1. Recap: Terraform Basics

  • Commands:
    • terraform apply: Creates/updates infrastructure.
    • terraform destroy: Removes all managed resources.
    • terraform fmt: Auto-format code for readability.
  • State File:
    • terraform.tfstate tracks resource metadata.
    • Backup files (terraform.tfstate.backup) allow recovery if state is corrupted.

2. Introduction to Terraform Variables

Purpose: Avoid hardcoding values, improve reusability, and manage configurations across environments.

Variable Declaration (variables.tf)

variable "bq_dataset_name" {
  description = "My BigQuery dataset name"
  type        = string
  default     = "demo_dataset"
}

variable "gcs_bucket_name" {
  description = "My GCS bucket name"
  type        = string
  default     = "terraform-demo-bucket"
}

variable "location" {
  description = "Project location (region/multi-region)"
  type        = string
  default     = "US"
}

variable "credentials" {
  description = "Path to service account JSON file"
  type        = string
  default     = "./keys/my-creds.json"
}

Key Notes:

  • Use description for clarity.
  • default provides a fallback value (optional but recommended for testing).
  • Types: string, number, bool, list, map, etc.

3. Using Variables in Resources

Example: Modify main.tf to reference variables.

provider "google" {
  project     = var.project
  region      = var.location
  credentials = file(var.credentials)  # Read file content
}

resource "google_storage_bucket" "demo-bucket" {
  name          = var.gcs_bucket_name
  location      = var.location
  force_destroy = true
}

resource "google_bigquery_dataset" "demo-dataset" {
  dataset_id    = var.bq_dataset_name
  location      = var.location
  delete_contents_on_destroy = true
}

Key Functions:

  • file(var.credentials): Reads the JSON key file for authentication.

4. Workflow with Variables

Destroy Resources:

terraform destroy  # Clean up

Apply Configuration:

terraform apply  # Deploy resources

Initialize and Plan:

terraform init  # Install providers
terraform plan  # Preview changes

5. Handling Credentials Securely

  • Best Practices:
    • Never hardcode credentials in main.tf.
    • Use variables.tf to reference external files (e.g., keys/my-creds.json).
    • Avoid committing credentials to version control (add .json to .gitignore).

Troubleshooting Authentication:

  • Error: No credentials loaded.
    • Ensure credentials variable points to the correct JSON file path.
    • Use export GOOGLE_APPLICATION_CREDENTIALS=./keys/my-creds.json as a fallback.

6. Advanced Tips

  • Variable Files (.tfvars):
    • Create dev.tfvars or prod.tfvars for environment-specific values.
    • Apply with terraform apply -var-file="dev.tfvars".
  • Dynamic Values:
    • Use terraform.tfvars for local overrides (automatically loaded).

Validation:

variable "location" {
  validation {
    condition     = contains(["US", "EU"], var.location)
    error_message = "Allowed values: US, EU."
  }
}

7. Key Takeaways

  • Reusability: Variables centralize configuration, making code adaptable.
  • Security: Keep credentials external and never expose them.
  • Scalability: Use .tfvars and modules for complex projects.

Next Steps: Explore Terraform modules, remote state storage (e.g., GCS), and environment-specific workflows.

Author Of article : Pizofreude Read full article