Terraform uses HCL (HashiCorp Configuration Language) which is a domain-specific language (DSL) and a declarative language used to define and configure infrastructure resources
- Resource is an object that’s a type of block (ex: resource, provider, output, etc..) which Terraform manages which describes one or more infrastructure objects
- Resource Name can be any name
- Consider reading this article to have a big picture about resources and their behaviors, and check the docs by chance and take note on their meta-arguments
Check Terraform’s docs about HCL to know more
Terraform’s plugin architecture splits the system into a lightweight Core (which handles planning, state, and graph logic) and separate plugins (providers/provisioners) that run as external binaries and communicate with Core over RPC
- Terraform Core is the installed Terraform version that we use, plugins are the providers
terraform plan previews the changes Terraform will make (without applying), and terraform apply executes those changes (or a saved plan), updating your infrastructure
terraform plan: reads the current state, refreshes resource data, compares it with your configuration, builds a dependency graph, and outputs a detailed “dry‑run” execution planterraform apply: optionally loads a saved plan (or regenerates one), then walks the plan’s graph to call provider APIs (create/update/destroy), updates the state file, and handles errors or roll‑backs if needed- Terraform’s plan phase reads your current state, calls provider APIs to refresh resource data, compares that to your configuration, and builds a graph of proposed actions (create/modify/destroy) — while apply re‑runs a plan (unless you pass a saved one), then executes those actions against the real infrastructure and finally writes the updated state
terraform init bootstraps your working directory by configuring the backend, downloading provider plugins, fetching modules, creating the .terraform folder, and generating a .terraform.lock.hcl file to lock provider versions
.terraformfolder is a hidden directory Terraform creates duringterraform initto cache provider plugins, modules, and local metadata.terraform.lock.hclfile records the exact provider versions (and their checksums) that Terraform selected duringterraform initso future runs use the same, consistent binaries- When including a new provider, be sure to re-run
terraform init -upgradeforces Terraform to ignore the versions in the.terraform.lock.hcland instead download the latest provider plugins and modules that satisfy your version constraints
You can group or isolate mechanism using alias (namespace) for resources
// provider.tf
provider "aws" {
region = "ca-central-1"
alias = "central"
}
// main.tf
resource "aws_key_pair" "alpha" {
key_name = "alpha"
public_key = "..."
provider = aws.central // <provider_name>.<alias_name>
}
A list (or tuple) is a sequence of values which can be of any type mixed together
A set is a collection of unique values
Terraform Cloud is a platform that helps with managing your Terraform code and collaboration between developers which simplifies workflow and improves security
terraform destroy usually takes more time than terraform apply because destroy happens in reverse dependency order where Terraform carefully untangles everything it built
- It’s best practice to use
prevent_destroy = trueon critical resources to prevent accidental deletion
Store sensitive values or secrets in external systems like HashiCorp Vault or AWS Secrets Manager. Use sensitive = true attribute and ensure remote state is encrypted at rest
Use create_before_destroy lifecycle blocks and implement blue-green deployments with gradual traffic shifting if you want to implement zero-downtime infrastructure updates
For debugging, you can increase logging verbosity using export TF_LOG=DEBUG
- Export
TF_LOG_PATH="/path/to/terraform_log.txt"if you want to export logs to a path instead of the stdout - To turn off debugging, just set the vars to empty strings
Check this for styling best practices: https://docs.cloud.google.com/docs/terraform/best-practices/general-style-structure
Project setups: https://www.resourcely.io/post/10-terraform-config-root-setups