Terraform Console — A Powerful, Often Overlooked, Tool
Many ignore that Terraform offers a powerful tool to deeply inspect your configuration, or test ideas you have, out-of-the-box.
Terraform is a powerful IaC tool, that lets you provision and manage your infrastructure in a declarative way. Many people and companies use Terraform on a daily basis to provision their infrastructure.
However powerful, one of the problems many face when using Terraform, is that sometimes it feels kind of a black box.
For example, you write loops, complex variable transformations, come across a cryptic error, and wonder how could you inspect what is going on “under the hood”.
Or maybe, you just want to quickly test some expression, inspect a local value to see if it is the same as you expect, check a module’s output.
Luckily, Terraform offers a powerful command out-of-the-box, named console, you can start by running terraform console.
How to Run it
Terraform Console can be run either outside of a Terraform project, or inside one.
If you run it outside a Terraform project, it is sufficient to have Terraform installed and run terraform console.
If you want to run it inside a project, then you must also ensure that the variables have a value. For example, if you use a file named my.tfvars to valorise your variables, run terraform console -var-file=my.tfvars.
To exit an open console, just hit Ctrl+C or run exit.
What it Can And Cannot Do
Terraform console can be used for a multitude of purposes, and it is a powerful tool to have in your toolbox.
What you can do
- Print the value of a variable or local value (in the main module), just by running
var.<MY_VARIABLE>orlocal.<MY_LOCAL> - Evaluate any Terraform expression (including using for loops, ternary statements, and functions)
- Print a module’s outputs (only if the output was already generated in a previous apply) with
module.<MODULE_NAME>.<OUTPUT_NAME>. Note, it is not possible to print top-level module outputs, to do so there is theterraform outputcommand - Helps you catch errors that do not show up with
terraform validate - Lets you tinker with the HCL syntax.
Although powerful, Terraform console comes with its own set of limitations, and often looks like a tool that was a bit rushed, and outside HashiCorp’s priorities.
What you can’t do*
- Tab-autocomplete your sentences. It can be very annoying, especially with long variable names, but it seems like it won’t come anytime soon. Anyway, you can use up/down arrows for history at least, which is something already
- Define new local values to use in subsequent commands. Unfortunately, if you need it, you need to either add them in your code locally and then run the console again, or try to pack everything into a single line
- Inspect submodules. The only way you have to inspect what is happening in a module, is to define an output for it, or run terraform console in the module itself, providing values for its variables, which is not always possible nor very handy.
For more information about Terraform console, check the docs.
* as of Terraform v1.7.3
Keep in Mind
One of the most important things to keep in mind when using terraform console is that the command acquires the state lock for the whole time it is running.
So, beware that if you run it in one terminal, you cannot run a plan in another terminal instance at the same time. Moreover, other people in your team, or a Terraform pipeline or workflow automation framework using that same Terraform, will be locked from doing operations that require the lock (e.g. plan and apply) for the whole time you’re acquiring the lock.
If you just want to check if your syntax is correct, you may run terraform validate instead, which does not acquire the state lock. However, Terraform validate catches fewer errors than the ones caught by Terraform console.
In a sense, there is a sort of matryoshka: all errors caught by Terraform validate, and more, are caught by console, and all errors caught by console, and more, are caught by plan.
That’s it for this article, I hope you find it useful. Happy Terraform!
