What Is Terraform Output?

Terraform is a widely accepted tool for defining and provisioning infrastructure as code. One of the essential features of this tool is Terraform output, which enables users to extract and display useful information from Terraform configurations.

This article delves into the significance of Terraform output, its syntax and usage, and best practices to enhance your infrastructure-as-code projects.

Understanding Terraform Output

Suppose you're managing a complex infrastructure and need to share critical data between various resources or external systems. Terraform output is a feature that allows you to do just that. This feature effortlessly extracts and displays valuable information from your Terraform configurations and allows you to share it between different modules, workspaces, and external systems.

Terraform outputs expose valuable information about the resources managed by Terraform. The terraform output command-line tool then allows you to retrieve and display these output values, which other components of your infrastructure or external systems can then consume.

Having the feature of Terraform output provides several benefits, primarily:

• Data sharing: Terraform outputs excel at sharing attributes of dynamically generated resources between Terraform configurations and other systems. Suppose you create an EC2 instance with Terraform. The output block can capture the public IP address, which can then be used by another Terraform configuration to set up a security group rule or passed on to an external configuration management tool.
• Automation: Outputs empower automated configuration management by providing dynamic values for dependent resources. For instance, if you provision a database server with Terraform and the database port is dynamically assigned, the output block can capture this port. This captured port can then be used within another configuration to establish a connection to the database from a web application.
• Debugging and verification: Outputs go beyond simply verifying the state of resources. During troubleshooting, you can examine the output values to pinpoint any inconsistencies or unexpected resource configurations that might be causing issues with dependent processes.
• Consistency: Outputs promote consistency across environments. By referencing outputs instead of hardcoded values, you can maintain identical configuration logic across development, testing, and production environments.
• Documentation: Outputs can act as a form of documentation, offering clear and concise information about the infrastructure provisioned by Terraform. This can be particularly valuable for other engineers or teams who need to understand the system.

Syntax and Usage of Terraform Outputs

Terraform outputs are defined within configuration files using the output block. Here's the syntax breakdown:

output "<name>" {
  value = <expression>
}

• <name>: This is a user-defined name for the output variable. Choose a descriptive name that reflects the data it holds.
• <expression>: This is a Terraform expression that evaluates the value you want to expose. It can reference attributes of resources, use functions, or perform calculations.

Examples of Outputs

The following AWS instance examples show how you can display Terraform outputs as different data types:

• String output:
  

output "instance_id" {
  value = aws_instance.example.id
}

• Number output:

output "instance_count" {
  value = length(aws_instance.example)
}

• List output:

output "instance_ips" {
  value = aws_instance.example[*].public_ip
}

• Map output:

output "instance_tags" {
  value = {
    for instance in aws_instance.example :
    instance.id => instance.tags
  }
}

Referencing Outputs in Your Code

Once defined, you can reference outputs within your Terraform code using their names. Here's an example:

module "example_module" {
  source  = "./modules/example"
  # Reference the output from another module
  instance_id = var.other_module_name.instance_id
}

In this example, the example_module references the instance_id output from another module named other_module_name. This demonstrates how outputs facilitate communication and data exchange between modules.

Output Variables vs. Data Sources

Terraform outputs and data sources might seem similar at first glance, but they serve distinct purposes in your infrastructure-as-code (IaC) workflows. Here's a breakdown to clarify the differences:

Terraform Output Variables

Terraform outputs expose information about resources managed by Terraform. The output values are derived from attributes of existing resources within your Terraform configuration. Outputs are typically used in cases that involve:

• Sharing data between Terraform modules or configurations
• Passing information to external systems for configuration management or monitoring
• Simplifying configuration logic by referencing dynamic values instead of hardcoded data

An example of such a scenario is extracting the public IP address of an EC2 instance and using it to configure a security group rule in another Terraform module.

Terraform Data Sources

Data sources retrieve data from external sources. It interacts with APIs or plugins to fetch information from cloud providers, configuration management tools, or other external systems. Data sources are used in cases that involve:

• Accessing information about existing resources that are not managed by Terraform itself
• Using external data to dynamically configure Terraform resources
• Integrating your IaC with other tools and platforms

An example is using a data source to retrieve a list of available regions in a cloud provider before creating resources in those regions.

Simply put, the choice between using an output variable or a data source depends on the origin of the data you need:

• If the data originates from resources managed within your Terraform configuration, use an output variable.
• If the data resides in an external system or needs to be fetched dynamically, use a data source.

Best Practices for Using Terraform Output

When using Terraform outputs, you should consider the following best practices:

• Use descriptive names: Choose clear and concise names that reflect the data being exposed by the output variable. Avoid generic names like "output1" or "data." Instead, use names like "rds_instance_public_ip" or "webserver_security_group_id." This improves readability and maintainability of your configurations.
• Use a consistent naming convention: Maintain a consistent naming convention throughout your Terraform codebase. This could involve using underscores or hyphens for separation and keeping the naming scheme aligned across all modules and configurations.
• Group related outputs: Group related outputs together logically. For example, if you have multiple outputs related to a database instance (IP address, port, username), group them under a single heading within your configuration file. This improves organization and makes it easier to find specific information.
• Use comments: Include clear comments to explain the purpose and usage of each output variable. This is particularly helpful for outputs that might not be immediately self-explanatory or when used by other modules or teams.
• Avoid unnecessary outputs: Avoid defining outputs for data that isn't genuinely required. Excessive outputs can clutter the output and make it harder to identify the most relevant information. Evaluate if the data can be used directly within your Terraform configuration or if an alternative approach might be more efficient.
• Avoid outputs for secrets: If possible, avoid storing sensitive data in Terraform configurations altogether. Explore alternative methods for managing secrets, such as leveraging HashiCorp Vault or environment variables.
• Use the Terraform sensitive attribute: If using outputs for secrets is unavoidable, mark them as sensitive using the sensitive attribute within the output block. This instructs the terraform output command to suppress the value when displaying output.

Here's an example with the sensitive attribute added:

output "db_password" {
  value     = aws_db_instance.example.password
  sensitive = true
}

Conclusion

Terraform output empowers you to bridge the gap between static configurations and dynamic infrastructure. By leveraging outputs, you can streamline data sharing, automate tasks, and simplify verification.

To unlock the full potential of your infrastructure, consider using Pure Storage solutions like Portworx® to enable persistent storage for your Terraform Kubernetes deployments as well as Pure Cloud Block Store™ to provide the ideal storage solution for your cloud-based applications.