Yuki Cares
Devops

Setting Terraform Variables from the Command Line (Without the Headaches)

April 7, 2026
Published
#Automation#CLI#DevOps#Infrastructure as Code#Terraform

You don’t always want to hardcode values into Terraform files. And you definitely don’t want to duplicate environments just to tweak a few inputs. That’s where passing variables via the command line becomes incredibly useful.

If you’ve ever run terraform apply and been prompted for input, you’ve already touched the surface of Terraform variables. But let’s get into the practical side—how to set variables directly from the CLI in a way that’s predictable and automation-friendly.

Quick Example First

Here’s the simplest way to pass a variable:

TEXT
1terraform apply -var="instance_type=t3.micro"

This assumes you have a variable defined like this:

TEXT
1variable "instance_type" {
2  type = string
3}

Terraform will inject t3.micro into your configuration at runtime.

Multiple Variables in One Command

You can pass more than one variable by repeating the -var flag:

TEXT
1terraform apply \
2  -var="instance_type=t3.micro" \
3  -var="region=us-east-1"

This is handy for quick overrides, especially in CI/CD pipelines or one-off runs.

Where This Actually Helps

Command-line variables shine in scenarios like:

  • Running the same config across multiple environments
  • Injecting secrets from external systems
  • Testing changes without modifying .tf files
  • Automating deployments in pipelines

But here’s where things get interesting—CLI variables are just one part of Terraform’s variable precedence system.

Understanding Variable Precedence

Terraform doesn’t treat all variables equally. If the same variable is defined in multiple places, this is the priority order (highest to lowest):

  1. Command-line flags (-var and -var-file)
  2. Environment variables (TF_VAR_*)
  3. .tfvars files
  4. Default values in variables.tf

So if you pass -var="region=eu-west-1", it will override anything defined elsewhere.

Using -var-file Instead of Inline Values

Typing multiple -var flags gets messy fast. A cleaner approach is to use a variable file:

TEXT
1terraform apply -var-file="prod.tfvars"

Example prod.tfvars:

TEXT
1instance_type = "m5.large"
2region        = "us-west-2"

You can even combine both approaches:

TEXT
1terraform apply \
2  -var-file="prod.tfvars" \
3  -var="instance_type=t3.small"

In this case, the inline -var overrides the file value.

Passing Complex Types

Things get slightly tricky when dealing with lists or maps.

List Example

TEXT
1terraform apply -var='availability_zones=["us-east-1a","us-east-1b"]'

Map Example

TEXT
1terraform apply -var='tags={Environment="dev",Owner="team-a"}'

Notice the use of single quotes around the entire expression. This prevents your shell from misinterpreting characters.

A Common Mistake Developers Make

Forgetting about shell escaping.

For example, this often breaks:

TEXT
1-var="tags={Environment=dev,Owner=team-a}"

Because the shell tries to interpret the braces. Using single quotes is safer for complex structures.

Environment Variables as an Alternative

If you don’t want variables exposed in command history, you can use environment variables:

TEXT
1export TF_VAR_region=us-east-1
2terraform apply

This achieves the same effect as:

TEXT
1-var="region=us-east-1"

This approach is commonly used in CI systems where secrets are injected securely.

When Not to Use CLI Variables

Passing everything via the command line can get out of hand. It’s usually not the best choice when:

  • You have many variables
  • You need version-controlled configurations
  • Teams need consistency across environments

In those cases, .tfvars files or workspace-based configs are easier to manage.

A Real-World Workflow

A common pattern in teams looks like this:

  • Base configuration in .tf files
  • Environment-specific values in dev.tfvars, prod.tfvars
  • Sensitive overrides via CLI or environment variables
TEXT
1terraform apply \
2  -var-file="dev.tfvars" \
3  -var="db_password=$DB_PASSWORD"

This keeps secrets out of source control while maintaining structured configs.

Debugging Variable Issues

If Terraform isn’t picking up your variable:

  • Double-check the variable name matches exactly
  • Confirm quoting is correct
  • Run terraform plan to inspect resolved values

You can also temporarily output variables:

TEXT
1output "debug_region" {
2  value = var.region
3}

Wrapping Up

Setting Terraform variables on the command line is simple on the surface but surprisingly powerful once you combine it with files, environment variables, and automation workflows.

If you’re just overriding a value or testing something quickly, -var is perfect. For anything more structured, pair it with -var-file and let each tool do its job.

Once you get comfortable with this, your Terraform runs become far more flexible—and a lot less repetitive.

Comments

Leave a comment on this article with your name, email, and message.

Loading comments...

Similar Articles

More posts from the same category you may want to read next.

Share: