Terraform

Comprehensive Terraform commands and workflows for Infrastructure as Code (IaC), including resource management, state operations, and multi-cloud deployments.

Installation & Setup

Command	Description
`terraform version`	Show Terraform version
`terraform -help`	Show help information
`terraform -help plan`	Show help for specific command

Core Workflow

Basic Operations

Command	Description
`terraform init`	Initialize working directory
`terraform plan`	Create execution plan
`terraform apply`	Apply changes
`terraform destroy`	Destroy infrastructure
`terraform validate`	Validate configuration
`terraform fmt`	Format configuration files

Advanced Planning

Command	Description
`terraform plan -out=tfplan`	Save plan to file
`terraform apply tfplan`	Apply saved plan
`terraform plan -target=resource.name`	Plan specific resource
`terraform plan -var="key=value"`	Plan with variables
`terraform plan -var-file="vars.tfvars"`	Plan with variable file

State Management

State Operations

Command	Description
`terraform state list`	List resources in state
`terraform state show resource.name`	Show resource details
`terraform state mv old_name new_name`	Move resource in state
`terraform state rm resource.name`	Remove resource from state
`terraform state pull`	Download remote state
`terraform state push`	Upload state to remote

State Backup and Recovery

Command	Description
`terraform state backup`	Create state backup
`terraform force-unlock LOCK_ID`	Force unlock state
`terraform refresh`	Update state with real resources

Workspaces

Command	Description
`terraform workspace list`	List workspaces
`terraform workspace new dev`	Create new workspace
`terraform workspace select dev`	Switch to workspace
`terraform workspace delete dev`	Delete workspace
`terraform workspace show`	Show current workspace

Import and Output

Import Resources

Command	Description
`terraform import resource.name id`	Import existing resource
`terraform import aws_instance.example i-1234567890abcdef0`	Import AWS instance

Outputs

Command	Description
`terraform output`	Show all outputs
`terraform output instance_ip`	Show specific output
`terraform output -json`	Show outputs in JSON

Configuration Examples

Basic AWS EC2 Instance

provider "aws" \\\\{
  region = "us-west-2"
\\\\}

resource "aws_instance" "example" \\\\{
  ami           = "ami-0c55b159cbfafe1d0"
  instance_type = "t2.micro"

  tags = \\\\{
    Name = "example-instance"
  \\\\}
\\\\}

output "instance_ip" \\\\{
  value = aws_instance.example.public_ip
\\\\}

Variables

variable "instance_type" \\\\{
  description = "EC2 instance type"
  type        = string
  default     = "t2.micro"
\\\\}

variable "environment" \\\\{
  description = "Environment name"
  type        = string
\\\\}

Data Sources

data "aws_ami" "ubuntu" \\\\{
  most_recent = true
  owners      = ["099720109477"] # Canonical

  filter \\\\{
    name   = "name"
    values = ["ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"]
  \\\\}
\\\\}

Modules

module "vpc" \\\\{
  source = "terraform-aws-modules/vpc/aws"

  name = "my-vpc"
  cidr = "10.0.0.0/16"

  azs             = ["us-west-2a", "us-west-2b"]
  private_subnets = ["10.0.1.0/24", "10.0.2.0/24"]
  public_subnets  = ["10.0.101.0/24", "10.0.102.0/24"]

  enable_nat_gateway = true
  enable_vpn_gateway = true
\\\\}

Remote State Configuration

S3 Backend

terraform \\\\{
  backend "s3" \\\\{
    bucket = "my-terraform-state"
    key    = "state/terraform.tfstate"
    region = "us-west-2"
  \\\\}
\\\\}

Azure Backend

terraform \\\\{
  backend "azurerm" \\\\{
    resource_group_name  = "tfstate"
    storage_account_name = "tfstate"
    container_name       = "tfstate"
    key                  = "prod.terraform.tfstate"
  \\\\}
\\\\}

Google Cloud Backend

terraform \\\\{
  backend "gcs" \\\\{
    bucket = "tf-state-bucket"
    prefix = "terraform/state"
  \\\\}
\\\\}

Provider Configuration

AWS Provider

provider "aws" \\\\{
  region  = "us-west-2"
  profile = "default"

  default_tags \\\\{
    tags = \\\\{
      Environment = "production"
      Project     = "my-project"
    \\\\}
  \\\\}
\\\\}

Azure Provider

provider "azurerm" \\\\{
  features \\\\{\\\\}

  subscription_id = "00000000-0000-0000-0000-000000000000"
  tenant_id       = "00000000-0000-0000-0000-000000000000"
\\\\}

Google Cloud Provider

provider "google" \\\\{
  project = "my-project-id"
  region  = "us-central1"
  zone    = "us-central1-c"
\\\\}

Advanced Features

Conditional Resources

resource "aws_instance" "example" \\\\{
  count = var.create_instance ? 1 : 0

  ami           = data.aws_ami.ubuntu.id
  instance_type = var.instance_type
\\\\}

For Each

resource "aws_instance" "example" \\\\{
  for_each = toset(var.instance_names)

  ami           = data.aws_ami.ubuntu.id
  instance_type = var.instance_type

  tags = \\\\{
    Name = each.key
  \\\\}
\\\\}

Dynamic Blocks

resource "aws_security_group" "example" \\\\{
  name = "example"

  dynamic "ingress" \\\\{
    for_each = var.ingress_rules
    content \\\\{
      from_port   = ingress.value.from_port
      to_port     = ingress.value.to_port
      protocol    = ingress.value.protocol
      cidr_blocks = ingress.value.cidr_blocks
    \\\\}
  \\\\}
\\\\}

Testing and Validation

Terraform Validate

Command	Description
`terraform validate`	Validate syntax
`terraform validate -json`	Validate with JSON output

Terraform Plan Analysis

Command	Description
`terraform plan -detailed-exitcode`	Plan with detailed exit codes
`terraform show`	Show current state
`terraform show -json`	Show state in JSON

Third-party Tools

Command	Description
`tflint`	Terraform linter
`terraform-docs`	Generate documentation
`checkov -f main.tf`	Security scanning
`tfsec .`	Security analysis

Debugging and Troubleshooting

Logging

Command	Description
`TF_LOG=DEBUG terraform plan`	Enable debug logging
`TF_LOG=TRACE terraform apply`	Enable trace logging
`TF_LOG_PATH=terraform.log terraform plan`	Log to file

Common Issues

Command	Description
`terraform refresh`	Sync state with reality
`terraform taint resource.name`	Mark resource for recreation
`terraform untaint resource.name`	Remove taint from resource

Best Practices

File Organization

project/
├── main.tf              # Main configuration
├── variables.tf         # Variable definitions
├── outputs.tf          # Output definitions
├── versions.tf         # Provider versions
├── terraform.tfvars   # Variable values
└── modules/
    └── vpc/
        ├── main.tf
        ├── variables.tf
        └── outputs.tf

Version Constraints

terraform \\\\{
  required_version = ">= 1.0"

  required_providers \\\\{
    aws = \\\\{
      source  = "hashicorp/aws"
      version = "~> 5.0"
    \\\\}
  \\\\}
\\\\}

Resource Naming

resource "aws_instance" "web_server" \\\\{
  # Use descriptive names
  ami           = data.aws_ami.ubuntu.id
  instance_type = var.instance_type

  tags = \\\\{
    Name        = "$\\\\{var.project_name\\\\}-web-$\\\\{var.environment\\\\}"
    Environment = var.environment
    Project     = var.project_name
  \\\\}
\\\\}

Security Best Practices

State Security: Use remote state with encryption
Secrets Management: Use external secret stores
Access Control: Implement proper IAM policies
Code Review: Review all infrastructure changes
Scanning: Use security scanning tools

Performance Optimization

Parallelism: Use -parallelism flag for large deployments
Targeting: Use -target for specific resources
State Splitting: Split large states into smaller ones
Module Design: Design reusable modules