)'\|terraform console
echo 'cidrnetmask("10.10.0.0/16")'\|terraform console echo 'cidrnetmask("10.10.1.0/24")'\|terraform console echo 'cidrnetmask("10.10.2.0/24")'\|terraform console	echo 'cidrsubnets("10.10.0.0/16", 2, 2, 2, 2)'\|terraform console echo 'cidrsubnets("10.10.0.0/16", 4, 4, 4, 4)'\|terraform console echo 'cidrsubnets("10.10.1.0/16", 8, 8, 8, 8)'\|terraform console	terraform show

References

References
Terraform » reddit » `variable.tf` vs. `terraform.tfvars` Terraform » Adding Untracked Resources to TF State Terraform » Importing Existing Infrastructure Terraform » CLI Packages for Ubuntu Terraform » Input Variables Terraform » Output Values Terraform » Local Values Terraform » `.tfvars` Terraform » Jenkins Terraform » `fmt`	Terraform » Items to include in `.gitignore` Terraform » Resources » Behavior Terraform » Resources » Blocks Terraform » Creating Modules Terraform » `validate` Terraform » Resources Terraform » Language Terraform » `console` Terraform » `init` Terraform » `get`	Terraform » `.terraform.lock.hcl` excluded from `.gitignore` Terraform » TFState » Sonatype Nexus 3 Terraform » TFState » Sapcelift » GitLab Terraform » Sapcelift » `.gitignore` Terraform » `.terraformignore` Terraform » TFState » GitLab Terraform » `force-unlock` Terraform » Remote State Terraform » State Locking Terraform » `.gitignore`
Terraform » `terraform.tfvars` vs. `variable.tf` Terraform » `.gitignore` & `.terraformignore` Terraform » EL » Arithmetic & Logical Operators Terraform » EL » References to Named Values Terraform » Backend » `.terraformignore` Terraform » `.terraformignore` » Issues Terraform » Backend » Configuration Terraform » EL » Strings & Templates Terraform » EL » Types & Values Terraform » EL » Function Calls	Terraform » EL » Conditional Expressions Terraform » EL » Version Constraints Terraform » EL » Custom Conditions Terraform » EL » Type Constraints Terraform » EL » Dynamic Blocks Terraform » Tutorials » Library Terraform » Upgrade » v1.9 Terraform » Certifications Terraform » EL » Splat Terraform » EL » For	Terraform » Lang » IP » `cidrnetmask` Terraform » Lang » IP » `cidrsubnets` Terraform » Lang » IP » `cidrsubnet` Terraform » Lang » Built-in Functions Terraform » Lang » Hash » `bcrypt` Terraform » Lang » IP » `cidrhost` Terraform » Lang » Test » `Mocks` Terraform » Lang » Hash » `uuid` Terraform » Lang » `tostring` Terraform » Lang » Test
Terraform » Spacelift » AWS » CDKTF Terraform » Spacelift » Output Terraform » Functions » Guide Terraform » Console » Output Terraform » Spacelift » Test Terraform » CDK » Python
Terraform » Provider » azurerm Terraform » Provider » azuread Terraform » Provider » google Terraform » Provider » Linode Terraform » Provider » aws
Terraform » Module » azurerm Terraform » Module » eks
Google Cloud CLI Minikube AWS CLI Vagrant Kubectl Ansible Helm AWS K8s K9s	AWS » EKS » NodegroupAmiType AWS » EKS » Requirements AWS » EKS » Versions AWS » EKS » CLI AWS » EKS `ipcalc` Nexus CIDR HCL Git

Terraform: Difference between revisions

Latest revision as of 22:47, 19 January 2026

Contents

Structure

Summary

Backend » HTTP

Playground

References

Navigation menu

Terraform: Difference between revisions

Latest revision as of 22:47, 19 January 2026

Structure

Summary

Backend » HTTP

Playground

References

Navigation menu

Search