setting a multi-line value in terraform variables

Question

I'm trying to deploy a beanstalk and use this as part of the aws_elastic_beanstalk_environment terraform resource:

  setting {
    namespace = "aws:elb:policies:PublicKey"
    name      = "PublicKey"
    value     = var.PUBLICKEY

The value of the var.PUBLICKEY should be in this format:

-----BEGIN PUBLIC KEY-----
sajldlkuewindasmASL/aisudoiasumasdnowqeuoi@kajsdlkausKJDolkejpwr
sajldlkuewindasmASL/aisudoiasumasdnowqeuoi@kajsdlkausKJDolkejpwr
sajldlkuewindasmASL/aisudoiasumasdnowqeuoi@kajsdlkausKJDolkejpwr
sajldlkuewindasmASL/aisudoiasumasdnowqeuoi@kajsdlkausKJDolkejpwr
sajldlkuewindasmASL/aisudoiasumasdnowqeuoi@kajsdlkausKJDolkejpwr
sajldlkuewindasmASL/aisudoiasumasdnowqeuoi@kajsdlkausKJDolkejpwr
asdhjasd
-----END PUBLIC KEY-----

May I ask if you have tried to set a variable with this kind of format? Or is terraform allow to use this kind of format as a variable on tfvars section?

Answer 1

Although the answer for this case was to make it a single-line string, the question here seems likely to attract searches for multi-line strings in Terraform variables in general, so this answer is for anyone who ends up here in a situation where you can't just make it a single-line string.

When setting variables within the Terraform language itself (inside module blocks) or in .tfvars files, you can use Heredoc Strings to write a multi-line string value:

example = <<-EOT
-----BEGIN PUBLIC KEY-----
sajldlkuewindasmASL/aisudoiasumasdnowqeuoi@kajsdlkausKJDolkejpwr
sajldlkuewindasmASL/aisudoiasumasdnowqeuoi@kajsdlkausKJDolkejpwr
sajldlkuewindasmASL/aisudoiasumasdnowqeuoi@kajsdlkausKJDolkejpwr
sajldlkuewindasmASL/aisudoiasumasdnowqeuoi@kajsdlkausKJDolkejpwr
sajldlkuewindasmASL/aisudoiasumasdnowqeuoi@kajsdlkausKJDolkejpwr
sajldlkuewindasmASL/aisudoiasumasdnowqeuoi@kajsdlkausKJDolkejpwr
asdhjasd
-----END PUBLIC KEY-----
EOT

When setting a variable value on the command line or via environment variables, Terraform just uses the value it recieves literally as given and so the solution would be to learn how to write a string containing newlines in the syntax of your shell or in some other programming language you're using to run Terraform with environment variables set. For typical Unix-style shells you can write quotes ' around a multi-line string in order to make the newlines be interpreted literally:

export TF_VAR_example='-----BEGIN PUBLIC KEY-----
sajldlkuewindasmASL/aisudoiasumasdnowqeuoi@kajsdlkausKJDolkejpwr
sajldlkuewindasmASL/aisudoiasumasdnowqeuoi@kajsdlkausKJDolkejpwr
sajldlkuewindasmASL/aisudoiasumasdnowqeuoi@kajsdlkausKJDolkejpwr
sajldlkuewindasmASL/aisudoiasumasdnowqeuoi@kajsdlkausKJDolkejpwr
sajldlkuewindasmASL/aisudoiasumasdnowqeuoi@kajsdlkausKJDolkejpwr
sajldlkuewindasmASL/aisudoiasumasdnowqeuoi@kajsdlkausKJDolkejpwr
asdhjasd
-----END PUBLIC KEY-----
'

...but either way this ends up being a problem for whatever shell or other program you're launching Terraform from, not for Terraform itself, and so it's not possible to give a generic answer that would work for all situations. Writing a .tfvars file is the most predictable way to do it, because then Terraform itself is responsible for parsing it.

Answer 2

I can't comment on Martin Atkins's response but his suggestion can also be extended to situations where Terraform needs to call a bash script:

data "external" "test" {
  program = ["bash", "test.sh"]

  query = {
    pca_cert = "'${data.aws_acmpca_certificate_authority.pca.certificate}'"
  }
}

Notice the single quotes enclosing the ${data.aws_acmpca_certificate_authority.pca.certificate} variable

Answer 3

The value of the PublicKey should be a single line string without -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- as shown in the AWS docs.