Terraform Output

Terraform Output – What you should know

In this post, you’ll learn how to create Terraform outputs.

Terraform is a powerful and valuable tool to deploy and operate infrastructure in your environment. However, with so many providers and modules, there isn’t much Terraform can’t do.

Terraform’s colossal draw is how you can create resources in various environments by applying the same configuration. As your infrastructure increases and shifts more complicated, the need to use variables rises. The way you can achieve this is with input and output variables.

Also, If you’re writing very long Terraform configurations deploying various components, you can break these out into shorter modules. If you are using Terraform modules, you might be required to pass Output from one module to the other.

What is Terraform Output?

Terraform output values enable you to export structured data related to your resources. You can apply this data to configure different parts of your infrastructure with an automation approach or as a data source for additional Terraform workspace. So, Outputs are additionally required to distribute data from a child module to your root module.

We could compare the Output with the variables as a return value of a Terraform module. There are many applications for output variables. Here are some cases:

  • We can apply outputs to present a subset of a child module’s resource attributes to a parent module. 
  • After running the Terraform apply command, we can use outputs to print values from a root module in the CLI output.
  • If you are utilizing a remote state, different configurations can reach the outputs of a root module through the terraform_remote_state data source.

These are just some cases of why we would apply output variables. To define an output value, you must specify them in an output section, as explained in the example here:

Declaring a Terraform Output Value

Each output value exported by a module must be declared using an output block.

output "inst_private_ip" {
  value = aws_instance.instance.private_ip

The label in double quotes after the output keyword is the name, which must be a valid identifier. This name is presented to the user; it can be utilized to reach the Output’s value within a child module.

The value argument uses an expression whose result is to be delivered to the user. In this example, the expression relates to the private_ip property shown by an aws_instance resource described subsequently in this module (not shown). Each valid expression is admitted as an output value.

Let’s see another example. Where we need print out and sensitive information:

output "db_user" {
  description = "Database administrator user"
  value       = aws_db_instance.db.user
  sensitive   = true
output "db_secrect" {
  description = "Database administrator secrect"
  value       = aws_db_instance.db.secrect
  sensitive   = true

Sensitive data on Terraform Output

You can assign Terraform outputs as sensitive. Terraform will mask the values of discreet outputs to avoid accidentally writing them out to the console. Apply sensitive outputs to give sensitive data from your code with other Terraform modules, automation tools, or workspaces.

For instance, Terraform will mask sensitive outputs when we plan, apply, or destroy phase in your configuration. When you query all of your outputs, we will see below how to do it. Terraform will not mask sensitive outputs in different situations, such as when you query a specific output by name, query all of your outputs using JSON format, or use outputs from a dependent module in your root module.

On important information: Outputs are only performed when Terraform executes your plan command. Running a terraform plan will not render outputs. So, always keep it in your mind.

Terraform Output and depends_on

Because output values are only a method for transferring data out of a module, it usually is not required to worry about their connections with other nodes.

But, when a parent module reaches an output value transported by one of its child modules, the dependencies of that output value let Terraform accurately define the dependencies between resources described in distinct modules.

For example, Terraform interprets the value expression for an output value and automatically defines a set of dependencies regarding dependencies. Still, in less-common cases, Terraform cannot accept some dependencies implicitly. In these exceptional cases, the depends_on argument can be applied to generate extra explicit dependencies:

output "db_user" {
  description = "Database administrator user"
  value       = aws_db_instance.db.user
  sensitive   = true
output "db_secrect" {
  description = "Database administrator secrect"
  value       = aws_db_instance.db.secrect
  sensitive   = true

Most importantly, you should utilize the depends_on argument just as the last option. When applying it, always add a comment describing why it is being used to support future DevOps Engineers, assuming the idea of the extra dependency.

How to check the Terraform Output?

When you execute Apply, all outputs declared on your modules will be printed out on the console. However, there are times when we would like to see those values without executing the Apply again. So, for this goal, we can use the Terraform output command.

Instructions: terraform output [args] [NAME]

With no extra arguments, the Output will reveal all the outputs for the root module. If an output NAME is defined, only the value of that Output is printed on the console.

The command line accepts some flags that are all arbitrary. The list of possible flags are:

  • -state=path – It’s the Path to the state file. Defaults to “terraform.tfstate”. Ignore it if you are using a remote state.
  • -json – If defined, the outputs are printed out using JSON format, with a key per Output. If NAME is defined, Terraform will print just the Output specified. Additionally, we can use pipe and tools like jq for additional processing.
  • -no-color – If defined, the Output won’t include any color.
  • -raw – If defined, Terraform will change the specified output value to a string and show that string right to the Output, without any specific format. This can be useful when running with shell scripts but only sustains string, number, and boolean values. Apply -json rather than for processing complex data types.

We can use Terraform Output with Terraform Data.


In this article, you used Terraform outputs to query data (see also How to use Terraform Data) about your infrastructure. Terraform outputs enable us to share data between Terraform workspaces or remote states and other mechanisms and automation. In addition, outputs are the only way to transfer data from a child module to your configuration’s root module.

Boost your Terraform Skills:

How and When to use Terraform Modules?

Learn How to use Output on your Terraform and share data across multiple configurations.

Create multiple copies of the same resource using Terraform Count.

Learn How to use Terraform Template, to build dynamic configurations.

Do you know the difference between Locals and Do you know what is Terraform Data and How to use it?

Execute Terraform on Gitlab CI.

Leave a Comment

Your email address will not be published. Required fields are marked *

Free PDF with a useful Mind Map that illustrates everything you should know about AWS VPC in a single view.