Appearance
Terraform
Comprehensive Terraform commands and workflows for Infrastructure as Code (IaC), including resource management, state operations, and multi-cloud deployments.
Installation & Setup
| Command | Description |
|---|---|
terraform version | Show Terraform version |
terraform -help | Show help information |
terraform -help plan | Show help for specific command |
Core Workflow
Basic Operations
| Command | Description |
|---|---|
terraform init | Initialize working directory |
terraform plan | Create execution plan |
terraform apply | Apply changes |
terraform destroy | Destroy infrastructure |
terraform validate | Validate configuration |
terraform fmt | Format configuration files |
Advanced Planning
| Command | Description |
|---|---|
terraform plan -out=tfplan | Save plan to file |
terraform apply tfplan | Apply saved plan |
terraform plan -target=resource.name | Plan specific resource |
terraform plan -var="key=value" | Plan with variables |
terraform plan -var-file="vars.tfvars" | Plan with variable file |
State Management
State Operations
| Command | Description |
|---|---|
terraform state list | List resources in state |
terraform state show resource.name | Show resource details |
terraform state mv old_name new_name | Move resource in state |
terraform state rm resource.name | Remove resource from state |
terraform state pull | Download remote state |
terraform state push | Upload state to remote |
State Backup and Recovery
| Command | Description |
|---|---|
terraform state backup | Create state backup |
terraform force-unlock LOCK_ID | Force unlock state |
terraform refresh | Update state with real resources |
Workspaces
| Command | Description |
|---|---|
terraform workspace list | List workspaces |
terraform workspace new dev | Create new workspace |
terraform workspace select dev | Switch to workspace |
terraform workspace delete dev | Delete workspace |
terraform workspace show | Show current workspace |
Import and Output
Import Resources
| Command | Description |
|---|---|
terraform import resource.name id | Import existing resource |
terraform import aws_instance.example i-1234567890abcdef0 | Import AWS instance |
Outputs
| Command | Description |
|---|---|
terraform output | Show all outputs |
terraform output instance_ip | Show specific output |
terraform output -json | Show outputs in JSON |
Configuration Examples
Basic AWS EC2 Instance
hcl
provider "aws" {
region = "us-west-2"
}
resource "aws_instance" "example" {
ami = "ami-0c55b159cbfafe1d0"
instance_type = "t2.micro"
tags = {
Name = "example-instance"
}
}
output "instance_ip" {
value = aws_instance.example.public_ip
}Variables
hcl
variable "instance_type" {
description = "EC2 instance type"
type = string
default = "t2.micro"
}
variable "environment" {
description = "Environment name"
type = string
}Data Sources
hcl
data "aws_ami" "ubuntu" {
most_recent = true
owners = ["099720109477"] # Canonical
filter {
name = "name"
values = ["ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"]
}
}Modules
hcl
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
name = "my-vpc"
cidr = "10.0.0.0/16"
azs = ["us-west-2a", "us-west-2b"]
private_subnets = ["10.0.1.0/24", "10.0.2.0/24"]
public_subnets = ["10.0.101.0/24", "10.0.102.0/24"]
enable_nat_gateway = true
enable_vpn_gateway = true
}Remote State Configuration
S3 Backend
hcl
terraform {
backend "s3" {
bucket = "my-terraform-state"
key = "state/terraform.tfstate"
region = "us-west-2"
}
}Azure Backend
hcl
terraform {
backend "azurerm" {
resource_group_name = "tfstate"
storage_account_name = "tfstate"
container_name = "tfstate"
key = "prod.terraform.tfstate"
}
}Google Cloud Backend
hcl
terraform {
backend "gcs" {
bucket = "tf-state-bucket"
prefix = "terraform/state"
}
}Provider Configuration
AWS Provider
hcl
provider "aws" {
region = "us-west-2"
profile = "default"
default_tags {
tags = {
Environment = "production"
Project = "my-project"
}
}
}Azure Provider
hcl
provider "azurerm" {
features {}
subscription_id = "00000000-0000-0000-0000-000000000000"
tenant_id = "00000000-0000-0000-0000-000000000000"
}Google Cloud Provider
hcl
provider "google" {
project = "my-project-id"
region = "us-central1"
zone = "us-central1-c"
}Advanced Features
Conditional Resources
hcl
resource "aws_instance" "example" {
count = var.create_instance ? 1 : 0
ami = data.aws_ami.ubuntu.id
instance_type = var.instance_type
}For Each
hcl
resource "aws_instance" "example" {
for_each = toset(var.instance_names)
ami = data.aws_ami.ubuntu.id
instance_type = var.instance_type
tags = {
Name = each.key
}
}Dynamic Blocks
hcl
resource "aws_security_group" "example" {
name = "example"
dynamic "ingress" {
for_each = var.ingress_rules
content {
from_port = ingress.value.from_port
to_port = ingress.value.to_port
protocol = ingress.value.protocol
cidr_blocks = ingress.value.cidr_blocks
}
}
}Testing and Validation
Terraform Validate
| Command | Description |
|---|---|
terraform validate | Validate syntax |
terraform validate -json | Validate with JSON output |
Terraform Plan Analysis
| Command | Description |
|---|---|
terraform plan -detailed-exitcode | Plan with detailed exit codes |
terraform show | Show current state |
terraform show -json | Show state in JSON |
Third-party Tools
| Command | Description |
|---|---|
tflint | Terraform linter |
terraform-docs | Generate documentation |
checkov -f main.tf | Security scanning |
tfsec . | Security analysis |
Debugging and Troubleshooting
Logging
| Command | Description |
|---|---|
TF_LOG=DEBUG terraform plan | Enable debug logging |
TF_LOG=TRACE terraform apply | Enable trace logging |
TF_LOG_PATH=terraform.log terraform plan | Log to file |
Common Issues
| Command | Description |
|---|---|
terraform refresh | Sync state with reality |
terraform taint resource.name | Mark resource for recreation |
terraform untaint resource.name | Remove taint from resource |
Best Practices
File Organization
project/
├── main.tf # Main configuration
├── variables.tf # Variable definitions
├── outputs.tf # Output definitions
├── versions.tf # Provider versions
├── terraform.tfvars # Variable values
└── modules/
└── vpc/
├── main.tf
├── variables.tf
└── outputs.tfVersion Constraints
hcl
terraform {
required_version = ">= 1.0"
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 5.0"
}
}
}Resource Naming
hcl
resource "aws_instance" "web_server" {
# Use descriptive names
ami = data.aws_ami.ubuntu.id
instance_type = var.instance_type
tags = {
Name = "${var.project_name}-web-${var.environment}"
Environment = var.environment
Project = var.project_name
}
}Security Best Practices
- State Security: Use remote state with encryption
- Secrets Management: Use external secret stores
- Access Control: Implement proper IAM policies
- Code Review: Review all infrastructure changes
- Scanning: Use security scanning tools
Performance Optimization
- Parallelism: Use
-parallelismflag for large deployments - Targeting: Use
-targetfor specific resources - State Splitting: Split large states into smaller ones
- Module Design: Design reusable modules