Terraform Apps and Infra 2 - Cheatsheet
Plan, deploy and cleanup infrastructure
| Command | Action |
|---|---|
terraform apply --auto-approve |
Apply changes without being prompted to enter “yes” |
terraform destroy --auto-approve |
Destroy/cleanup deployment without being prompted for “yes” |
terraform plan -out plan.out |
Output the deployment plan to plan.out |
terraform apply plan.out |
Use the plan.out plan file to deploy infrastructure |
terraform plan -destroy |
Outputs a destroy plan |
terraform apply -target=aws_instance.my_ec2 |
Only apply/deploy changes to the targeted resource |
terraform apply -var my_region_variable=us-east-1 |
Pass a variable via command—line while applying a configuration |
terraform apply -lock=true |
Lock the state file so it can’t be modified by any other Terraform apply ormodification action (possible only where backend allows locking) |
terraform apply refresh=false |
Do not reconcile state file with real—world resources(helpful with large complex deployments for saving deployment time) |
terraform apply --parallelism=5 |
Number of simultaneous resource operations |
terraform refresh |
Reconcile the state in Terraform state file with real-world resources |
terraform providers |
Get information about providers used in current configuration |
Terraform Workspaces
| Command | Action |
|---|---|
terraform workspace new mynewworkspace |
Create a new workspace |
terraform workspace select default |
Change to the selected workspace |
terraform workspace list |
List out all workspaces |
terraform workspace show |
List out all workspaces |
terraform workspace delete example |
Display the current workspace |
Terraform state manipulation
| Command | Action |
|---|---|
terraform state show aws_instance.my_ec2 |
Show details stored in Terraform state for the resource |
terraforn1 state pull > terraform.tfstate |
Download and output terraform state to a file |
terraform state mv aws_iam_role.my_ssm_role module.custom_module |
Move a resource tracked via state to different module |
terraform state replace-provider hashicorp/aws registry.custom.com/aws |
Replace existing provider with another |
terraform state list |
List all the resources tracked in the current state file |
terraform state rm aws_instance.myinstace |
Unmanage a resource, delete it from Terraform state file |
Terraform Import and Outputs
| Command | Action |
|---|---|
terraform import aws_instance.new_ec2_in-stance i-abcd1234 |
Import EC2 instance with id i—abcd1234 into the Terraform resource named “new_ec2_instance” of type “aws_instance” |
terraform import 'aws_instance.new_ec2_instance[0]' i-abcd1234 |
Same as above, imports a real-world resource into an instance of Terraform resource |
terraform output |
List all outputs as stated in code |
terraform output instance_public_ip |
List a specific declared output |
terraform output -json |
List all outputs in JSON |
Format, automplete amd validate
| Command | Action |
|---|---|
terraform -instaII-autocomplete |
Setup tab auto-completion, requires logging back in |
terraform fmt |
Format code per HCL canonical standard |
terraform validate |
Validate code for syntax |
terraform validate -backend=false |
Validate code skip backend validation |
Initialize your Terraform working directory
| Command | Action |
|---|---|
terraform init |
Initialize directory, pull down providers |
terraform init -get-plugins=false |
Initialize directory, do not download plugins |
terraform init -verify-plugins=false |
Initialize directory, do not verify plugins for Hashicorp signature |
Terraform miscellaneous commands
| Command | Action |
|---|---|
terraform version |
Display Terraform binary version, also warns if version is old |
terraform get -update=true |
Download and update modules in the ”root” module |
Terraform Console (Test out Terraform interpolations)
- Echo an expression into terraform console and see its expected result as output
1
echo 'join(",",["foo",'bar"])'| terraform console
- Terraform console also has an interactive CLI just enter “terraform console”
1
echo '1 + 5' | terraform console
- Display the Public IP against the “my_ec2” Terraform resource as seen in the Terraform state file
1
echo "aws_instanoe.my_ec2.public_ip" | terraform console
Terraform Graph (dependency graphing)
| Command | Action |
|---|---|
terraform graph I dot -Tpng > graph.png |
Produce a PNG diagram showing relationship and dependencies between Terraform resources in your configuration/code |
Terraform Taint/Untaint and Replace
| Command | Action |
|---|---|
terraform replace aws_instance.my_ec2 |
Taint resource to be recreated on next apply |
terraform taint aws_instance.my_ec2 |
Taint resource to be recreated on next apply (deprecated) |
terraform untaint aws_instance.my_ec2 |
Remove taint from a resource |
terraform force-unlock LOCK_ID |
Force-unlock a locked state file, LOCK_ID provided when locking the State file beforehand |
Terraform Cloud
| Command | Action |
|---|---|
terraform login |
Obtain and save API token for Terraform cloud |
terraform logout |
Log out of Terraform Cloud, defaults to hostname app.terraform.io |