When defining the aws provider in terraform,
provider "aws" {
access_key = "<AWS_ACCESS_KEY>"
secret_key = "<AWS_SECRET_KEY>"
region = "<AWS_REGION>"
}
I'd like to be able to just use the, already defined, system variables
AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY
Is there any way to have the tf files read environment variables?
doing something like,
provider "aws" {
access_key = env.AWS_ACCESS_KEY_ID
secret_key = env.AWS_SECRET_KEY_ID
region = env.AWS_REGION
}
Yes, can read environment variables in Terraform. There is a very specific way that this has to be done. You will need to make the environment variable a variable in terraform.
For example I want to pass in a super_secret_variable to terraform. I will need to create a variable for it in my terraform file.
variable "super_secret_variable" {
type = "string
}
Then based on convention I will have to prefix my environment variable with TF_VAR_ like this:
TF_VAR_super_secret_variable
Then terraform will automatically detect it and use it. Terraform processors variables based on a specific order that order is -var option, -var-file option, environment variable, then default values if defined in your tf file.
Alternative you can pass environment variables in through the CLI to set variables in terraform like so.
> terraform apply -var super_secret_variable=$super_secret_variable
This doesn't require that you prefix it so if they are something you can't change that may be your best course of action.
You can read more here in the docs.
You could just use bare provider like so:
provider "aws" {}
And make sure env vars available in your shell session:
$ export AWS_ACCESS_KEY_ID="your-key-id"
$ export AWS_SECRET_ACCESS_KEY="your-secret-key"
$ export AWS_DEFAULT_REGION="your-region"
Then, check if the above works:
terraform plan
If you satisfy the the plan, you might perform terraform apply
to make the change.
For more details: https://www.terraform.io/docs/providers/aws/#environment-variables