Terraform Outputs Getting Values from Your Infrastructure

After Terraform creates infrastructure, you often need specific values from it — an IP address, a database connection string, a bucket name. Output values let you extract and display these details after a successful apply. This topic covers how to declare outputs, use them between modules, and query them from the command line.

What Are Output Values

Output values are like the receipt you get after a transaction. When Terraform finishes building your infrastructure, outputs print the important details to your terminal so you know what was created and how to access it.

Diagram: Outputs as the Final Report

terraform apply
      |
      v
Resources Created:
  - EC2 instance (id: i-0abc123)
  - S3 bucket (name: my-app-bucket-2024)
  - RDS database (endpoint: db.xyz.rds.amazonaws.com)
      |
      v
Outputs:
  server_ip       = "54.210.123.45"
  database_url    = "db.xyz.rds.amazonaws.com:5432"
  storage_bucket  = "my-app-bucket-2024"

Declaring an Output Block

You declare outputs in an output block, typically in a file called outputs.tf.

output "server_public_ip" {
  description = "The public IP address of the web server"
  value       = aws_instance.web_server.public_ip
}

Output Block Arguments

  • description: Explains what this output represents. Always include it for clarity.
  • value: The actual data to expose. This is usually a reference to a resource attribute.
  • sensitive: Set to true to hide the value from terminal output (covered below).

Multiple Outputs in One File

output "server_public_ip" {
  description = "Public IP of the web server"
  value       = aws_instance.web_server.public_ip
}

output "database_endpoint" {
  description = "RDS database connection endpoint"
  value       = aws_db_instance.app_db.endpoint
}

output "s3_bucket_name" {
  description = "Name of the application S3 bucket"
  value       = aws_s3_bucket.app_storage.bucket
}

After applying, Terraform prints all outputs automatically at the end of the run.

Querying Outputs After Apply

You can retrieve output values at any time without running a full apply — as long as state exists.

# Show all outputs
terraform output

# Show a single output
terraform output server_public_ip

# Get the raw value without quotes (useful for scripts)
terraform output -raw server_public_ip

# Get output as JSON (useful for automation)
terraform output -json

Using Output Values in Shell Scripts

IP=$(terraform output -raw server_public_ip)
ssh ec2-user@$IP

The -raw flag removes surrounding quotes, making the value directly usable in shell variables and scripts.

Sensitive Outputs

Some output values contain secrets — database passwords, API keys, private IP addresses. Mark these as sensitive so Terraform hides them from the terminal.

output "database_password" {
  description = "The master password for the RDS instance"
  value       = aws_db_instance.app_db.password
  sensitive   = true
}

When sensitive is true, Terraform shows this in the terminal:

database_password = <sensitive>

The value is still stored in the state file. Mark your state file access as restricted when using sensitive outputs — anyone who can read the state can read the value.

Outputs in Modules

Outputs become essential when you work with modules. A module is a reusable block of Terraform code. The only way for a parent configuration to access values from inside a module is through that module's declared outputs.

# Inside the module (modules/network/outputs.tf)
output "vpc_id" {
  description = "The ID of the created VPC"
  value       = aws_vpc.main.id
}

# In the root configuration (main.tf)
module "network" {
  source = "./modules/network"
}

resource "aws_subnet" "app" {
  vpc_id     = module.network.vpc_id   # accessing the module output
  cidr_block = "10.0.1.0/24"
}

The pattern is: module.MODULE_NAME.OUTPUT_NAME

Computed Outputs with Expressions

Output values do not have to be raw resource attributes. You can compute new values using expressions.

output "web_url" {
  description = "Full URL to access the web server"
  value       = "https://${aws_instance.web_server.public_ip}:8080"
}

output "instance_count" {
  description = "Number of servers created"
  value       = length(aws_instance.web_server)
}

Key Points

  • Output blocks expose infrastructure values to the terminal and to other Terraform configurations.
  • Always include a description so outputs are self-documenting.
  • Use terraform output -raw NAME to get clean values for use in shell scripts.
  • Mark sensitive outputs with sensitive = true to prevent them from printing to the screen.
  • Modules communicate values to their callers exclusively through output blocks.
Previous lessons
Back to courses
Next lessons

Leave a Comment