TerraformPilot

Terraform

Terraform Random Provider - Generate Unique Names and Passwords

Use the Terraform random provider to generate unique names, passwords, IDs, and UUIDs. Prevent naming conflicts and create secure credentials in your...

LLuca Berton1 min read

Quick Answer

# 
resource "random_id" "suffix" {
  byte_length = 4
}
 
resource "aws_s3_bucket" "data" {
  bucket = "myapp-data-${random_id.suffix.hex}"  # e.g., myapp-data-a1b2c3d4
}

Available Random Resources

#

random_id — Unique Hex/Base64 IDs

# 
resource "random_id" "db" {
  byte_length = 4
}
 
# random_id.db.hex      → "a1b2c3d4"
# random_id.db.b64_std  → "obLDfA=="
# random_id.db.dec      → "2712847316"

random_string — Custom Character Sets

# 
resource "random_string" "suffix" {
  length  = 8
  special = false
  upper   = false
}
 
# random_string.suffix.result → "k7m2x9np"

random_password — Secure Passwords

# 
resource "random_password" "db" {
  length           = 32
  special          = true
  override_special = "!#$%^&*()-_=+[]{}|:,.<>?"
}
 
resource "aws_db_instance" "main" {
  password = random_password.db.result  # Marked sensitive automatically
}
 
# Store in Parameter Store or Secrets Manager
resource "aws_ssm_parameter" "db_password" {
  name  = "/${var.project}/db-password"
  type  = "SecureString"
  value = random_password.db.result
}

random_integer — Random Numbers

# 
resource "random_integer" "az" {
  min = 0
  max = 2
}
 
# Use for random AZ selection

random_uuid — UUIDs

# 
resource "random_uuid" "correlation" {}
# random_uuid.correlation.result → "550e8400-e29b-41d4-a716-446655440000"

random_pet — Human-Readable Names

# 
resource "random_pet" "server" {
  length    = 2
  separator = "-"
}
# random_pet.server.id → "fluffy-cat"

random_shuffle — Shuffle Lists

# 
resource "random_shuffle" "azs" {
  input        = ["us-east-1a", "us-east-1b", "us-east-1c"]
  result_count = 2
}
# random_shuffle.azs.result → ["us-east-1c", "us-east-1a"]

Keepers — Regenerate When Values Change

# 
resource "random_password" "db" {
  length  = 32
  special = true
 
  keepers = {
    rotation_date = "2025-01-01"  # Change this to rotate password
  }
}
 
resource "random_id" "bucket" {
  byte_length = 4
  keepers = {
    environment = var.environment  # New ID per environment
  }
}

Common Patterns

# 
# Globally unique S3 bucket name
resource "random_id" "bucket" {
  byte_length = 4
}
resource "aws_s3_bucket" "data" {
  bucket = "${var.project}-${var.env}-${random_id.bucket.hex}"
}
 
# Azure Storage Account (lowercase alphanum only, 3-24 chars)
resource "random_string" "storage" {
  length  = 8
  special = false
  upper   = false
}
resource "azurerm_storage_account" "main" {
  name = "${var.project}${random_string.storage.result}"
}
 
# Unique resource group suffix
resource "random_pet" "env" {
  length = 2
}

Important Notes

#
  • Random values are stored in state — they don't change on every apply
  • Use keepers to control when values regenerate
  • random_password is automatically marked sensitive
  • Random resources won't trigger recreation of dependent resources unless their value changes
#

Conclusion

#

Use random_id for unique suffixes on globally-named resources (S3, Storage Accounts), random_password for secure credentials, and keepers to control rotation. Random values persist in state — they only change when you modify keepers or taint the resource.

#Terraform#DevOps#Infrastructure as Code

Share this article

Related articles