DevOps & Cloud57 entries
Terraform Commands
Infrastructure as Code: init, plan, apply, state management, workspaces, and modules
1Core Workflow
terraform init | Initialize working directory and download providers |
terraform plan | Preview changes before applying |
terraform apply | Apply changes to infrastructure |
terraform apply -auto-approve | Apply without confirmation prompt |
terraform destroy | Destroy all managed infrastructure |
terraform destroy -target=aws_instance.web | Destroy specific resource |
terraform validate | Validate configuration syntax |
terraform fmt | Format .tf files to canonical style |
terraform fmt -recursive | Format all .tf files recursively |
2State Management
terraform state list | List all resources in state |
terraform state show aws_instance.web | Show details of a resource in state |
terraform state mv old_name new_name | Rename a resource in state |
terraform state rm aws_instance.web | Remove resource from state (keep infra) |
terraform state pull | Output current state to stdout |
terraform state push local.tfstate | Overwrite remote state (dangerous) |
terraform refresh | Update state to match real resources |
terraform import aws_instance.web i-abc123 | Import existing resource into state |
3Planning & Targeting
terraform plan -out=plan.tfplan | Save plan to file |
terraform apply plan.tfplan | Apply a saved plan file |
terraform plan -target=aws_instance.web | Plan for specific resource only |
terraform plan -var="region=us-west-2" | Pass variable on command line |
terraform plan -var-file="prod.tfvars" | Use variable file |
terraform plan -destroy | Preview what destroy would do |
terraform plan -refresh-only | Detect drift without changes |
4Workspaces
terraform workspace list | List all workspaces |
terraform workspace new staging | Create a new workspace |
terraform workspace select production | Switch to a workspace |
terraform workspace show | Show current workspace |
terraform workspace delete staging | Delete a workspace |
terraform.workspace | Reference workspace name in config |
5Configuration Basics
resource "aws_instance" "web" { ami = "..." } | Define a resource |
variable "region" { default = "us-east-1" } | Declare an input variable |
output "ip" { value = aws_instance.web.public_ip } | Define an output value |
data "aws_ami" "latest" { ... } | Define a data source query |
locals { env = "prod" } | Define local values |
module "vpc" { source = "./modules/vpc" } | Use a module |
terraform { required_version = ">= 1.5" } | Set required Terraform version |
6Providers & Modules
terraform init -upgrade | Upgrade providers to latest allowed |
terraform providers | Show required providers |
terraform providers lock | Generate lock file for providers |
terraform get | Download and update modules |
terraform get -update | Force update modules |
source = "hashicorp/aws" | Use provider from Terraform Registry |
source = "git::https://example.com/module.git" | Use module from Git repo |
7Output & Inspection
terraform output | Show all output values |
terraform output -json | Show outputs as JSON |
terraform output ip_address | Show specific output value |
terraform show | Show current state in human-readable form |
terraform show -json plan.tfplan | Show plan as JSON |
terraform graph | dot -Tpng > graph.png | Generate resource dependency graph |
terraform console | Interactive expression evaluator |
8Best Practices
terraform { backend "s3" { ... } } | Use remote state backend |
terraform plan -detailed-exitcode | Exit code 2 if changes detected (CI) |
TF_LOG=DEBUG terraform plan | Enable debug logging |
TF_VAR_region="us-west-2" terraform plan | Set variable via environment |
-lock=false | Skip state locking (use with caution) |
-parallelism=10 | Increase parallel resource operations |