I'm quite new to Terraform, though I have gone through all of the instructional modules available on Hashicorp's site.
Currently, I'm struggling with understanding how to set up environment variables. I know how to reference variables in the main.tf config (access_key = "${var.access_key}"
), and I know how to save that access key to a separate file and reference that, but what I don't understand (and can't find any documentation/instruction on) is how to set up environment variables so I don't have to save the access key to a file.
Does anyone know how best to go about doing this?
Terraform can infer the following environment variables for AWS
export AWS_ACCESS_KEY_ID="anaccesskey"
export AWS_SECRET_ACCESS_KEY="asecretkey"
Ref: https://www.terraform.io/docs/providers/aws/#environment-variables
But I would suggest trying the AWS Profile
.
You can add credentials to ~/.aws/credentials
file like
[myprofile]
aws_access_key_id = anaccesskey
aws_secret_access_key = asecretkey
and then you can set environment variable export AWS_PROFILE=myprofile
. Now, if you run terraform from this shell, it should pick credentials listed under myprofile
.
Also, you can have you AWS Provider
code as follows:
provider "aws" {
profile = "myprofile"
region = "${var.region}"
}
In my experience, interacting with AWS using profile
is easy and better than setting environment variables on each shell.
You can refer an example here https://github.com/pradeepbhadani/tf-examples/blob/master/ex2/provider.tf
Hope this helps.
Some providers all you to set provider credentials/configuration via environment variables directly. For example, in the case of the AWS provider you can use the AWS SDK environment variables as mentioned in the AWS provider documentation:
You can provide your credentials via the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY, environment variables, representing your AWS Access Key and AWS Secret Key, respectively.
With example usage shown as:
$ export AWS_ACCESS_KEY_ID="anaccesskey"
$ export AWS_SECRET_ACCESS_KEY="asecretkey"
$ export AWS_DEFAULT_REGION="us-west-2"
$ terraform plan
For the Azure provider most of the provider config can be set by environment variables without needing to be defined in the provider configuration:
$ export ARM_CLIENT_ID="aclientid"
$ export ARM_SUBSCRIPTION_ID="asubscriptionid"
$ export ARM_TENANT_ID="atenantid"
$ terraform plan
In the more general case, Terraform will automatically load any defined variables that are prefixed with TF_VAR_
.
So if you have something like this:
variable "foo" {}
You can set the value by exporting the TF_VAR_foo
environment variable:
export TF_VAR_foo=bar
The Terraform way of using environment variables and thus arbitrary values for all good things Terraform are by prefixing any environment variable with TF_VAR_
and then Terraform will automagically use it.
For your specific use case this would mean, that you can set the Terraform variable access_key
by setting the **environment* variable TF_VAR_access_key
.
This technique is built-in into Terraform itself and is thus independent from any specific provider.
Documentation can be found at https://www.terraform.io/docs/commands/environment-variables.html#tf_var_name it works also for older Terraform version (I've tested it with 0.11).
- when I started learning tf, I have used a
terraform.tfvars
file where in I put:
aws_access_key="myaccesskey"
aws_secret_key="mysecertkey"
region='aws-region'
in main.tf
:
variable "aws_access_key" {}
variable "aws_secret_key" {}
variable "private_key_path" {}
provider "aws" {
access_key = var.aws_access_key
secret_key = var.aws_secret_key
region = var.region
}
making sure, both files in the same dir.
- then I started using env varibles in Mac:
$ export AWS_ACCESS_KEY_ID="AWS_ACCESS_KEY_ID"
$ export AWS_SECRET_ACCESS_KEY="AWS_SECRET_ACCESS_KEY"
$ terraform plan
- using profile,
~/.aws/credentials
aws configure
AWS Access Key ID: yourID
AWS Secret Access Key: yourSecert
Default region name : aws-region
Default output format : env
I hope it helps!
good luck, terraform is an amazing thing to learn!
来源:https://stackoverflow.com/questions/55052153/how-to-configure-environment-variables-in-hashicorp-terraform