Introduction

Terraform output values allow you to export structured information about your resources. This data can be used to automate the configuration of other infrastructure components, serve as input for another Terraform workspace, or pass values from a child module to a root module.

Requirements

Create infrastructure

  • Clone the Learn Terraform variables GitHub repository for this tutorial by running the following command:

git clone https://github.com/hashicorp-education/learn-terraform-outputs

  • Change to the repository directory.

cd learn-terraform-outputs

Image description

  • Open your terraform.tf file and uncomment the cloud block. Then, replace the placeholder organization name with your own HCP Terraform organization name. Image description
  • Run terraform init to initialize your configuration. Terraform will automatically create the learn-terraform-outputs workspace in your HCP Terraform organization. Image description
  • Run terraform apply to apply the configuration. Image description

Output VPC and load balancer information

While you can place output declarations anywhere in your Terraform configuration, it’s best practice to define them in a dedicated file named outputs.tf. This helps keep your configuration organized and makes it easier for others to understand and review the expected outputs.

  • Add the following block to outputs.tf to show the ID of the VPC, load balancer url and instance count. 
output "vpc_id" {
  description = "ID of project VPC"
  value       = module.vpc.vpc_id
}

output "lb_url" {
  description = "URL of load balancer"
  value       = "http://${module.elb_http.elb_dns_name}/"
}

output "web_server_count" {
  description = "Number of web servers provisioned"
  value       = length(module.ec2_instances.instance_ids)
}

The lb_url output uses string interpolation to build a URL from the load balancer’s domain name. The web_server_count output uses the length() function to determine how many instances are attached to the load balancer.

Terraform stores output values in the state file, so to view these new outputs, you must apply the updated configuration—even if it doesn’t result in any infrastructure changes.
Image description

Query outputs

After creating the outputs, use the terraform output command to query all of them.

terraform output

Image description

  • Next, query an individual output by name.

terraform output [output-name]

Image description

Redact sensitive outputs

Terraform allows you to mark outputs as sensitive, which ensures their values are redacted in the CLI to prevent accidental exposure. Sensitive outputs are useful for securely passing confidential information—such as credentials or tokens—to other Terraform modules, automation tools, or HCP Terraform workspaces.

  • Add the following output blocks to your outputs.tf file. Note that the sensitive attribute is set to true. 
output "db_username" {
  description = "Database administrator username"
  value       = aws_db_instance.database.username
  sensitive   = true
}

output "db_password" {
  description = "Database administrator password"
  value       = aws_db_instance.database.password
  sensitive   = true
}

Image description

  • Apply this change to add these outputs to your state file, and respond to the confirmation prompt with yes. Image description Notice that Terraform redacts the values of the outputs marked as sensitive.
  • Use the terraform output command to query the database password by its output name. Note that when you retrieve a specific sensitive output this way, Terraform will display the value, it does not redact it. This behavior is intentional to support scripting and automation, but it also highlights the need to handle sensitive outputs with care.

terraform output db_password

Image description

  • You can pull down your remote state file from HCP Terraform by running this command:

terraform state pull > terraform.tfstate

Generate machine-readable output

Terraform’s CLI output is intended for human readability. For automation or scripting purposes, you can use the -json flag with commands like terraform output to produce machine-readable, JSON-formatted output.

terraform output -json

Image description

Thanks for staying till the end