Day 1: The Terraform Workflow

Understanding the core Terraform workflow is essential to using the tool effectively. It’s a simple, repeatable process that ensures safety, predictability, and control over your infrastructure. The workflow revolves around four key commands: init, plan, apply, and destroy.

Let’s break down each step of this workflow.

The Core Workflow: init -> plan -> apply

This three-step process is what you’ll use every time you create or update infrastructure with Terraform.

1. terraform init

The terraform init command is the first command you’ll run in a new Terraform configuration. It performs several initialization steps to prepare the working directory for use with Terraform.

What does it do?

• Provider Installation: Terraform reads your configuration files (e.g., main.tf), determines which providers you’re using (e.g., aws, google, azure), and downloads and installs them into a .terraform subdirectory. These providers are the plugins that allow Terraform to interact with the various cloud APIs.
• Backend Initialization: If you’re using a remote backend to store your state file (which is highly recommended), terraform init will configure the connection to that backend. We’ll cover backends in detail later in the course.

You only need to run terraform init once per session, or whenever you add a new provider to your configuration.

+-----------------------------+      +-----------------------------+
|      Your Local Machine     |      |   Terraform Registry        |
+-----------------------------+      +-----------------------------+
|                             |      |                             |
|  terraform.tfvars           |      |  +-----------------------+  |
|  main.tf  (defines provider)|      |  | Provider "aws" v5.0   |  |
|  ...                        |      |  +-----------------------+  |
|                             |      |                             |
|  `terraform init` is run    |      |                             |
|                             |      |                             |
|  Downloads provider "aws"   | <----o                             |
|                             |      |                             |
|  Installs it in .terraform/ |      |                             |
+-----------------------------+      +-----------------------------+

2. terraform plan

The terraform plan command is arguably the most important command in the Terraform workflow. It creates an execution plan, which is a “dry run” of the changes Terraform will make to your infrastructure.

What does it do?

• Compares Desired and Actual State: Terraform reads your configuration to determine the desired state of your infrastructure. It then reads the state file to determine the actual state. It also queries the cloud provider for any drift that may have occurred.
• Generates a Plan: Terraform then generates a plan that outlines the actions it will take to make the actual state match the desired state. The plan will show you which resources will be created, updated, or destroyed.

The output of terraform plan is color-coded for clarity:

• + (green): A resource will be created.
• - (red): A resource will be destroyed.
• ~ (yellow): A resource will be updated in-place.
• -/+ (red/green): A resource will be destroyed and recreated.

This is your opportunity to review and sanity-check the changes before they are applied. This step prevents surprises and gives you confidence that the changes you’re making are the ones you intended.

Scenario: A Sanity Check

You’ve written some Terraform code to create a new EC2 instance. You run terraform plan and see the following output:

Terraform will perform the following actions:

  # aws_instance.web will be created
  + resource "aws_instance" "web" {
      + ami           = "ami-0c55b159cbfafe1f0"
      + instance_type = "t2.micro"
      + ...
    }

Plan: 1 to add, 0 to change, 0 to destroy.

This confirms that Terraform is going to create one new resource, as expected. If you saw a plan that was going to destroy existing resources, you would know that something was wrong with your configuration and you could fix it before applying the changes.

3. terraform apply

The terraform apply command executes the plan generated by terraform plan. It makes the actual API calls to the cloud provider to create, update, or destroy resources.

What does it do?

• Applies the Changes: Terraform executes the actions outlined in the plan in the correct order, respecting any dependencies between resources.
• Updates the State File: Once the changes have been applied successfully, Terraform updates the state file to reflect the new state of your infrastructure.

By default, terraform apply will show you the plan again and ask for your confirmation before proceeding. You can skip this interactive prompt by using the -auto-approve flag, which is common in CI/CD environments.

The Teardown Workflow: terraform destroy

Sometimes, you need to tear down the infrastructure you’ve created. This is where the terraform destroy command comes in.

4. terraform destroy

The terraform destroy command is a convenient way to destroy all of the resources managed by your Terraform configuration.

What does it do?

• Generates a Destruction Plan: Similar to terraform plan, it generates a plan that shows you all of the resources that will be destroyed.
• Destroys the Resources: Once you confirm the plan, Terraform will destroy all of the resources in the correct order.
• Updates the State File: The state file is updated to reflect that all of the resources have been destroyed.

This command is incredibly useful for cleaning up temporary environments, such as those used for development, testing, or training.

This init -> plan -> apply workflow is the bedrock of using Terraform. It provides a safe, predictable, and repeatable process for managing the entire lifecycle of your infrastructure. As you become more familiar with these commands, you’ll start to appreciate the power and elegance of this workflow.