Terraform uses HCL (HashiCorp Configuration Language) which is a domain-specific language (DSL) and a declarative language used to define and configure infrastructure resources
- Resource is an object that’s a type of block (ex: resource, provider, output, etc..) which Terraform manages which describes one or more infrastructure objects
- Resource Name can be any name
- Consider reading this article to have a big picture about resources and their behaviors, and check the docs by chance and take note on their meta-arguments
Check Terraform’s docs about HCL to know more
When including a new provider, be sure to re-run terraform init
terraform.tfstate is the state file, which contains the complete record of the infrastructure created by Terraform and works as the single source of truth
- Its not recommended to use a local state file if there’s a team working on the infrastructure, if there are two members trying to execute the same Terraform one will get locked out
- Its best to put the state file in a remote state backend (say S3 Bucket) to avoid conflicts, avoid putting the state file in a version control system as it can risk with two team members working simultaneously which can lead to data loss and conflicts
- When working as a team, the Terraform config files are stored in a repository while the state files are stored in a remote shared storage
- Never manually edit the state file
Check this guide to create a remote state setup for the backend
- Automatically locks, loads and uploads the state file
- Remote state backend shared storage solutions examples: Terraform Cloud, S3 Bucket, Hashicorp Consul, etc..
- If you want to use a data source from another remote state consider using
terraform_remote_statedata source to retrieve the root module output values from some other Terraform configuration
There can be constraints in provider versions, so make sure you’re using a consistent version. To be sure of the version you can do the following example which finds a version between 1.2.0 and 2.0.0 except for 1.4.0
terraform {
required_providers {
local = {
source: "hashicorp/local"
version = "> 1.2.0, < 2.0.0, != 1.4.0"
}
}
}
You can group or isolate mechanism using alias (namespace) for resources
// provider.tf
provider "aws" {
region = "ca-central-1"
alias = "central"
}
// main.tf
resource "aws_key_pair" "alpha" {
key_name = "alpha"
public_key = "..."
provider = aws.central // <provider_name>.<alias_name>
}
A list (or tuple) is a sequence of values which can be of any type mixed together
A set is a collection of unique values
You can change log level when doing terraform plan or apply using export TF_LOG=TRACE
- Other levels:
info,warning,error,debug,trace - If you want the logs to be stored in a specific path, use
export TF_LOG_PATH=/tmp/terraform.log
Terraform Cloud is a platform that helps with managing your Terraform code and collaboration between developers which simplifies workflow and improves security
terraform destroy usually takes more time than terraform apply because destroy happens in reverse dependency order where Terraform carefully untangles everything it built
It’s best practice to use prevent_destroy = true on critical resources to prevent accidental deletion
If state file got corrupted, restore from backup or use terraform import to bring existing resources back under management. And always enable versioning on remote state storage to prevent data loss
To migrate from one backend to another run terraform state pull to save current state, update backend configuration, then terraform init -migrate-state
- Always perform this during maintenance windows with proper backups
Store sensitive values or secrets in external systems like HashiCorp Vault or AWS Secrets Manager. Use sensitive = true attribute and ensure remote state is encrypted at rest