How to use Terraform output values?
In this article we are going to look on terraform output values. Terraform output values will be really useful when you want to debug your terraform code. Terraform output values can help you to print the attributes reference(arn, instance_state, outpost_arn, public_ip, public_dns etc) on your console.
The typical syntax of Terraform output values is -
Once you run your terraform apply
command, it is going to print Hello this is output
onto your console.
But there are more than just simply outputting static text values with terraform output variables. You can do a lot more.
Table of Content
- How to print the
public_ip
ofaws_instance
? - How to create
output.tf
for terraform output values? - How to prevent printing sensitive info on the console?
- Various use cases of output variables
- How do you output multiple values in Terraform?
- How to access the output variable in Terraform module?
- Explain terraform output command with example and how it is different from output variable?
- How to use Terraform output for resource with count?
- How to display sensitive inside output block using Terraform nonsensitive function?
- Conclusion
1. How to print the public_ip of aws_instance?
This is one of the most classic examples for terraform output values. As we know terraform is used as Infrastructure as code, so with the help of terraform you can provision many resources such - aws_instances
, aws_vpc
etc.
But is there a way by which you can know the public_ip
address of the instance which you are planning to provision using terraform?
Yes, there is a really convenient and easy way to achieve that.
Here is my aws_instance
which I have defined as inside my main.tf
-
1provider "aws" {
2 region = "eu-central-1"
3 access_key = <YOUR_ACCESS_KEY>
4 secret_key = <YOUR_SECRET_KEY>
5}
6
7resource "aws_instance" "ec2_example" {
8
9 ami = "ami-0767046d1677be5a0"
10 instance_type = "t2.micro"
11 subnet_id = aws_subnet.staging-subnet.id
12
13 tags = {
14 Name = "test - Terraform EC2"
15 }
16}
You can simply append following terraform output value code inside your main.tf
file so that it can print the public ip of your aws_instance
1output "my_console_output" {
2 value = aws_instance.ec2_example.public_ip
3}
Break down of the above script
aws_instance
- It is the keyword which you need write as is.ec2_example
- The name which we have given at the time of creatingaws_instance
public_ip
- You can use attributes reference page to get all the attribute which you want to print on console.
The same approach can be followed to print - arn
,instance_state
,outpost_arn
, password_data
, primary_network_interface_id
, private_dns
, public_dns
etc.
2. How to create output.tf for terraform output values?
In the previous point we have seen how to create your first terraform output values. But if you have noticed we have created the terraform output values inside the same main.tf
file.
It is completely okay to create terraform output values inside the main.tf
but this practice is certainly not recommended in the industry.
The recommended way is to create a separate output.tf
specially of the terraform output values, so that all the output values can be stored there.
The only change which you need to do over here is to create a new output.tf
and store the following terraform code init -
output.tf
1output "my_console_output" {
2 value = aws_instance.ec2_example.public_ip
3}
Your directory structure should look like this -
3. How to prevent printing sensitive info on the console?
As terraform output values help us to print the attributes reference values but sometimes you can not print all the values on console.
So to prevent from printing sensitive values on the console you need to set sensitive = true
.
Here is an example of the terraform code where we want to prevent showing the public ip to console -
1output "my_console_output" {
2 value = aws_instance.ec2_example.public_ip
3 sensitive = true
4}
In the above code if you noticed we are using sensitive = true
which tells terraform not to show public ip
on console.
4. Various use cases of output variables
Here are some common use cases for Terraform output variables include:
- Print IP address of a load balancer - Exposing the IP address of a load balancer to be used by other parts of the infrastructure for routing traffic.
1#main.tf
2
3resource "aws_elb" "example" {
4 name = "example"
5 internal = true
6 security_groups = [aws_security_group.example.id]
7 listener {
8 instance_port = 80
9 instance_protocol = "http"
10 lb_port = 80
11 lb_protocol = "http"
12 }
13}
14
15#The following output variable will print the IP address of loadbalancer
16output "elb_dns_name" {
17 value = aws_elb.example.dns_name
18}
19
- Print DNS name of Database - Exposing the DNS name of a database to be used by other parts of the infrastructure for connecting to the database.
1#main.tf
2
3resource "aws_rds_cluster" "example" {
4 cluster_identifier = "example"
5 master_username = "example"
6 master_password = "example"
7 db_subnet_group_name = aws_db_subnet_group.example.name
8}
9
10#The following output variable will print the DNS name of AWS RDS cluster
11output "rds_cluster_endpoint" {
12 value = aws_rds_cluster.example.endpoint
13}
- Get the URL of static website deployed on AWS- If you have ever deployed an static website on S3 bucket then you can print the website_endpoint using the output variables in terraform -
1#main.tf
2
3resource "aws_s3_bucket" "example" {
4 bucket = "example-bucket"
5 acl = "public-read"
6 website {
7 index_document = "index.html"
8 }
9}
10
11# The following output block will print the URL of static website deployed on S3 Bucket
12output "website_url" {
13 value = aws_s3_bucket.example.website_endpoint
14}
- Exporting the ARN of an AWS IAM role - Exporting the ARN of an AWS IAM role to be used by other parts of the infrastructure for granting permissions.
1#main.tf
2
3resource "aws_iam_role" "example" {
4 name = "example"
5
6 assume_role_policy = <<EOF
7{
8 "Version": "2012-10-17",
9 "Statement": [
10 {
11 "Effect": "Allow",
12 "Principal": {
13 "Service": "ec2.amazonaws.com"
14 },
15 "Action": "sts:AssumeRole"
16 }
17 ]
18}
19EOF
20}
21
22#print the arn using the output variable
23output "role_arn" {
24 value = aws_iam_role.example.arn
25}
Note - Click here to read more on How to manage AWS IAM user, Roles and Policies with Terraform
5. How do you output multiple values in Terraform?
In Terraform, you can output multiple values by defining multiple output blocks in your configuration. Each output block should have a unique name and a corresponding value.
For example, you could output both the public and private IP addresses of an EC2 instance like this:
1resource "aws_instance" "example" {
2 ami = "ami-0ff8a91507f77f867"
3 instance_type = "t2.micro"
4}
5
6# Output-1
7output "public_ip" {
8 value = aws_instance.example.public_ip
9}
10
11#Output-2
12output "private_ip" {
13 value = aws_instance.example.private_ip
14}
Using Map Function- You can also output multiple values in a single output block by using the map function.
1output "instance_ips" {
2 value = {
3 public_ip = aws_instance.example.public_ip
4 private_ip = aws_instance.example.private_ip
5 }
6}
Using join function- You can also output multiple attributes from a resource using join function
1output "security_groups" {
2 value = join(",",aws_instance.example.*.security_groups)
3}
6. How to access the output variable in Terraform module?
In Terraform, you can access output variables defined in a module by using the module
or module.name
syntax, where name
is the name of the module. For example, if you have a module named "example" with an output variable named "output_var", you can access it in the root module like this:
1module "example" {
2 source = "path/to/module"
3 # ... other module inputs
4}
5
6#output from module
7output "example_output" {
8 value = module.example.output_var
9}
You can also use the output variables in other resources or modules in the same way. For example, if you have another module that needs to use the output of the example module, you can reference it like this:
1module "example2" {
2 source = "path/to/module2"
3 example_output = module.example.output_var
4 # ... other module inputs
5}
Alternatively, you can use the output
block in the child module and then reference it in the root module by using the module
and module.name
syntax.
1module "example" {
2 source = "path/to/module"
3 # ... other module inputs
4}
5
6output "example_output" {
7 value = module.example.output_var
8}
7. Explain terraform output command with example and how it is different from output variable?
The output
command is used to display the values of output variables defined in the configuration. It can be used to show the values of output variables after a successful terraform apply
command has been run.
The syntax of the output
command is:
1terraform output [options] [NAME]
Where NAME
is the name of the output variable that you want to display. If you don't specify a NAME
, it will display all the output variables defined in your configuration.
For example, consider the following configuration:
1resource "aws_instance" "example" {
2 ami = "ami-0ff8a91507f77f867"
3 instance_type = "t2.micro"
4}
5
6output "public_ip" {
7 value = aws_instance.example.public_ip
8}
9
10output "private_ip" {
11 value = aws_instance.example.private_ip
12}
After running terraform apply
, you can display the value of the public_ip
output variable by running the command terraform output public_ip
which will output something like this:
1public_ip = xx.xxx.xxx.xxx
Similarly, you can display the value of the private_ip
output variable by running the command terraform output private_ip
which will output something like this:
1private_ip = xxx.xxx.xxx.xxx
On the other hand, the output
variable is a block defined in the Terraform configuration file, it allows you to extract information from the state file and make it available for use elsewhere in the same configuration file.
The output
command is used to display the values of output variables that have been defined in the configuration, it does not change anything in the infrastructure, but it shows the current state of the output variables defined in the configuration file.
8. How to use Terraform output for resource with count?
There are certain situation where you need to use terraform output
for multiple resources using the count. But to achieve this you do not need to loop inside the terraform output
block.
Here is an example in which I have created the 3 EC2 Instances on AWS with terraform and I am using only single output
block to print all the three public DNS info of the EC2 instances -
1#Following resource block will create 3 EC2 instances
2resource "aws_instance" "ec2_example" {
3 count = 3
4 ami = "ami-0767046d1677be5a0"
5 instance_type = "t2.micro"
6 tags = {
7 Name = "test-t2-micro"
8 }
9}
Output Block to fetch all the three public DNS
1 output "fetched_info_from_aws" {
2 value = ["${aws_instance.ec2_example.*.public_dns}"]
3}
Here is the screenshot of the output which is generated -
1fetched_info_from_aws = [
2 [
3 "ec2-3-70-132-62.eu-central-1.compute.amazonaws.com",
4 "ec2-3-76-218-65.eu-central-1.compute.amazonaws.com",
5 "ec2-18-193-116-124.eu-central-1.compute.amazonaws.com",
6 ],
7]
9. How to display sensitive inside output block using Terraform nonsensitive function?
In Terraform, the nonsensitive
function can be used to mark an output variable as sensitive, which means that its value will be obscured in the output of the terraform output
command. This can be useful for sensitive information like passwords or private keys.
The nonsensitive
function can be used to mark an output variable as non-sensitive, which means that its value will be displayed in plain text in the output of the terraform output
command.
Here is an example of how you might use the nonsensitive
function to mark an output variable as non-sensitive:
1resource "aws_iam_access_key" "example" {
2 user = aws_iam_user.example.name
3}
4
5output "access_key" {
6 value = nonsensitive(aws_iam_access_key.example.id)
7}
In the above example, the aws_iam_access_key
resource is being created and the output variable access_key
is being set to the ID of the access key, but the nonsensitive
function is used to mark the output variable as non-sensitive.
Conclusion
Hope the above article will help you to build your understanding on terraform output values.
With the combination of terraform variable, terraform locals you really benefit well on terraform output values
You can read more on terraform output values over here
Read More - Terragrunt -
Posts in this Series
- Use Terraform to manage AWS IAM Policies, Roles and Users
- How to split Your Terraform main.tf File into Multiple Files
- How to use Terraform variable within variable
- Mastering the Terraform Lookup Function for Dynamic Keys
- Copy files to EC2 and S3 bucket using Terraform
- Troubleshooting Error creating EC2 Subnet InvalidSubnet Range The CIDR is Invalid
- Troubleshooting InvalidParameter Security group and subnet belong to different networks
- Managing strings in Terraform: A comprehensive guide
- How to use terraform depends_on meta argument?
- What is user_data in Terraform?
- Why you should not store terraform state file(.tfstate) inside Git Repository?
- How to import existing resource using terraform import comand?
- Terraform - A detailed guide on setting up ALB(Application Load Balancer) and SSL?
- Testing Infrastructure as Code with Terraform?
- How to remove a resource from Terraform state?
- What is Terraform null Resource?
- In terraform how to skip creation of resource if the resource already exist?
- How to setup Virtual machine on Google Cloud Platform
- How to use Terraform locals?
- Terraform Guide - Docker Containers & AWS ECR(elastic container registry)?
- How to generate SSH key in Terraform using tls_private_key?
- How to fix-Terraform Error acquiring the state lock ConditionalCheckFiledException?
- Terraform Template - A complete guide?
- How to use Terragrunt?
- Terraform and AWS Multi account Setup?
- Terraform and AWS credentials handling?
- How to fix-error configuring S3 Backend no valid credential sources for S3 Backend found?
- Terraform state locking using DynamoDB (aws_dynamodb_table)?
- Managing Terraform states?
- Securing AWS secrets using HashiCorp Vault with Terraform?
- How to use Workspaces in Terraform?
- How to run specific terraform resource, module, target?
- How Terraform modules works?
- Secure AWS EC2s & GCP VMs with Terraform SSH Keys!
- What is terraform provisioner?
- Is terraform destroy needed before terraform apply?
- How to fix terraform error Your query returned no results. Please change your search criteria and try again?
- How to use Terraform Data sources?
- How to use Terraform resource meta arguments?
- How to use Terraform Dynamic blocks?
- Terraform - How to nuke AWS resources and save additional AWS infrastructure cost?
- Understanding terraform count, for_each and for loop?
- How to use Terraform output values?
- How to fix error configuring Terraform AWS Provider error validating provider credentials error calling sts GetCallerIdentity SignatureDoesNotMatch?
- How to fix Invalid function argument on line in provider credentials file google Invalid value for path parameter no file exists
- How to fix error value for undeclared variable a variable named was assigned on the command line?
- What is variable.tf and terraform.tfvars?
- How to use Terraform Variables - Locals,Input,Output
- Terraform create EC2 Instance on AWS
- How to fix Error creating service account googleapi Error 403 Identity and Access Management (IAM) API has not been used in project before or it is disabled
- Install terraform on Ubuntu 20.04, CentOS 8, MacOS, Windows 10, Fedora 33, Red hat 8 and Solaris 11