Skip to content

CI Variables

Before we can use our Terraform pipeline there are a few CI variables we have to define first. These are essentially environment variables that are passed into the CI pipeline when it executes, allowing us to feed into each pipeline some additional information needed for the scripts to do their job.

CI Variables

In the case of Terraform we're going to be configuring the AWS API credentials we want Terraform to use.


This isn't the best way of handling this problem but that's the point at this point in the book. We're showing you how-to get the job done but later on we show you how-to get the job done better and evolve your understanding of building systems that get more and more complex.

We need three variables:

  1. TF_VAR_aws_region
  2. TF_VAR_aws_access_key
  3. TF_VAR_aws_secret_key

These variables are written in a special format for Terraform. They take the form of: TF_VAR_ followed by the name of the variable {} in the Terraform code (HCL) that we're providing the input to. So if we have variable "aws_region" {} and we want Terraform to get the value for this variable from the environment, then we create an environment variable called TF_VAR_aws_region.

It's a combination of TF_VAR_ and aws_region. The case is important.

Defining the Variables

To create this CI variable and have it be made available permanently to every CI pipeline, we have to use the main settings panel.

  1. Navigate to the http-cats/infrastructure/terraform repository in GitLab
  2. Goto Settings in the left hand menu
  3. Followed by CI/CD
  4. Above five sections down there is a section called Variables - click Expand here

We will see this:

Terraform CI Variables

To create the three variables we need we need to click Add variable and then follow the prompts:

CI/CD Variables

We need to fill in the fields as such:

  • Key - the variable's name, as it will be see in the environment
  • Value - the variable's actual value, which will be what Terraform receives
  • Type - the type Variable is fine
  • Environment scope - this can be left as is
  • Flags - we leave the Protect variable flag set to true; we set the Mask variable to true also, checking the box

Using this dialogue create the three environment variables we need.


Now we can trigger our pipeline as Terraform will have the configuration it needs to access the AWS API and operate correctly.