Comprehensive Terraform commands and workflows for Infrastructure as Code (IaC), including resource management, state operations, and multi-cloud deployments.
Installation & Setup
| Command | Description |
|---|
terraform version | Show Terraform version |
terraform -help | Show help information |
terraform -help plan | Show help for specific command |
Core Workflow
Basic Operations
| Command | Description |
|---|
terraform init | Initialize working directory |
terraform plan | Create execution plan |
terraform apply | Apply changes |
terraform destroy | Destroy infrastructure |
terraform validate | Validate configuration |
terraform fmt | Format configuration files |
Advanced Planning
| Command | Description |
|---|
terraform plan -out=tfplan | Save plan to file |
terraform apply tfplan | Apply saved plan |
terraform plan -target=resource.name | Plan specific resource |
terraform plan -var="key=value" | Plan with variables |
terraform plan -var-file="vars.tfvars" | Plan with variable file |
State Management
State Operations
| Command | Description |
|---|
terraform state list | List resources in state |
terraform state show resource.name | Show resource details |
terraform state mv old_name new_name | Move resource in state |
terraform state rm resource.name | Remove resource from state |
terraform state pull | Download remote state |
terraform state push | Upload state to remote |
State Backup and Recovery
| Command | Description |
|---|
terraform state backup | Create state backup |
terraform force-unlock LOCK_ID | Force unlock state |
terraform refresh | Update state with real resources |
Workspaces
| Command | Description |
|---|
terraform workspace list | List workspaces |
terraform workspace new dev | Create new workspace |
terraform workspace select dev | Switch to workspace |
terraform workspace delete dev | Delete workspace |
terraform workspace show | Show current workspace |
Import and Output
Import Resources
| Command | Description |
|---|
terraform import resource.name id | Import existing resource |
terraform import aws_instance.example i-1234567890abcdef0 | Import AWS instance |
Outputs
| Command | Description |
|---|
terraform output | Show all outputs |
terraform output instance_ip | Show specific output |
terraform output -json | Show outputs in JSON |
Configuration Examples
Basic AWS EC2 Instance
provider "aws" \\\\{
region = "us-west-2"
\\\\}
resource "aws_instance" "example" \\\\{
ami = "ami-0c55b159cbfafe1d0"
instance_type = "t2.micro"
tags = \\\\{
Name = "example-instance"
\\\\}
\\\\}
output "instance_ip" \\\\{
value = aws_instance.example.public_ip
\\\\}
Variables
variable "instance_type" \\\\{
description = "EC2 instance type"
type = string
default = "t2.micro"
\\\\}
variable "environment" \\\\{
description = "Environment name"
type = string
\\\\}
Data Sources
data "aws_ami" "ubuntu" \\\\{
most_recent = true
owners = ["099720109477"] # Canonical
filter \\\\{
name = "name"
values = ["ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"]
\\\\}
\\\\}
Modules
module "vpc" \\\\{
source = "terraform-aws-modules/vpc/aws"
name = "my-vpc"
cidr = "10.0.0.0/16"
azs = ["us-west-2a", "us-west-2b"]
private_subnets = ["10.0.1.0/24", "10.0.2.0/24"]
public_subnets = ["10.0.101.0/24", "10.0.102.0/24"]
enable_nat_gateway = true
enable_vpn_gateway = true
\\\\}
Remote State Configuration
S3 Backend
terraform \\\\{
backend "s3" \\\\{
bucket = "my-terraform-state"
key = "state/terraform.tfstate"
region = "us-west-2"
\\\\}
\\\\}
Azure Backend
terraform \\\\{
backend "azurerm" \\\\{
resource_group_name = "tfstate"
storage_account_name = "tfstate"
container_name = "tfstate"
key = "prod.terraform.tfstate"
\\\\}
\\\\}
Google Cloud Backend
terraform \\\\{
backend "gcs" \\\\{
bucket = "tf-state-bucket"
prefix = "terraform/state"
\\\\}
\\\\}
Provider Configuration
AWS Provider
provider "aws" \\\\{
region = "us-west-2"
profile = "default"
default_tags \\\\{
tags = \\\\{
Environment = "production"
Project = "my-project"
\\\\}
\\\\}
\\\\}
Azure Provider
provider "azurerm" \\\\{
features \\\\{\\\\}
subscription_id = "00000000-0000-0000-0000-000000000000"
tenant_id = "00000000-0000-0000-0000-000000000000"
\\\\}
Google Cloud Provider
provider "google" \\\\{
project = "my-project-id"
region = "us-central1"
zone = "us-central1-c"
\\\\}
Advanced Features
Conditional Resources
resource "aws_instance" "example" \\\\{
count = var.create_instance ? 1 : 0
ami = data.aws_ami.ubuntu.id
instance_type = var.instance_type
\\\\}
For Each
resource "aws_instance" "example" \\\\{
for_each = toset(var.instance_names)
ami = data.aws_ami.ubuntu.id
instance_type = var.instance_type
tags = \\\\{
Name = each.key
\\\\}
\\\\}
Dynamic Blocks
resource "aws_security_group" "example" \\\\{
name = "example"
dynamic "ingress" \\\\{
for_each = var.ingress_rules
content \\\\{
from_port = ingress.value.from_port
to_port = ingress.value.to_port
protocol = ingress.value.protocol
cidr_blocks = ingress.value.cidr_blocks
\\\\}
\\\\}
\\\\}
Testing and Validation
| Command | Description |
|---|
terraform validate | Validate syntax |
terraform validate -json | Validate with JSON output |
| Command | Description |
|---|
terraform plan -detailed-exitcode | Plan with detailed exit codes |
terraform show | Show current state |
terraform show -json | Show state in JSON |
| Command | Description |
|---|
tflint | Terraform linter |
terraform-docs | Generate documentation |
checkov -f main.tf | Security scanning |
tfsec . | Security analysis |
Debugging and Troubleshooting
Logging
| Command | Description |
|---|
TF_LOG=DEBUG terraform plan | Enable debug logging |
TF_LOG=TRACE terraform apply | Enable trace logging |
TF_LOG_PATH=terraform.log terraform plan | Log to file |
Common Issues
| Command | Description |
|---|
terraform refresh | Sync state with reality |
terraform taint resource.name | Mark resource for recreation |
terraform untaint resource.name | Remove taint from resource |
Best Practices
File Organization
project/
├── main.tf # Main configuration
├── variables.tf # Variable definitions
├── outputs.tf # Output definitions
├── versions.tf # Provider versions
├── terraform.tfvars # Variable values
└── modules/
└── vpc/
├── main.tf
├── variables.tf
└── outputs.tf
Version Constraints
terraform \\\\{
required_version = ">= 1.0"
required_providers \\\\{
aws = \\\\{
source = "hashicorp/aws"
version = "~> 5.0"
\\\\}
\\\\}
\\\\}
Resource Naming
resource "aws_instance" "web_server" \\\\{
# Use descriptive names
ami = data.aws_ami.ubuntu.id
instance_type = var.instance_type
tags = \\\\{
Name = "$\\\\{var.project_name\\\\}-web-$\\\\{var.environment\\\\}"
Environment = var.environment
Project = var.project_name
\\\\}
\\\\}
Security Best Practices
- State Security: Use remote state with encryption
- Secrets Management: Use external secret stores
- Access Control: Implement proper IAM policies
- Code Review: Review all infrastructure changes
- Scanning: Use security scanning tools
- Parallelism: Use
-parallelism flag for large deployments
- Targeting: Use
-target for specific resources
- State Splitting: Split large states into smaller ones
- Module Design: Design reusable modules
