To make the infrastructure shareable and version controlled, we need to parameterize the configurations with help of variables.

The variable block configures a single input variable for a Terraform module.

Input variables can be defined as below :

variable "key" {
 type = "string"

Below are the arguments which accept within the block body (between { })

  • type
  • default
  • description

type: Valid values are a string, list, and map. If no type field is provided, the variable type will be inferred based on default. If no default is provided, the variable type is assumed to be a string.

default: It sets a default value for the variable. If no default is provided, Terraform will raise an error if a value is not provided by the caller.

description: A human-friendly description of the variable.

Let’s create a and files.

variable "access_key" {}
variable "secret_key" {}
variable "region" {
default = "us-east-1"

provider "aws" {
  access_key = "${var.access_key}"
  secret_key = "${var.secret_key}"
  region = "${var.region}"

To access variables, you have to provide the variable prefixed with “var.”.

The first two have empty blocks {}. The third set a default. If a default value is set, the variable is optional while running terraform commands.

Otherwise, the variable is required. If you run terraform plan now, Terraform will prompt you for the values for empty block string variables.

$ terraform plan
  Enter a value: XXXXXXXXXXXXXXX

Refreshing Terraform state in-memory prior to plan...

Command-line flags

You can set variables directly on the command-line with the -var flag.

$ terraform apply 
-var 'access_key=XXXXXXXXXXXXXX' 

It can apply for the apply, plan, and refresh as well.

Variable type field values

String :

String values are simple and represent a basic key to value mapping where the key is the variable name.

variable "keyname" {
  type = "string"
  default = "myKey"

A multi-line string value can be provided using heredoc syntax.

variable "public_key" {
  type = "string"
  default = <<EOF
This is a long key.
Several lines.


A map value is a lookup table from string keys to string values. This is useful for selecting a value based on some other provided value.

A common use of maps is to create a table of machine images per region, as follows:

variable "amis" {
  type = "map"
  default = {
    "us-east-1" = "ami-b374d5a5"
    "us-west-2" = "ami-4b32be2b"

Command Line

$ terraform apply -var 'amis={ us-east-1 = "ami-b374d5a5", us-west-2 = "ami-4b32be2b" }'


A list value is an ordered sequence of strings indexed by integers starting with zero.

variable "cidrs" {
  type = "list"
  default = ["", ""]


For a configuration such as the following:

variable "active" {
  default = false

Environment Variables

Environment variables can be used to set the value of an input variable in the root module.

The name of the environment variable must be TF_VAR_ followed by the variable name, and the value is the value of the variable.

For example :

variable “image” {}

The above variable can be set via an environment variable:

$ TF_VAR_image=ami-b374d5a5

For a list variable

$ TF_VAR_amis='["ami-abc123", "ami-bcd234"]'

Variable Files

To persist variable values, create a file and assign variables within terraform.tfvars file. Terraform automatically loads them to populate variables. If the file is located somewhere else, you can pass the path to the file using the -var-file flag.


access_key = "XXXXXXXXXXXXXX"

cidrs = [

amis = {
us-east-1 = "ami-b374d5a5"
us-west-2 = "ami-4b32be2b"

The -var-file flag can be used multiple times per command invocation:

$ terraform apply -var-file=vars1.tfvars -var-file=vars2.tfvars