Now that we are familiar with Terraform's building blocks we can start exploring how Terraform expects people to use it.
It may sound silly, but learning workflow can prevent common pitfalls and unexpected problems. I am sure all of us ended up in a situation when we were using something incorrectly. It happens to me very often because I want to use something as soon as possible hoping that I will figure things out as I go.
Since this blog doubles as my study notes, I believe I should not slack off and included this section because it is something that will be tested on the exam.
We touched on it during the practice and we followed this workflow without it being formally introduced. So here it is.
First we write our configuration and initialize our project.
Then we format and validate the code to tidy it up and check for syntax error.
After that we do a dry-run (
terraform plan) to see what exactly Terraform will attempt to deploy and verify it.
Last step is an actual deploy with
One command that is used often is
terraform destroy which destroys deployed resource from current configuration.
This is a command that we used a lot and it is used to initialize terraform projects and update providers. This is the first command we would run after writing our configuration or after cloning existing configuration.
$ terraform init
That's also a command that needs to be run after we add/import new modules and checks if all versions are correct.
This command downloads Terraform backend and sets up things like lock file and other important internal files.
Rule of thumb is that we need to run
init whenever we add new modules, change versions, add/remove providers, or change Terraform backend in some way. Luckily, Terraform will inform us if we forgot to initialize our configuration.
Validate command does exactly what its name suggests. It checks the code for syntax errors and ensures that it is internally consistent. It only looks at the configuration files (
*.tf) in the current working directory
$ terraform validate
If you want
validate to check files inside folders (eg you have
modules/ directory), you need to set
$ terraform validate -recursive
This command is often called a
dry-run so make sure you remember it. When you hear the words "execution plan" that would be it as well.
It is used to determine the changes to apply to the existing (if any) resources. You will get a report of what is going to be created, modified, or destroyed. Terraform also allows for saving this plan in a file.
You can save the plan and execute that saved plan at a later time or use it for analysis and record keeping.
Execution plan is not a requirement for deployment, but it is always a good idea to see what will happen.
That's how you run it:
$ terraform plan
This is how you actually deploy your resources or applying changes to your infrastructure. As with
plan command, you will also get a report identifying which resources are to be created, modified, or destroyed.
After running this command Terraform will also create a
state file. This is a living record of all deployed resources. State warrants a whole articles on its own given how important it is.
One thing to note, this command only applies to the resources specified in your current configuration. It will not touch any existing resources that are not part of the configuration you are deploying.
That's how you deploy resource with Terraform:
$ terraform apply
Or if you don't want to type
yes every time, you can set an auto-approve tag:
$ terraform apply -auto-approve
Destroying resources is an integral part of Terraform. Deploying consistent and reproducible infrastructure implies that you will be creating and destroying resources when needed.
We used this command extensive in the practice section of this series because we do not want to leave any technical debt behind. It also ensures that we do not incur any unnecessary charges from AWS.
Just like with plan and apply commands, Terraform will show you what exactly it will attempt to destroy.
This is how you use it:
$ terraform destroy
It also supports
$ terraform destroy -auto-approve
Thank you for reading! At this point you are becoming somewhat knowledgeable about Terraform and its capabilities. We still have one big topic to cover. This topic is State.
See you in the next article!