No need to run in terror from Terraform. Close that search engine tab and check out our ultimate Terraform Cheatsheet (courtesy of ACG’s Moosa Khalid) for all the basic commands you need on hand to get the most from this awesome, intuitive IaC tool.
At A Cloud Guru, we have in-depth courses on Terraform — from deploying to AWS with Terraform to deploying resources to GCP with Terraform and using Terraform to create infrastructure in Azure. But sometimes all you need is a simple, handy reference to get stuff done. We’ve got you covered!
Let’s start – or upgrade – your cloud journey
Looking for a cheatsheet to level up your cloud career? Learn by doing with ACG.
What is Terraform?
Infrastructure as Code (IaC) is a key part of a balanced cloud breakfast. And when it comes to IaC tools, Terraform is one of the top tools out there. (Which IaC tool is right for you? Check out our guide to IaC on AWS.)
Terraform came onto the scene in 2014 to orchestrate infrastructure as code. It first targeted AWS but has grown to play nicely with a large ecosystem of modules, including Google Cloud Platform (GCP), Microsoft Azure, Oracle Cloud Infrastructure, and Alibaba Cloud. In fact, multi-provider support is one of the main selling points of Terraform.
Terraform introduced its own DSL, called Hashicorp Configuration Language (HCL). On the surface, it feels like a more human-friendly JSON, which is also natively supported within Terraform.
Terraform Command Lines
Terraform CLI tricks
terraform -install-autocomplete#Setup tab auto-completion, requires logging back in
Format and Validate Terraform code
terraform fmt#format code per HCL canonical standardterraform validate#validate code for syntaxterraform validate -backend=false#validate code skip backend validation
Initialize your Terraform working directory
terraform init#initialize directory, pull down providersterraform init -get-plugins=false#initialize directory, do not download pluginsterraform init -verify-plugins=false#initialize directory, do not verify plugins for Hashicorp signature
Plan, Deploy and Cleanup Infrastructure
terraform apply --auto-approve#apply changes without being prompted to enter “yes”terraform destroy --auto-approve#destroy/cleanup deployment without being prompted for “yes”terraform plan -out plan.out#output the deployment plan to plan.outterraform apply plan.out#use the plan.out plan file to deploy infrastructureterraform plan -destroy#outputs a destroy planterraform apply -target=aws_instance.my_ec2#only apply/deploy changes to the targeted resourceterraform apply -var my_region_variable=us-east-1#pass a variable via command-line while applying a configurationterraform apply -lock=true#lock the state file so it can’t be modified by any other Terraform apply or modification action(possible only where backend allows locking)terraform apply refresh=false# do not reconcile state file with real-world resources(helpful with large complex deployments for saving deployment time)terraform apply --parallelism=5#number of simultaneous resource operationsterraform refresh#reconcile the state in Terraform state file with real-world resourcesterraform providers#get information about providers used in current configuration
Terraform Workspaces
terraform workspace new mynewworkspace#create a new workspaceterraform workspace select default#change to the selected workspaceterraform workspace list#list out all workspaces
Terraform State Manipulation
terraform state show aws_instance.my_ec2#show details stored in Terraform state for the resourceterraform state pull > terraform.tfstate#download and output terraform state to a fileterraform state mv aws_iam_role.my_ssm_role module.custom_module#move a resource tracked via state to different moduleterraform state replace-provider hashicorp/aws registry.custom.com/aws#replace an existing provider with anotherterraform state list#list out all the resources tracked via the current state fileterraform state rm aws_instance.myinstace#unmanage a resource, delete it from Terraform state file
Terraform Import And Outputs
terraform import aws_instance.new_ec2_instance i-abcd1234#import EC2 instance with id i-abcd1234 into the Terraform resource named “new_ec2_instance” of type “aws_instance”terraform import 'aws_instance.new_ec2_instance[0]' i-abcd1234#same as above, imports a real-world resource into an instance of Terraform resourceterraform output#list all outputs as stated in codeterraform output instance_public_ip# list out a specific declared outputterraform output -json#list all outputs in JSON format
Terraform Miscelleneous commands
terraform version#display Terraform binary version, also warns if version is oldterraform get -update=true#download and update modules in the “root” module.
Terraform Console(Test out Terraform interpolations)
echo 'join(",",["foo","bar"])' | terraform console#echo an expression into terraform console and see its expected result as outputecho '1 + 5' | terraform console#Terraform console also has an interactive CLI just enter “terraform console”echo "aws_instance.my_ec2.public_ip" | terraform console#display the Public IP against the “my_ec2” Terraform resource as seen in the Terraform state file
Terraform Graph(Dependency Graphing)
terraform graph | dot -Tpng > graph.png#produce a PNG diagrams showing relationship and dependencies between Terraform resource in your configuration/code
Terraform Taint/Untaint(mark/unmark resource for recreation -> delete and then recreate)
terraform taint aws_instance.my_ec2#taints resource to be recreated on next applyterraform untaint aws_instance.my_ec2#Remove taint from a resourceterraform force-unlock LOCK_ID#forcefully unlock a locked state file, LOCK_ID provided when locking the State file beforehand
Terraform Cloud
terraform login#obtain and save API token for Terraform cloudterraform logout#Log out of Terraform Cloud, defaults to hostname app.terraform.io
Learn the basics of Terraform
Want to learn more about getting the most out of Terraform? Check out Moosa Khalid’s course Deploying to AWS with Terraform and Ansible.
