terraform output - ghdrako/doc_snipets GitHub Wiki

Output values are the return values of a Terraform resource/module/data, and they have many use cases:

  • The output from one resource/module/data can be called into other resources/modules/data if there is a dependency on the first resource.
  • You can print certain output of the resources/modules/data on the CLI by running terraform apply.
  • If you are using a remote state, other configurations via a terraform_remote_state data source can help you to access root module outputs.

Terraform attribute referencing

  • implicit reference - perform Terraform attribute referencing from one resource code block and consume it in another resource code block.
  • reference in data sources and modules
main.tf:
resource "google_project" "my_project" {
  name       = "My Project"
  project_id = "your-project-id"
  org_id     = "1234567"
}

resource "google_app_engine_application" "app" {
  project     = google_project.my_project.project_id
  location_id = "us-central"
}

output.tf:
output "id" {
  value = google_app_engine_application.app.id
}

output "name" {
  value = google_app_engine_application.app.name
}

Terraform output optional arguments:

  • description
output "instance_ip_addr" {
  value       = aws_instance.server.private_ip
  description = "The private IP address of the main server instance."
}
  • sensitive - set output values that have sensitive information,
output "db_password" {
  value       = aws_db_instance.db.password
  description = "The password for logging in to the database."
  sensitive   = true
}

When you define output values as sensitive, this prevents Terraform from showing its values on the Terraform CLI after running terraform apply. Terraform version 0.14 and above, which prevents the displaying of sensitive output in the CLI output. Even if you have defined output values as sensitive, they will still be recorded in the state file, and they will be visible in plain text to anyone who has access to the state file.

  • depends_on resource define dependency - this is additonlal depndency. Shoud be use as last resort and always with comment why is being used
output "instance_ip_addr" {
  value       = aws_instance.server.private_ip
  description = "The private IP address of the main server instance."
  depends_on = [
    # Security group rule must be created before this IP address could
    # actually be used, otherwise the services will be unreachable.
    aws_security_group_rule.local_access,
  ]
}