Skip to content


Configuration Syntax

Terraform uses text files to describe infrastructure and to set variables. These text files are called Terraform configurations and end in .tf

The format of the configuration files are either in Terraform format or in JSON. The Terraform format is more human-readable, supports comments, and is the generally recommended

Terraform format ends in .tf and JSON format ends in .tf.json.

The syntax of Terraform configurations is called HashiCorp Configuration Language (HCL).


# An AMI
variable "ami" {
  description = "the AMI to use"

/* A multi
   line comment. */
resource "aws_instance" "web" {
  ami               = "${var.ami}"
  count             = 2
  source_dest_check = false

  connection {
    user = "root"
  • Single line comments start with #
  • Multi-line comments are wrapped with /* and */
  • Values are assigned with the syntax of key = value
  • Strings are in double-quotes.
  • Strings can interpolate other values using syntax wrapped in ${}, such as ${}.
  • Boolean values: true, false.
  • Lists of primitive types can be made with square brackets ([]). Example: ["foo", "bar", "baz"].
  • Maps can be made with braces ({}) and colons (:): { "foo": "bar", "bar": "baz" }.


  • Interpolations are wrapped in ${}, such as ${}
  • The interpolation syntax is powerful and allows you to reference variables, attributes of resources, call functions, etc.
  • You can perform simple math in interpolations, allowing you to write expressions such as ${count.index + 1}. And you can also use conditionals to determine a value based on some logic.
  • You can escape interpolation with double dollar signs: $${foo} will be rendered as a literal ${foo}.


User string variables

Use the var. prefix followed by the variable name. For example, ${} will interpolate the foo variable value

Assigning Variables

From Command Line

You can set variables directly on the command-line with the -var flag. Any command in Terraform that inspects the configuration accepts this flag, such as apply, plan, and refres

$ terraform apply \
  -var 'access_key=foo' \
  -var 'secret_key=bar'

From a File

It is not recommended saving usernames and password to version control, but you can create a local secret variables file and use -var-file to load it.

$ terraform apply \
  -var-file="secret.tfvars" \


Lists are defined either explicitly or implicitly

implicitly by using brackets [...]

variable "cidrs" { default = [] }
variable "cidrs" { type = "list" }
You can specify lists in a terraform.tfvars file:
cidrs = [ "", "" ]

Access the CIDR using:

cidr = ${"var.cidrs[0]"}


Maps are a way to create variables that are lookup tables

variable "amis" {
  type = "map"
  default = {
    "us-east-1" = "ami-b374d5a5"
    "us-west-2" = "ami-4b32be2b"

A variable can have a map type assigned explicitly, or it can be implicitly declared as a map by specifying a default value that is a map. The above demonstrates both.

To get the AMI vaulue for the var.region:

resource "aws_instance" "example" {
  ami           = "${lookup(var.amis, var.region)}"
  instance_type = "t2.micro"

If var.region is not setup:

resource "aws_instance" "example" {
  ami           = "${lookup(var.amis, "us-west-2")}"
  instance_type = "t2.micro"
maps can also be set using the -var and -var-file values
$ terraform apply -var 'amis={ us-east-1 = "foo", us-west-2 = "bar" }'