Javad Zahrabi

Terraform

HashiCorp's IaC tool — provisions cloud infra from declarative HCL.

Official docs

Init, format & validate

  • terraform init

    Download providers + modules, set up the backend. Run once per fresh checkout.

  • terraform init -upgrade

    Re-resolve provider/module versions to the latest allowed.

  • terraform fmt -recursive

    Auto-format every .tf file in the tree.

  • terraform validate

    Static syntax + schema check. Doesn't talk to the cloud.

Plan & apply

  • terraform plan

    Show what would change. Read-only against the cloud.

  • terraform plan -out tfplan

    Save the plan to a file so apply uses exactly that diff (no drift between plan and apply).

  • terraform apply tfplan

    Apply the saved plan, no re-prompt.

  • terraform apply -auto-approve

    Skip the interactive yes prompt. Use in CI; never on a laptop.

  • terraform destroy

    Tear everything in this state down. Plan it first.

  • terraform plan -target=aws_instance.web

    Limit a plan/apply to one resource. Sometimes necessary for partial fixes; always a code smell long-term.

State inspection & surgery

  • terraform state list

    All resource addresses currently tracked in state.

  • terraform state show <addr>

    Show the full attributes of one resource from state.

  • terraform state rm <addr>

    Forget a resource without destroying it (e.g. it'll be re-imported under a new address).

  • terraform import <addr> <id>

    Adopt an existing cloud resource into state. Pair with a matching resource block in code.

  • terraform state mv <from> <to>

    Rename a resource address without touching the cloud — used after refactoring HCL.

Workspaces

  • terraform workspace list

    Show all workspaces; current one is starred.

  • terraform workspace new staging

    Create + switch to a new workspace (separate state file).

  • terraform workspace select prod

    Switch to an existing workspace.

  • terraform workspace show

    Print the active workspace name. Useful in CI logs.

    Workspaces share the same backend bucket but use different state keys — fine for environment isolation, but for hard separation prefer separate root modules per environment.

Outputs, modules & graph

  • terraform output

    List all outputs of the current state.

  • terraform output -json

    Machine-readable — pipe to jq in scripts.

  • terraform get -update

    Refresh local copies of remote modules.

  • terraform graph | dot -Tsvg > graph.svg

    Visualise the dependency graph (needs Graphviz).