Study Notes 1.3.3: Terraform Variables

1. Recap: Terraform Basics

• Commands:
  • terraform apply: Creates/updates infrastructure.
  • terraform destroy: Removes all managed resources.
  • terraform fmt: Auto-format code for readability.
• State File:
  • terraform.tfstate tracks resource metadata.
  • Backup files (terraform.tfstate.backup) allow recovery if state is corrupted.

2. Introduction to Terraform Variables

Purpose: Avoid hardcoding values, improve reusability, and manage configurations across environments.

Variable Declaration (variables.tf)

variable "bq_dataset_name" { description = "My BigQuery dataset name" type = string default = "demo_dataset" } variable "gcs_bucket_name" { description = "My GCS bucket name" type = string default = "terraform-demo-bucket" } variable "location" { description = "Project location (region/multi-region)" type = string default = "US" } variable "credentials" { description = "Path to service account JSON file" type = string default = "./keys/my-creds.json" } 

Key Notes:

• Use description for clarity.
• default provides a fallback value (optional but recommended for testing).
• Types: string, number, bool, list, map, etc.

3. Using Variables in Resources

Example: Modify main.tf to reference variables.

provider "google" { project = var.project region = var.location credentials = file(var.credentials) # Read file content } resource "google_storage_bucket" "demo-bucket" { name = var.gcs_bucket_name location = var.location force_destroy = true } resource "google_bigquery_dataset" "demo-dataset" { dataset_id = var.bq_dataset_name location = var.location delete_contents_on_destroy = true } 

Key Functions:

• file(var.credentials): Reads the JSON key file for authentication.

4. Workflow with Variables

1. Initialize and Plan:
   

   terraform init # Install providers terraform plan # Preview changes 

2. Apply Configuration:
   

   terraform apply # Deploy resources 

3. Destroy Resources:
   

   terraform destroy # Clean up 

5. Handling Credentials Securely

• Best Practices:
  • Never hardcode credentials in main.tf.
  • Use variables.tf to reference external files (e.g., keys/my-creds.json).
  • Avoid committing credentials to version control (add .json to .gitignore).

Troubleshooting Authentication:

• Error: No credentials loaded.
  • Ensure credentials variable points to the correct JSON file path.
  • Use export GOOGLE_APPLICATION_CREDENTIALS=./keys/my-creds.json as a fallback.

6. Advanced Tips

• Variable Files (.tfvars):
  • Create dev.tfvars or prod.tfvars for environment-specific values.
  • Apply with terraform apply -var-file="dev.tfvars".
• Dynamic Values:
  • Use terraform.tfvars for local overrides (automatically loaded).

• Validation:
  

  variable "location" { validation { condition = contains(["US", "EU"], var.location) error_message = "Allowed values: US, EU." } } 

7. Key Takeaways

• Reusability: Variables centralize configuration, making code adaptable.
• Security: Keep credentials external and never expose them.
• Scalability: Use .tfvars and modules for complex projects.

Next Steps: Explore Terraform modules, remote state storage (e.g., GCS), and environment-specific workflows.