Terraform by Example: Outputs
Outputs expose information from your infrastructure. This sample code demonstrates how to return values like IP addresses and handle sensitive data securely.
Code
resource "aws_eip" "lb" {
domain = "vpc"
}
output "ip_address" {
value = aws_eip.lb.public_ip
description = "The public IP of the load balancer"
}
output "connection_string" {
value = "http://${aws_eip.lb.public_ip}:8080"
description = "Full connection string"
sensitive = false
}
# Sensitive output (hidden from CLI)
output "db_password" {
value = "super-secret-password"
sensitive = true
}Explanation
Output values are the return values of a Terraform module. They allow you to expose specific information about your infrastructure on the command line after a deployment, or to share data between different modules. For example, you might output the public IP address of a web server or the connection endpoint of a database.
Key attributes of outputs include:
- Value: The data to be returned (required)
- Description: Documentation for the output (recommended)
- Sensitive: Hides the value from CLI output (but not state)
For security, Terraform provides the sensitive = true attribute. When applied to an output, it prevents the value from being displayed in the CLI output or logs, protecting sensitive data like passwords or API keys. However, it is important to remember that these values are still stored in plain text within the Terraform state file.
Code Breakdown
output "ip_address" defines a named output value.value = aws_eip.lb.public_ip extracts the IP from the created resource.description documents the purpose of this output.value = "http://..." uses string interpolation to format the output.sensitive = true suppresses the output in CLI logs for security.