Best practice for multiple combinations of tfvars files

1,321 views
Skip to first unread message

Master Cho

unread,
Oct 29, 2016, 11:12:39 AM10/29/16
to Terraform
Because I want to be DRY and have a single authoritative source for my variable definitions:
I have variable files for the environment e.g. prod.tfvars
I have variable files for the project e.g. project1.tfvars
I have variable files for the AWS account e.g. myacct.tfvars
I have variable files for the AWS region e.g. us-west-2.tfvars

What's the best way for any given configuration to pull in the different sets of tfvars files it needs?  Is there some configuration I can do in the directory, or something I can add into the code so that I only have to define this once?

Manually adding several -var-file options to my command line is a hassle.

I could force the variable definitions into outputs in state files and use those in the code.  That seems a little kludgey.

Ultimately what I think I want is some sort of "include prod.tfvars" functionality for the code (or for the terraform.tfvars file).

Is there a Terraform way of accomplishing this?

Thank you

David Adams

unread,
Oct 29, 2016, 3:39:49 PM10/29/16
to terrafo...@googlegroups.com
I think what you think is "kludgey" is the right way to do it.

For my purposes, where we operate in multiple AWS accounts across multiple regions, I've developed a module with no resources, but which just sets outputs based on a set of inputs, so for example, I can do:

    module "metadata" {
      source = "../modules/aws-metadata"
      account = "main"
      region = "pdx"
      vpc = "nonprod"
      env = "beta"
    }

    provider "aws" {
      region = "${module.metadata.region_name}" # us-west-2 in this case
    }

    resource "aws_instance" "app" {
      count = 3
      vpc_security_group_ids = [
        "${module.metadata.default_security_group}",
      ]
      subnet_id = "${element(split(",", module.metadata.public_subnets), count.index)}"
      #...

So the various outputs are lookups in big maps of, for example, the list of public subnets in the given account, region, vpc combination. In addition to subnets and security group IDs, we've got VPC IDs, Consul datacenter names and paths, cross-account role ARNs, standard tag values, all sorts of things.

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/hashicorp/terraform/issues
IRC: #terraform-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Terraform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to terraform-tool+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/f324690e-37cc-4d83-b6a5-c8b8346263b7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Mat Schaffer

unread,
Oct 29, 2016, 10:56:27 PM10/29/16
to terrafo...@googlegroups.com
+1 on modules as variable sources. I use that extensively. 
To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/CAN3s8zYvpuJ%3D5KFEy15REs-%2BW8B-YY6mDSYdpOEPzqWiJMxNrw%40mail.gmail.com.

For more options, visit https://groups.google.com/d/optout.


--

Mat Schaffer

unread,
Oct 29, 2016, 10:56:57 PM10/29/16
to terrafo...@googlegroups.com
Well, when there isn't a data source for what I need anyway. 
--

Master Cho

unread,
Nov 1, 2016, 12:36:42 AM11/1/16
to Terraform
Thank you for the responses.
Reply all
Reply to author
Forward
0 new messages