Terraform Basics
Table of contents
Install Terraform
brew tap hashicorp/tap
brew install hashicorp/terraform
terraform -version
Configuration
The set of files used to declare infrastructure. Such files have an extension of .tf and are required to be in its own working directory.
mkdir tf-aws-instance
cd tf-aws-instance
touch main.tf
The following is an example configuration main.tf:
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 3.27"
}
}
required_version = ">= 0.14.9"
}
provider "aws" {
profile = "default"
region = "us-west-2"
}
resource "aws_instance" "app_server" {
ami = "ami-830c94e3"
instance_type = "t2.micro"
tags = {
Name = "ExampleAppServerInstance"
}
}
Terraform also provides terraform fmt and terraform validate for formatting configuration files and checking its syntax. terraform fmt does not produce any output if no modification is made.
For details, see Terraform Configuration.
Initialize
After creating a configuration or checking out an existing configuration, initialize directory with
# Installs providers in .terraform folder and also creates .terraform.lock.hcl
terraform init
Create infrastructure and inspect state
To see the execution plan,
terraform plan
To actually apply,
# Will print an execution plan, type yes to perform the actions
terraform apply
# OR
terraform apply --auto-approve
# With variables
terraform apply -var-file=variables.tfvars
A Terraform state file terraform.tfstate will be generated. The file contains sensitive info, so share with only those trusted.
# Inspect the current state
terraform show
For manual/advanced state management, use terraform state. One example of the command is,
# List resources in state
terraform state list
Output file
You can query data after apply using an output file. Create a file called output.tf (name doesn’t matter) with the following
output "instance_id" {
description = "ID of the EC2 instance"
value = aws_instance.app_server.id
}
output "instance_public_ip" {
description = "Public IP address of the EC2 instance"
value = aws_instance.app_server.public_ip
}
You will see the queried output when you run terraform apply. You can also inspect the output by
# Call after `terraform apply`
terraform output
Destroy infrastructure
The following terminates all resources managed with project state:
# Just like apply, shows you the execution plan. Type yes to destroy.
terraform destroy
# OR
terraform destroy --auto-approve
# With variables
terraform destroy -var-file=variables.tfvars
Refresh infrastructure
The following updates terraform’s state file to match the configuration in remote:
terraform refresh
terraform refresh -var-file=variables.tf
Workspaces
If you want to work on multiple stages, use workspaces to manage different states.
By default, you work in a workspace named default.
All the other non-default workspace states are stored in a directory named terraform.tfstate.d.
To create a new workspace
terraform workspace new my-dev
To switch to a workspace
terraform workspace select default
Import remote infrastructure
To import a remote infrastructure into a local state file, first create an appropriate empty resource in a configuration file:
resource "aws_s3_bucket" "my_bucket" {
}
Then, import the remote resource into the local state file:
terraform import aws_s3_bucket.my_bucket my-remote-bucket-name
Note that the id/key used for an import varies per provider/resource. Refer to the documentation for the provider to see the correct syntax.
However, doing so does not actually update the configuration itself, but only updates the state file.
To actually bring the remote resource under Terraform’s management, you must copy over the configurations and run terraform apply.
Easiest way to see the current configuration is to use terraform state show.
To see the current configuration state of a resource
terraform state show aws_s3_bucket.my_bucket
To delete a resource from the state
terraform state rm aws_s3_bucket.my_bucket
References: