This lab demonstrates how to store variables to Terraform Enterprise.
Duration: 10 minutes
- Task 1: Migrate your variables to TFC
- Task 2: Run a plan locally
- Task 3: Change a variable
- Task 4: Run an apply remotely
This lab demonstrates how to store variables in Terraform Cloud.
Now that we have our state stored in Terraform Cloud in our workspace, we will take the next logical step and store our sensitive variables into TFC as well.
- In this step, we will be taking all of that variables and values that are stored locally in the
terraform.tfvarsfile and migrating them up to Terraform Cloud. - The first thing you will need to do is navigate to your Terraform Cloud
webserver-aws-devin the UI. - Once there, navigate to the
Variablestab. - In the
Variablestab, you can add variables related to the state file that was previously migrated. - To do this, first selec the
+ Add variablebutton - Once you've done this, you can add a Key-Value pair for your variable, much like it is in your
terraform.tfvarsfile. - For example, if your
identityfor this class isterraform-training-ant, you would addidentityto theKeyfield andterraform-training-antfo theValuefield. - Do this for every variable in your
terraform.tfvarsfile, WITH THE FOLLOWING EXCEPTIONS:secret_key- For this variable, you can add theKeyandValuefields as normal. However, since this is considered to be a sensitive value, we want to treat it as such. Select the radial button after theValuetext box that saysSensitiveto make sure that the value is obscured.vpc_security_group_ids- As we previously discussed, the value for this variable is written out as a list. Because of this, it needs to be entered a bit differently.- the
Keyvalue can be entered as normal - the
Valuewill be different. Instead of just taking the straight value as before, we will need to copy and past the entire thing including the brackets and quotes, e.g.["sg-0cbbc51faf252a664"] - Lastly, before saving, you must select the radial button that says
HCLso that TFC knows how to properly interpolate the value of this variable
- the
- After you've done all of this, your variables should look something like this:
- Variables declared and defined in Terraform Cloud will be parsed before values in a
terraform.tfvarsfile. - In your
terraform.tfvarsfile, comment out every line of every variable - Make sure that your file is saved.
- Next reinitialize your terraform project locally and run a
terraform planto validate that refactoring your code to make use of variables within TFC did not introduce any planned infrastructure changes. This can be confirmed by validating a zero change plan.
terraform plan
Running plan in the remote backend. Output will stream here. Pressing Ctrl-C
will stop streaming the logs, but will not stop the plan running remotely.
Preparing the remote plan...
To view this run in a browser, visit:
https://app.terraform.io/app/Enterprise-Cloud/server-build/runs/run-DGXauYrWeB1xwwPx
Waiting for the plan to start...
Terraform v0.14.8
Configuring remote state backend...
Initializing Terraform configuration...
module.keypair.tls_private_key.generated: Refreshing state... [id=34a0559a16dc68108d30a76d9a5a7b25f8885e1e]
module.keypair.local_file.public_key_openssh[0]: Refreshing state... [id=0e346a51831a9bc96fd9ea142f8c35b4e1ade12b]
module.keypair.local_file.private_key_pem[0]: Refreshing state... [id=b7ac3f7125c4e3681fd38539b220c1abf01d1254]
module.keypair.null_resource.chmod[0]: Refreshing state... [id=1854006565944356631]
module.keypair.aws_key_pair.generated: Refreshing state... [id=terraform-nyl-ant-key]
module.server[0].aws_instance.web[1]: Refreshing state... [id=i-047d4d406e22e87f9]
module.server[1].aws_instance.web[0]: Refreshing state... [id=i-003fcdb877e575b26]
module.server[0].aws_instance.web[0]: Refreshing state... [id=i-0d16b6f6eda6b834e]
module.server[1].aws_instance.web[1]: Refreshing state... [id=i-03be3bf6ee29f5633]
No changes. Infrastructure is up-to-date.
This means that Terraform did not detect any differences between your
configuration and real physical resources that exist. As a result, no
actions need to be performed.Next, we will be testing to make sure that our variables in TFC are working correctly.
- Simply click on the
***button to the right of your variables, and then select theEditoption - Change the value of your
identityvariable and save to apply a new name to your server. - Run a
terraform applylocally in your code editor. - When this is ran locally, you should see that Terraform is looking at the variable in TFC, and it will update your server tags with the
indentityvalue.
Now that we've tested that our configuration is still working and that our variables can be stored and manipulated withing Terraform Cloud, let's also test an apply within Terraform Cloud itself.
Now that your variable value has changed, let's queue the plan in Terraform Cloud
- Navigate to the
Actionsbox in the top right corner and chooseStart new plan - In the
Reason for starting plandialogue box, type something meaningful to your use case. For this, we can simply sayUpdating Server Indentity. - In the
Choose plan typeoption, make sure thatPlan (most common)is selected - Follow the dialogue boxes through this process. Review your plan to ensure that it will be doing exactly what you expect, and then confirm and apply when given the opportunity.
