How do i pass -var-file on Teffaform cloud

umashankar2 · May 7, 2020, 2:17pm

I have multiple environment specific tfvars in a repo, need to pass specific file so it can use these variables, I dont find any way to do it from terraform cloud.

As these are envionment specific file, I dont have it named terraform.tfvars, rather its as dev.tfvars, prod.tfvars

apparentlymart · May 7, 2020, 9:14pm

Hi @umashankar2,

When using Terraform Cloud, the workspace settings in Terraform cloud replace the use of CLI-provided variables files. For each Terraform Cloud workspace you can configure workspace variables.

If your goal is to use the same configuration multiple times with different variables to create multiple “copies” of the same infrastructure, the intended way to do that with Terraform Cloud is as follows:

Create one workspace for each of your environments that all share a common name prefix (e.g. networking-) but have different suffixes giving the environment name (like networking-stage, networking-prod, etc).
In your shared configuration, write a remote backend configuration block that specifies the naming prefix you chose in the previous step:
```
terraform {
  backend "remote" {
    organization = "example"
    workspaces {
      prefix = "networking-"
    }
  }
}
```
Run terraform init locally against that configuration to configure the backend. That should reach out to the Terraform Cloud API and verify that the given organization exists and that your credentials grant access to it.
Run terraform workspace list to see the local workspaces that correspond to the remote workspaces you created in the first step. If you use the names I gave as examples, you’d see workspaces named stage and prod.
Return to the Terraform Cloud UI and configure the environment-specific variables for each of the networking- workspace using the variable management UI. (You can also manage these in Terraform using the tfe provider, but I won’t get into the details of that here for brevity.)
In your local shell, run terraform workspace select stage to select the staging workspace. You can run terraform apply here to push your current configuration up to the remote networking-stage workspace and run Terraform using the variables you configured for that specific workspace.
Similarly, run terraform workspace select prod to select the production workspace. Again, run terraform apply to push up the configuration and run Terraform with the separate workspace-specific variables for production.

You can now switch between your environments using terraform workspace select and it will cause Terraform (via Terraform Cloud) to always use the set of variables and latest state snapshot associated with the selected workspace. You no longer need to manually coordinate using the correct .tfvars file for the state you are currently working with.

As you may have seen on the Variables documentation page I linked above, you can still use the .auto.tfvars and terraform.tfvars files that Terraform automatically reads, for any variable values you want to be consistent between your environments, but any per-environment values should be stored remotely in the workspace settings.

umashankar2 · May 7, 2020, 9:29pm

@apparentlymart I will be using (almost) same variable for all environment, however value would change depends on environment, example - Development can have 1 VM, but Prod might 10. Size of VM might be b4ms for Dev, but very high configuration for prod. How do I manage that without adding variable on Terraform cloud (and read from file)

apparentlymart · May 7, 2020, 10:01pm

You can use a single input variable to select values within your configuration:

variable "environment" {
  type = string
}

locals {
  per_environment_settings = tomap({
    dev = {
      vm_count = 1
    }
    prod = {
      vm_count = 10
    }
  })

  vm_count = local.per_environment_settings[var.environment]
}

You can then configure your Terraform Cloud workspaces only with that single environment variable value (set to either dev or prod) and keep all of the details inside the configuration.

umashankar2 · May 8, 2020, 10:44am

@apparentlymart Thats great. Thank you for your response.

I was able to use backend, and create multiple workspace on Terraform cloud.
One thing i am still seeing issue with is using terraform.tfvars

I have defined all the environment specific variable on Cloud, and left a variable value in terraform.tfvars which will be consistent everywhere (I am just testing for now).

Variable defination file - win-variables.tf

variable “windows_admin_username” {
type = string
description = “”
}

Value is defined in terraform.tfvars
windows_admin_username = “localadminstrator”

However, I still see issue when run the plan:

Does that mean its not reading variable from terraform.tfvars file?

apparentlymart · May 8, 2020, 4:53pm

Hi @umashankar2,

Looking back at what I wrote before I’m afraid I can see I made an error: the terraform.tfvars file isn’t used in Terraform Cloud, because Terraform Cloud actually overwrites that file with the variables you configured in the web UI, in order to make those variable values available to the Terraform run.

If you rename that file to something ending in .auto.tfvars then it should work. For example, you could rename it to terraform.auto.tfvars. .auto.tfvars files take precedence over terraform.tfvars, which means that in the Terraform Cloud context values set in .auto.tfvars will override a value provided via the Variables web UI in Terraform Cloud (because Terraform Cloud writes those into terraform.tfvars).

umashankar2 · May 8, 2020, 7:22pm

Thank you @apparentlymart, I relaized that later and renamed it as .auto.tfvars. That works.

kereza · January 8, 2021, 9:25pm

Guys, that thread is a life saver ! …I just lost so much time to figure out how to manage the variables in TF cloud for different environments etc !

The documentations does not HELP in regards to that ! Some updates there are needed !

Thank you !

aleon1220 · March 15, 2021, 9:26pm

This is good stuff @apparentlymart. Thanks I am quoting you in another thread.

yermulnik · December 19, 2023, 1:42pm

@apparentlymart I’ve just stumbled upon this from https://developer.hashicorp.com/terraform/cloud-docs/workspaces/variables#11-terraform-tfvars-variable-file

When this has changed so that TF Cloud “gave up” overwriting terraform.tfvars passed over from TF caller end?

Was it a change in Terraform version or a change in TF Cloud? if TF version, could you please refer to a version? If TF Cloud — then since when this has changed? Thanks

apparentlymart · January 3, 2024, 8:31pm

Hi @yermulnik,

I work on Terraform Community Edition rather than Terraform Cloud and so I’m not sure exactly what’s changed here, but the note you indicated was added in this pull request:

github.com/hashicorp/terraform-docs-common

Add more details about `terraform.tfvars`

hashicorp:main ← hashicorp:aw/more-about-terraform-tfvars-file

opened 08:48PM - 30 Sep 22 UTC

annawinkler

+8 -2

### What * Clarify what happens with `terraform.tfvars` in TFC and TFE on thi…s [page](https://www.terraform.io/cloud-docs/workspaces/variables#precedence) ### Why A customer noticed behavior that was undocumented, reported in this [issue.](https://app.asana.com/0/157256879238414/1202691817770504/f) ---------- ### Merge Checklist _If items do not apply to your changes, add (N/A) and mark them as complete._ #### Pull Request - [x] One or more labels describe the type of change (e.g. clarification) and associated product (e.g. tfc). - [x] Description links to related pull requests or issues, if any. #### Content - [NA] Redirects have been added for moved, renamed, or deleted pages. This requires a separate PR in the [`terraform-website` repository](https://github.com/hashicorp/terraform-website) `redirects.next.js` file. - [NA] API documentation and the API Changelog have been updated. - [NA] Links to related content where appropriate (e.g., API endpoints, permissions, etc.). - [NA] Pages with related content are updated and link to this content when appropriate. - [NA] Sidebar navigation files have been updated for added, deleted, reordered, or renamed pages. - [NA] New pages have metadata (page name and description) at the top. - [NA] New images are 2048 px wide. They have HashiCorp standard annotation color (#F92672) and format (rectangle with rounded corners), blurred sensitive details (e.g. credentials, usernames, user icons), and descriptive alt text in the markdown for accessibility. - [NA] New code blocks have the correct syntax and line breaks to eliminate horizontal scroll bars. - [NA] UI elements (button names, page names, etc.) are bolded. - [NA] The Vercel website preview successfully deployed. #### Reviews - [x] I or someone else reviewed the content for technical accuracy. - [x] I or someone else reviewed the content for typos, punctuation, spelling, and grammar.

I notice that there’s a comment thread about the treatment of terraform.tfvars which seems to suggest that the behavior differs when your run occurs in a Terraform Cloud Agent. Some hidden context here is that Terraform Cloud has been transitioning to using HashiCorp-managed Terraform Cloud Agents for workspaces that don’t have their own external agent pool configured, and so I guess this change in behavior correlates with that migration.

If you are on a paid tier of Terraform Cloud then I’d suggest contacting HashiCorp Support if you need a more specific answer. Thanks!

yermulnik · January 3, 2024, 10:02pm

@apparentlymart Thanks for the feedback. I was almost sure you know every single bit about TF and stuff around it =)
Thanks for the pointer to the that exact comment on the PR. I didn’t even think there might be this much useful info within resolved comments that I see collapsed (since they are resolved). I’d wish they put that info in the documentation so clarify diffs between regular TF, TFC and TFE.
Appreciate your assistance as usual! Thanks and Happy New Year.