Terraform Basics – Week 2: Variables and Reusability

In Week 2 of the Terraform Basics series, we’ll take the configuration we built last week and make it flexible, reusable, and more secure.

Table Of Contents

1. Recap: What We Built Last Week

2. Improving What We Have - Using Variables for Flexibility & Security

3. Updated Terraform Files

4. Deploying to Azure

5. Wrap-Up

1.Recap : What We Built Last Week

Last week, we built our first Azure Virtual Machine and the prerequisite resources that goes with an Azure VM.

Here's a visual reminder:

You can check out the full details of Week 1 here

2. Improving What We Have

Last week we were able to successfully deploy our first VM to our Azure Tenant. But, the way we deployed it had a lot of bad practices that are not secure, scalable or flexible. This week, we are going to move on to better practices.

 Using Variables for Flexibility & Security

In Week 1, we hard-coded almost everything. The region of the VM, its size, name, credentials. The reason this is not optimal is because in real-world environments these are going to differ from one deployment to another.

Let's go back to our architecture for example. We had 4 .tf files and each resource has some variables associated with them. If you wanted to create the exact set of resources in another region with different resource names, you would have to create a copy of all the .tf files, change the name variables of each resource, and then deploy it. You can imagine as the environment you work in gets bigger, this manual effort becomes a real roadblock and prone to errors.

That is why we use variables.

In terraform, you can define a variable like so :

Default attribute is optional. In case there are no values provided for the variable, the variable becomes the default value that is specified.

Sensitive flag redacts the value of the variable from console output, logs and terraform plan outputs, so you don't accidentally leak sensitive information like admin passwords of VMs.

In order to change our configuration file to have the admin_username and admin_password attributes of the VM to refer to the variables we created, we use the var.variablename format, like so:

Now you may be asking, what are the values of these variables ? We just defined a default value but not the actual value. You are right.
There are two ways to define the values, but for this week's purpose we would only go over one.

Environment Variables

These are the variables you define on your environment where your Terraform Files are hosted, in my case my Windows PC.

In windows, you can define Environment variables by opening the Start and typing Environment Variables and clicking "Edit the system environment variables" result that comes up. After that, click on "Environment Variables". Select New, and create the environment variable in the format that is shown.

In order for Terraform to recognize the variable you define here, you must add TF_VAR_ prefix before the variable name. Variable name also has to match exactly and it's case sensitive.

Once you define as shown in the picture above, you can click "OK" and close the pop-up windows. Close and re-open Visual Studio Code for environment variables to be recognized.

After completing all the steps described, Terraform will now refer to the variables we created and our username and password will not be hard-coded and less vulnerable than before.

Here's a challenge for you, using what you have learned above, try to create variables for the name attributes of all the 5 resources we created using the default parameter (No need for environment variables). You can find the solution

3. Updated Terraform Files

Updated File Structure:

Latest version of the files can be found in screenshots below, as well as in this GitHub repository.

providers.tf

Same as last week.

resource-group.tf

variables.tf

Here, I used variables for names for all 5 resources that we created, and I also used variables for Virtual Machine's size attribute, resource group's location attribute, and NIC's private IP attribute. Things like IP, VM Size, and Location are often change a lot per resource or project so it always makes sense to use variables for those attributes.

virtual-machine.tf

Changes are highlighted in red.

virtual-network.tf

Changes are highlighted in red.

4. Running Terraform

For Windows, open a command prompt or a PowerShell and navigate to your Terraform project folder you created (in my case, Azure). From your project folder, run the following commands :

1. terraform init - Initializes terraform, installs the required providers

1. terraform plan - Shows you what resources are going to be added, deleted, or changed.

You can see our environment variables in action here by having the username changed to localadmin, and the sensitive tag blocking the password from being displayed in terraform plan output :

1. terraform apply - Terraform provisions each resource exactly as defined.

1. terraform destroy - Destroys all the resources defined in your configuration files. After you are done, don't forget to issue this command to avoid a huge bill on your account.

5. Wrap-Up

That wraps up Week 2 of the Terraform Basics series. Each week, we’re getting closer to a real-world Terraform environment. Next week, we’ll cover terraform.tfvars, secure the VM with a Network Security Group, and explore dynamic blocks.

I hope this was helpful to understand Terraform Basics, and hope to see you again in Week 3!