TERRAFORM BASICS

TO ADVANCED
IN ONE GUIDE

Your complete journey from

zero to expert in IaC
Terraform Basics to Advanced in One Guide 3

Table of Contents

Introduction 4
Target Audience 4
Resources 4

Terraform Fundamentals 5

Setting Up Your Terraform Environment 11

Core Terraform Workflow 19

Managing Infrastructure with Terraform 28

Variables, Data Types, and Outputs 37

Advanced Terraform Techniques 44

Provisioners and Lifecycle Management 51

Debugging and Troubleshooting 61

Must Know Commands 68

Terraform Basics to Advanced in One Guide 4

Introduction
This guide is designed to provide the essentials needed to
master Terraform, creating a strong foundation for
effective infrastructure management. Whether you’re just
starting out or aiming to advance your skills, this guide
offers a clear and structured path to set you up for long-
term success

Target Audience
This guide is for:
Beginners who want to understand the needed
fundamentals before getting into advanced IaC.

Experienced individuals looking to improve their

skills and fill any gaps in their knowledge.
Terraform Basics to Advanced in One Guide 5

1. Terraform Fundamentals
Terraform is a powerful Infrastructure as Code (IaC) tool
that enables you to define and provision data center
infrastructure using a declarative configuration language.
Understanding its core concepts is essential to efficiently
manage scalable infrastructure.

Key Concepts:
Terraform vs. Other IaC Tools
Declarative vs. Imperative Approach
High-Level Architecture
Terraform Basics to Advanced in One Guide 6

Terraform vs. Other IaC Tools

Terraform is a leader among Infrastructure-as-Code (IaC)
tools, known for its declarative syntax, provider-agnostic
design, and robust ecosystem.

While tools like Pulumi offer flexibility with programming

languages, or frameworks like OpenTofu (formerly
OpenTF) provide open-source alternatives, Terraform’s
established ecosystem make it a go-to choice for many
DevOps teams.

Key highlights include:

Multi-Cloud Support: Terraform can manage

resources on AWS, Azure, Google Cloud,
Kubernetes, GitHub, Datadog, and more.

State Management: Terraform uses a state file to

track resource mappings, enabling features like
change previews and dependency handling.

Community Ecosystem: The Terraform Registry and

open-source modules accelerate adoption by offering
pre-built configurations for common scenarios.
Terraform Basics to Advanced in One Guide 7

The decision tree below will be handy for arriving at the

right choice based on the use case.
Terraform Basics to Advanced in One Guide 8

Declarative vs. Imperative Approach

One of Terraform’s defining features is its declarative
approach.

Instead of instructing how to achieve a state (imperative),

you declare what the desired state of your infrastructure
should look like, and Terraform ensures it happens.

Approach Characteristics Example

Focus on the
resource
desired state;
Declarative "aws_s3_bucket"
automation
"my_bucket" { ... }
handles the 'how'.

Focus on the steps aws s3api create-

Imperative needed to achieve bucket --bucket my-
the state. bucket

Declarative tools like Terraform simplify managing

complex dependencies and ensure idempotency
(repeating actions yields the same result).

Imperative tools, though flexible, demand more

control and scripting knowledge.
Terraform Basics to Advanced in One Guide 9

High-Level Architecture

Though we discuss in detail each of the listed components,

in simple terms, if I explain the Terraform architecture:

Terraform works by connecting your infrastructure code to

the actual cloud resources you want to provision.

Its architecture consists of two main parts:

1. Terraform Manifest Files:

These are .tf files where you define the infrastructure's

desired state. Common files include:
providers.tf: Declares the cloud providers (e.g., AWS,
GCP).
main.tf: Specifies the resources (e.g., virtual
machines, databases).
Terraform Basics to Advanced in One Guide 10

variables.tf: Defines reusable inputs for configuration.

backend.tf: Configures where the Terraform state is
stored.
outputs.tf: Captures outputs, like resource IDs or IPs,
after provisioning.

2. Terraform Core:

The core processes the .tf files, plans the changes, and
ensures the current state matches the desired state.
It manages the state file, which tracks your
infrastructure's current configuration.
Providers: Enable Terraform to interact with cloud
APIs like AWS, Azure, and Kubernetes.
Provisioners: Handle post-deployment tasks (e.g.,
running scripts or transferring files).
Terraform Basics to Advanced in One Guide 11

2. Setting Up Your Terraform

Environment
To start using Terraform, you need to install it, configure it
to connect to your infrastructure, and understand how it
tracks and manages your resources. This chapter will
walk you through these steps in a clear and structured
way.

Key Concepts:
Terraform Installation
Configuring Providers
Understanding Terraform State
Configuring Backends for State Storage
Terraform Basics to Advanced in One Guide 12

Terraform Installation
Terraform is a single, lightweight executable file that
works on Windows, Linux, and macOS. Follow the steps
for your operating system below to get it installed and
ready.

Step by Step Installation Instructions

Configuring Providers
Terraform uses providers to communicate with the
infrastructure you want to manage. Providers are plugins
that allow Terraform to work with specific services like
AWS, Azure, Google Cloud, or even on-premises
platforms like VMware.

Providers are hosted on the Terraform Registry, where

you’ll find documentation, versions, and usage examples.
Terraform Basics to Advanced in One Guide 13

Which categorizes them as:

Official: Maintained by HashiCorp.
Verified: Maintained by trusted third-party technology
vendors.
Community: Published by Terraform users or groups.

How Providers Work ?

1. Declare Providers
Providers are defined using the provider block, which tells
Terraform which API or service to interact with.

2. Download Providers
The terraform init command downloads the specified
providers from the Terraform Registry (or a local mirror)
into the .terraform directory.

3. Provider Caching
Use plugin_cache_dir to enable caching, speeding up
provider downloads and enabling offline workflows.

Sample gcp provider.tf

provider "google" {
project = "my-gcp-project"
region = "us-central1"
}
Terraform Basics to Advanced in One Guide 14

Provider Meta-Arguments
Alias: Use the same provider with different
configurations (e.g., multiple accounts, regions).
Default Provider: If no alias is specified, it is the
default configuration.

Example: Using Aliases with Google Cloud:

provider "google" {
project = "default-project"
region = "us-central1"
}

provider "google" {
alias = "secondary"
project = "secondary-project"
region = "us-east1"
}

resource "google_storage_bucket"
"secondary_bucket" {
provider = google.secondary
name = "my-secondary-bucket"
}
Terraform Basics to Advanced in One Guide 15

Use required_providers to specify source and version.

terraform {
required_providers {
google = {
source = "hashicorp/google"
version = "~> 5.0"
}
}
}

provider "google" {
project = "my-gcp-project"
region = "us-central1"
}

Understanding Terraform State

Terraform state is a file that keeps track of all the
resources Terraform creates and manages. It acts as the
"source of truth" for Terraform.
Terraform Basics to Advanced in One Guide 16

Local State vs. Remote State

Local State Remote State

Stored in a local file Stored in remote storage (e.g.,

(terraform.tfstate) S3, Azure Blob).

Suitable for single users Suitable for teams and

or testing. production.

Risk of data loss if file is Centralized, secure, and

deleted. versioned.

State locking prevents multiple users from updating the

same state file at the same time, avoiding corruption.

Best Practices:
Use remote backends for state storage.
Enable state locking using DynamoDB (for AWS) or
equivalent solutions.
Regularly back up your state file.

Configuring Backends for State Storage

A backend defines where Terraform stores its state.
Remote backends are highly recommended for teams and
production environments.
Terraform Basics to Advanced in One Guide 17

S3 Backend for AWS

Using S3 for state storage with DynamoDB for locking:

terraform {
backend "s3" {
bucket = "my-terraform-state"
key = "prod/terraform.tfstate"
region = "us-east-1"
dynamodb_table = "terraform-lock"
encrypt = true
}
}

Azure Blob Storage Backend

terraform {
backend "azurerm" {
resource_group_name = "my-rg"
storage_account_name = "mystorageaccount"
container_name = "tfstate"
key =
"prod.terraform.tfstate"
}
}
Terraform Basics to Advanced in One Guide 18

GCS Backend for Google Cloud

terraform {
backend "gcs" {
bucket = "my-tf-state-bucket"
prefix = "prod/state"
}
}
Terraform Basics to Advanced in One Guide 19

3. Core Terraform Workflow

The Terraform workflow consists of a series of steps to
initialize, write, validate, plan, apply, and destroy
infrastructure. These steps form a repeatable process to
manage infrastructure safely and predictably.

Key Concepts:
Initialization (`terraform init`)
Writing and Organizing Terraform Configurations
Planning Changes (`terraform plan`)
Applying Changes (`terraform apply`)
Destroying Infrastructure (`terraform destroy`)
Terraform Basics to Advanced in One Guide 20
Terraform Basics to Advanced in One Guide 21

Initialization (`terraform init`)

The terraform init command is the first step in any Terraform
project. It initializes the working directory, downloads required
provider plugins, and sets up the backend for state
management.

Run:

terraform init

Sample Output:

Initializing provider plugins...

- Downloading plugin for provider "aws"
(hashicorp/aws)...

Terraform creates a .terraform directory in your working

directory to store plugins and dependencies.

Writing and Organizing Terraform

Configurations
Terraform configurations define the desired infrastructure in
HCL (HashiCorp Configuration Language). The configuration
files are organized logically to maintain clarity, modularity,
and ease of management.
Terraform Basics to Advanced in One Guide 22

Key Configuration Files in a Terraform Project:

providers.tf: Defines the providers Terraform will use to

manage resources (e.g., AWS, Azure, GCP).

Example:

provider "aws" {
region = "us-east-1"
}

main.tf: Contains the main resource definitions—the actual

infrastructure you want Terraform to create or manage.

Example:

resource "aws_instance" "example" {

ami = "ami-12345678"
instance_type = "t2.micro"
}

variables.tf: Declares input variables to make the

configuration dynamic and reusable.

Example:

variable "instance_type" {
description = "Type of EC2 instance"
default = "t2.micro"
}
Terraform Basics to Advanced in One Guide 23

outputs.tf: Defines output values to share key information

about the infrastructure after provisioning..

Example:

output "instance_ip" {
value = aws_instance.example.public_ip
}

backend.tf: Configures backends for storing the Terraform

state file remotely (e.g., S3, Azure Blob).

Example:

terraform {
backend "s3" {
bucket = "my-terraform-state"
key = "prod/terraform.tfstate"
region = "us-east-1"
}
}

terraform.tfvars: Stores default values for input variables.

This file is optional but helps separate configuration values
from the code.

Example:

instance_type = "t3.small"
Terraform Basics to Advanced in One Guide 24

Working Process:

1. Start with Providers (providers.tf) to tell Terraform which

infrastructure to manage.
2. Define Resources in main.tf using resource blocks.
3. Use variables (variables.tf) to make the configuration
flexible.
4. Output important values (e.g., IPs, DNS names) in
outputs.tf.
5. Store sensitive or dynamic input values in
terraform.tfvars.
6. Configure a remote backend (backend.tf) for better state
management and team collaboration.

Planning Changes (terraform plan)

The terraform plan command generates an execution plan
showing what actions Terraform will take to align the
infrastructure with the configuration.

Run:

terraform plan

Sample Output:

Plan: 1 to add, 0 to change, 0 to destroy.

Terraform Basics to Advanced in One Guide 25

Add: New resources to create.

Change: Resources that will be updated.
Destroy: Resources that will be deleted.

Checking Infrastructure Without Making Changes

terraform plan is safe - it does not modify infrastructure. Use
it to review changes before applying.

Tip: Save a plan file to apply changes later:

terraform plan -out=tfplan

Applying Changes (terraform apply)

The terraform apply command executes the changes
required to match the configuration.

Creating/Modifying Resources:

Run:

terraform apply

Terraform will prompt for confirmation:

Do you want to perform these actions?

Terraform will perform the actions
described above.
Only 'yes' will be accepted to approve.
Terraform Basics to Advanced in One Guide 26

Type yes to proceed.

Example output:

Apply complete! Resources: 1 added, 0

changed, 0 destroyed.

Storing State Changes

When Terraform applies changes, it updates the state file

(terraform.tfstate) to reflect the current infrastructure.
Keep the state file secure - do not expose it publicly.
Use remote backends (like S3 or Azure Blob) for
collaboration and safety.

Destroying Infrastructure (terraform destroy)

The terraform destroy command removes all resources
managed by your Terraform configuration.

Cleaning Up Resources Safely

Run:

terraform destroy
Terraform Basics to Advanced in One Guide 27

Terraform will display a summary and prompt for

confirmation:

Do you really want to destroy all resources?

Only 'yes' will be accepted to confirm.

Confirm by typing yes.

Example output:

Destroy complete! Resources: 1 destroyed.

Tips for Safe Destruction:

Use terraform plan before destroying to preview what will
be deleted.
If you only want to delete specific resources, use
targeting

terraform destroy -
target=aws_instance.example
Terraform Basics to Advanced in One Guide 28

4. Managing Infrastructure with

Terraform

Terraform provides powerful features like modules for

reusability and workspaces to manage multiple
environments. This chapter explains how to use these
features to organize your Terraform code and isolate
environments like development, staging, and production.

Key Concepts:
Working with Modules
Managing Multiple Environments
Terraform Basics to Advanced in One Guide 29

Working with Modules

Modules are reusable, logical units of Terraform code. By
encapsulating resources into modules, you can reduce
duplication, improve maintainability, and share infrastructure
patterns across projects.

Creating Reusable Modules:

To create a Terraform module:

1. Structure Your Module: A module is just a folder

containing Terraform configuration files.

Example directory structure for a module:

terraform-modules/
├── ec2-instance/
│ ├── main.tf # Main resource definitions
│ ├── variables.tf # Input variables
│ ├── outputs.tf # Outputs

2. Define the Module:

main.tf (Core resource logic):

resource "aws_instance" "resource_A" {

ami = var.ami
instance_type = var.instance_type
}
Terraform Basics to Advanced in One Guide 30

variables.tf (Input variables):

variable "ami" {
description = "AMI ID for the instance"
}
variable "instance_type" {
description = "EC2 instance type"
default = "t2.micro"
}

outputs.tf (Export values):

output "instance_ip" {
value = aws_instance.resource_A.public_ip
}

3. Use the Module in Your Project:

In your root project folder, reference the module:

module "ec2_instance" {
source = "./terraform-modules/ec2-instance"
ami = "ami-12345678"
instance_type = "t2.small"
}

4. Initialize and apply:

terraform init
terraform apply
Terraform Basics to Advanced in One Guide 31

Organizing Root and Child Modules

Modules are structured hierarchically:
Root Module: The main configuration where you call
other modules.
Child Module: A reusable set of configurations stored in
a subfolder.

Creating and Using Child Modules

1. Define the Child Module: Inside the

modules/child_module/ folder, create the required files

child_module.tf: Defines the infrastructure resources

resource "aws_instance" "example" {

ami = var.ami
instance_type = var.instance_type
}
Terraform Basics to Advanced in One Guide 32

variables.tf: Declares the module’s input variables

variable "ami" {
description = "AMI ID for the instance"
}
variable "instance_type" {
description = "Instance type"
default = "t2.micro"
}

2. Call the Child Module in the Root Module:

In the main.tf file of the root module, reference the child

module

module "ec2_instance" {
source = "./modules/child_module"
ami = "ami-12345678"
instance_type = "t2.small"
}

3. Initialize and apply

terraform init
terraform apply
Terraform Basics to Advanced in One Guide 33

Using External and Public Modules

You don’t always need to create modules from scratch.
Terraform provides a public registry of pre-built modules.

1. Search for modules at Terraform Registry.

2. Use a module directly from the registry.

Example Using an AWS VPC Module:

module "vpc" {
source = "terraform-aws-modules/vpc/aws"
version = "3.14.0"

name = "my-vpc"
cidr = "10.0.0.0/16"
azs = ["us-east-1a", "us-east-1b"]
public_subnets = ["10.0.1.0/24",
"10.0.2.0/24"]
}

Using public modules:

Saves time by reusing tested and community-validated
code.
Focus on configuring rather than building infrastructure
logic.
Terraform Basics to Advanced in One Guide 34

Managing Multiple Environments

Workspaces create multiple instances of the same Terraform
state file. This is useful for managing different environments
with a single configuration.

1. Create a New Workspace:

terraform workspace new dev

Output:

Created and switched to workspace "dev".

2. List All Workspaces:

terraform workspace list

Output:

default
* dev

3. Switch Between Workspaces:

terraform workspace select dev

Terraform Basics to Advanced in One Guide 35

4. Using Workspace Names in Configurations:

You can customize resources based on the workspace name
using the terraform.workspace variable:

resource "aws_s3_bucket" "example" {

bucket = "my-app-${terraform.workspace}"
}

In dev, the bucket name becomes my-app-dev.

In prod, it becomes my-app-prod.

Switching and Managing Workspaces:

Common terraform workspace commands:

Command Description

terraform workspace new

Create a new workspace.
<name>

terraform workspace list List all available workspaces.

terraform workspace select Switch to a specific

<name> workspace.

Show the current active

terraform workspace show
workspace.

terraform workspace delete Delete a workspace (if not in

<name> use).
Terraform Basics to Advanced in One Guide 36

Example Workflow for Multiple Environments

1. Start by creating workspaces for each environment:

terraform workspace new dev

terraform workspace new prod

2. Apply changes to a specific environment:

terraform workspace select dev

terraform apply

3. Switch to another environment and apply:

terraform workspace select prod

terraform apply

Points Worth Noting:

Use workspaces for lightweight, isolated environments.

Store state files in remote backends (e.g., S3) to prevent
conflicts.
Use variables to customize environment-specific values.
Terraform Basics to Advanced in One Guide 37

5. Variables, Data Types, and Outputs

variables allow you to customize and reuse configurations

by providing dynamic values. Meanwhile, outputs help
you extract and share information about your
infrastructure.

Think of variables as inputs to your configuration and

outputs as the results Terraform provides after creating or
managing your resources.

Key Concepts:
Using Input Variables
Understanding Terraform Data Types
Outputs and Sharing Data Across Modules
Terraform Basics to Advanced in One Guide 38

Using Input Variables

Terraform input variables make your code reusable and
flexible. Instead of hardcoding values, you define variables
and pass their values when needed.

Defining Variables in variables.tf

You define variables using the variable block in a variables.tf

file.

variable "instance_type" {
description = "Type of EC2 instance to use"
default = "t2.micro"
}

variable "instance_count" {
description = "Number of instances to create"
type = number
default = 1
}

Here:
description: Describes the purpose of the variable.
type: Specifies the variable’s data type (optional but
good practice).
default: Provides a default value if no value is supplied.
Terraform Basics to Advanced in One Guide 39

Passing Values to Variables

Terraform supports multiple ways to assign values to
variables:

1. Create a terraform.tfvars file in the root directory:

instance_type = "t3.medium"
instance_count = 2

2. Using the CLI: Pass values directly using the -var flag

terraform apply -var="instance_type=t3.large" -

var="instance_count=3"

3. Using Environment Variables: Export variables with

the TF_VAR_ prefix

export TF_VAR_instance_type="t3.small"
Terraform Basics to Advanced in One Guide 40

Variable Precedence and Loading Order

Terraform loads variable values in the following order (from
highest precedence to lowest):

1. CLI Flags: -var or -var-file.

2. Environment Variables: Prefixed with TF_VAR_.
3. terraform.tfvars or *.auto.tfvars.
4. Default Values in variables.tf.

Terraform Data Types

Terraform supports several data types to define variables.
Below is a quick reference table with examples:

Data Type Description Example Usage

String A single line of text. name = var.name

Numeric values
Number count = var.count
(integers/floats).

enabled =
Boolean True or false values.
var.enabled

Ordered sequence of cidr =

List
values. var.subnets[0]

Map Key-value pairs. tags = var.tags

name =
Object Complex structures.
var.config.name
Terraform Basics to Advanced in One Guide 41

Example: Combining Data Types

Here’s an example of how you can use different data types
together:

variables.tf:

variable "app_config" {
description = "Configuration for the
application"
type = object({
name = string
instance_count = number
tags = map(string)
})
default = {
name = "my-app"
instance_count = 3
tags = {
environment = "dev"
owner = "team-devops"
}
}
}

main.tf:

resource "aws_instance" "example" {

count = var.app_config.instance_count
ami = "ami-12345678"
instance_type = "t2.micro"
tags = var.app_config.tags
}
Terraform Basics to Advanced in One Guide 42

Outputs and Sharing Data Across Modules

Terraform outputs allow you to extract and share values from
your configuration. You can display outputs in the terminal or
use them as inputs for other modules.

Defining Output Values

Use the output block to define outputs.

Example:

output "public_ip" {
description = "The public IP of the EC2
instance"
value = aws_instance.example.public_ip
}

Accessing Outputs
After applying your Terraform configuration, use the terraform
output command to view output values:

View All Outputs:

terraform output

Example Output:

public_ip = "54.123.45.67"
Terraform Basics to Advanced in One Guide 43

Access a Specific Output:

terraform output public_ip

Using Outputs Across Modules

You can pass outputs from one module to another.

Example:

Child Module (network):

output "subnet_id" {
value = aws_subnet.example.id
}

Root Module:

module "network" {
source = "./modules/network"
}

module "app" {
source = "./modules/app"
subnet_id = module.network.subnet_id

Here, the subnet_id output from the network module is

passed as an input to the app module.
Terraform Basics to Advanced in One Guide 44

6. Advanced Terraform Techniques

As Terraform projects grow in scale and complexity,

challenges arise in handling dependencies, managing
sensitive data securely, and avoiding scaling issues.

This chapter introduces advanced techniques to manage

these challenges effectively.

Key Concepts:
Handling Dependencies in Terraform
Managing Sensitive Data
Dealing with Large Infrastructure
Terraform Basics to Advanced in One Guide 45

Handling Dependencies in Terraform

Terraform builds resources based on their dependencies.
Proper management of these dependencies ensures
resources are created, updated, or destroyed in the correct
order.

Implicit Dependencies
Terraform automatically detects implicit dependencies when
one resource references another. You do not need to define
these explicitly.

Example:

resource "aws_vpc" "example" {

cidr_block = "10.0.0.0/16"
}

resource "aws_subnet" "example" {

vpc_id = aws_vpc.example.id
cidr_block = "10.0.1.0/24"
}

In this case:
Terraform understands that aws_subnet.example
depends on aws_vpc.example because vpc_id
references the VPC ID.
Terraform Basics to Advanced in One Guide 46

Explicit Dependencies
For cases where Terraform cannot infer dependencies
automatically, you can use the depends_on meta-argument
to define explicit dependencies.

Example:

resource "aws_instance" "example" {

ami = "ami-12345678"
instance_type = "t2.micro"

depends_on = [aws_vpc.example]
}

Here, the EC2 instance explicitly depends on the VPC.

Resource Dependency Graphs (terraform

graph)
Terraform can generate a resource dependency graph to
help you visualize relationships between resources.

Generating the Graph

Run the following command:

terraform graph
Terraform Basics to Advanced in One Guide 47

By default, this generates a graph in DOT format (Directed

Graph Language).

You can render it into an image using tools like Graphviz.

Sample Visualized Graph

The graph shows:

1. The VPC as the root resource.
2. The Subnet depends on the VPC.
3. The Instance depends on the Subnet.

Managing Sensitive Data

Protecting Secrets in State Files
Terraform state files (terraform.tfstate) store resource
configurations, including sensitive data. By default, state files
are stored in plaintext.

Best Practices:
1. Use Remote Backends: Store state files securely in
encrypted remote backends like S3 with encryption enabled.
Terraform Basics to Advanced in One Guide 48

2. Enable State File Encryption:

terraform {
backend "s3" {
bucket = "my-terraform-state"
encrypt = true
}
}

3. Avoid Hardcoding Secrets: Use tools like AWS Secrets

Manager, HashiCorp Vault, or environment variables for
credentials.

Sensitive Outputs
To prevent sensitive data from being exposed in Terraform
outputs, use the sensitive argument.

Example:

output "db_password" {
value = var.db_password
sensitive = true
}

When you mark an output as sensitive:

Terraform hides the output value in the console.
However, the value still exists in the state file.
Terraform Basics to Advanced in One Guide 49

Dealing with Large Infrastructure

Managing large-scale infrastructure with Terraform requires
thoughtful strategies to ensure performance and avoid errors.

Scaling Infrastructure with Terraform

1. Use Modules: Break large configurations into reusable
modules to improve organization.

2. Parallel Resource Creation: Terraform can create

resources in parallel. Use the -parallelism flag to control
concurrency:

terraform apply -parallelism=10

3. Leverage Workspaces: Use workspaces to manage

multiple environments (e.g., dev, staging, prod) with the
same codebase.

Avoiding API Rate Limits

When Terraform makes too many API requests to a provider
(e.g., AWS, Azure), you might hit rate limits.

Techniques to Avoid API Rate Limits:

1. Batch Resource Creation: Use count or for_each to

group resources logically, minimizing requests.
Terraform Basics to Advanced in One Guide 50

2. Use -parallelism: Reduce the number of concurrent

operations:

terraform apply -parallelism=5

3. Retry Logic: Use Terraform’s provider block to configure

retry settings (if supported by the provider):

provider "aws" {
max_retries = 3
}
Terraform Basics to Advanced in One Guide 51

7. Provisioners and Lifecycle

Management
Provisioners allow you to execute scripts or commands on
resources as they are created or destroyed. Terraform
also provides lifecycle management to control resource
creation, updates, and cleanup.

This chapter focuses on:

Key Concepts:
Understanding Provisioners
Managing Resource Lifecycles
Managing Resource Cleanup and Failure Scenarios
Terraform Basics to Advanced in One Guide 52

Understanding Provisioners

Provisioners are used to run scripts or commands on the

local or remote system. Use them for tasks like installing
software, configuring servers, or running post-deployment
tasks.

⚠️ Note: Provisioners are a last resort. Use configuration

management tool like Ansible when possible.

Provisioner
Use Case Execution
Type

Run
Executes on the
scripts/commands
Local-Exec machine running
locally on your
Terraform.
machine.

Run Requires SSH or

Remote-Exec scripts/commands on WinRM connection
a remote resource. to the resource.
Terraform Basics to Advanced in One Guide 53

Local-Exec Provisioner
The local-exec provisioner runs commands on the local
machine where Terraform is executed.

Example: Running a local script after creating an AWS

instance:

resource "aws_instance" "web" {

ami = "ami-12345678"
instance_type = "t2.micro"

provisioner "local-exec" {
command = "echo 'EC2 instance created' >
instance_status.txt"
}
}

Remote-Exec Provisioner
The remote-exec provisioner runs commands on the remote
resource, like an EC2 instance.
Terraform Basics to Advanced in One Guide 54

Example: Running commands on an EC2 instance to install a

web server

resource "aws_instance" "web" {

ami = "ami-12345678"
instance_type = "t2.micro"

connection {
type = "ssh"
user = "ec2-user"
private_key = file("~/.ssh/id_rsa")
host = self.public_ip
}

provisioner "remote-exec" {
inline = [
"sudo yum update -y",
"sudo yum install -y httpd",
"sudo systemctl start httpd"
]
}
}

Here:
1. connection block establishes an SSH connection.
2. inline specifies the list of commands to run sequentially.
Terraform Basics to Advanced in One Guide 55

Example: Running commands on an EC2 instance to install a

web server

resource "aws_instance" "web" {

ami = "ami-12345678"
instance_type = "t2.micro"

connection {
type = "ssh"
user = "ec2-user"
private_key = file("~/.ssh/id_rsa")
host = self.public_ip
}

provisioner "remote-exec" {
inline = [
"sudo yum update -y",
"sudo yum install -y httpd",
"sudo systemctl start httpd"
]
}
}

Here:
1. connection block establishes an SSH connection.
2. inline specifies the list of commands to run sequentially.
Terraform Basics to Advanced in One Guide 56

Local-Exec vs. Remote-Exec Simplified

Terraform Basics to Advanced in One Guide 57

Managing Resource Lifecycles

Terraform provides lifecycle hooks to manage updates,
tainting, and scaling resources.

Tainting and Recreating Resources

The terraform taint command marks a resource for forced
recreation during the next terraform apply.

Example: Mark an EC2 instance for recreation:

terraform taint aws_instance.web

Output:

Resource instance aws_instance.web has been

marked as tainted.

On the next terraform apply, Terraform will destroy and

recreate the resource.

Updating, Scaling, and Modifying Resources

1. Updating Resources: Terraform detects changes in

configurations and applies updates without recreating the
resource.
Terraform Basics to Advanced in One Guide 58

Example:

resource "aws_instance" "web" {

instance_type = "t2.micro"
}

Change instance_type to t2.small and run:

terraform apply

2. Scaling Resources: Use the count or for_each arguments

to scale resources.

Example (Scaling with Count):

resource "aws_instance" "web" {

count = 3
ami = "ami-12345678"
instance_type = "t2.micro"
}

Terraform will create 3 identical EC2 instances.

3. Modifying Resources: Modify resource attributes in the

configuration. Terraform will update only the changed
attributes.
Terraform Basics to Advanced in One Guide 59

Managing Resource Cleanup and Failure

Scenarios
When using provisioners, failures can occur. Terraform offers
ways to control cleanup and handle errors.

Handling Failure Behavior in Provisioners

Use the on_failure argument to specify what happens if a
provisioner fails.

Behavior Description

Terraform continues despite

continue
provisioner failure.

Terraform stops immediately on

fail (default)
failure.

Example:

provisioner "local-exec" {
command = "exit 1"
on_failure = "continue"
}

In this case, Terraform will log the failure but continue

executing.
Terraform Basics to Advanced in One Guide 60

Cleaning Up Resources on Failure

If a provisioner fails, Terraform does not automatically roll back
changes.

You can handle cleanup manually by:

1. Using terraform destroy to delete all resources:

terraform destroy

2. You can even use external scripts to clean up incomplete

resources:

provisioner "local-exec" {
command = "./cleanup_script.sh"
on_failure = "continue"
}
Terraform Basics to Advanced in One Guide 61

8. Debugging and Troubleshooting in

Terraform
Provisioners allow you to execute scripts or commands on
resources as they are created or destroyed. Terraform
also provides lifecycle management to control resource
creation, updates, and cleanup.

This chapter focuses on:

Key Concepts:
Debugging Basics
Common Debugging Commands
Debugging Common Terraform Issues
Debugging Best Practices
Terraform Basics to Advanced in One Guide 62

Debugging Basics
Debugging in Terraform starts with understanding how to
enable logging and interpret log levels.

How to Enable Logs in Terraform

Terraform uses the TF_LOG environment variable to control
log verbosity. To enable logs, set the TF_LOG variable before
running any Terraform command.

Example:

export TF_LOG=DEBUG
terraform apply

Understanding the TF_LOG Levels

Log Level Purpose

Very detailed logs, including internal operations

TRACE
(use for deep debugging).

Detailed information about resource changes

DEBUG
and provider interactions.

High-level overview of operations (default

INFO
level).

WARN Warnings about potential issues.

ERROR Critical errors that caused the process to fail.

Terraform Basics to Advanced in One Guide 63

Common Debugging Commands

Terraform provides several commands and environment
variables to assist in debugging.

Using TF_LOG for Different Verbosity Levels

To adjust log verbosity, set the TF_LOG level before running a
command:

Example:

export TF_LOG=TRACE
terraform plan

Persisting Logs with TF_LOG_PATH

To save logs to a file for later review, set the TF_LOG_PATH
variable along with TF_LOG.

Example:

export TF_LOG=DEBUG
export TF_LOG_PATH=/tmp/terraform.log
terraform apply

Logs will be saved to /tmp/terraform.log

Terraform Basics to Advanced in One Guide 64

Debugging Common Terraform Issues

Here are strategies to troubleshoot some of the most common
Terraform issues:

Troubleshooting Initialization Failures

Scenario #1: terraform init fails due to missing provider plugins
or backend misconfigurations.

Steps to Debug:
1. Check provider configurations in provider.tf
2. Run with debugging enabled:

export TF_LOG=DEBUG
terraform init

3. If using remote backends, verify credentials and backend

settings.

Example Error:

Error: Failed to download provider "aws"

Solution:
Ensure internet connectivity.
Check Terraform version compatibility with providers.
Terraform Basics to Advanced in One Guide 65

Fixing Plan and Apply Errors

Scenario #2: Errors occur when running terraform plan or
terraform apply.

Steps to Debug:
1. Review the error message for resource-specific issues.
2. Enable detailed logs:

export TF_LOG=TRACE
terraform plan

3. Use terraform validate to check for syntax errors:

terraform validate

Example Error:

Error: Invalid value for module input

Solution:
Verify variable values in terraform.tfvars.
Check if the correct workspace is selected.
Terraform Basics to Advanced in One Guide 66

Dealing with Inconsistent State Files

Scenario #3: State file corruption or mismatch between
Terraform state and real infrastructure.

Steps to Debug:
1. Run terraform state list to identify inconsistencies.
2. Use terraform refresh to reconcile the state with the real
infrastructure.
3. For critical issues, manually edit the state file (use with
caution).

Example Error:

Error: Resource not found

Solution:
If a resource no longer exists, use terraform state rm to
remove it from the state

terraform state rm aws_instance.web

Terraform Basics to Advanced in One Guide 67

Best Practices for Debugging Terraform

1. Use `TF_LOG` to capture logs and `TF_LOG_PATH` to
persist them for review.

2. Run `terraform validate` to detect syntax or

configuration errors before applying changes.

3. Save and reuse plan files with `terraform plan -out` to

debug and reproduce issues consistently.

4. Use `terraform refresh` to align the state file with actual

infrastructure.

5. Verify `terraform.tfvars` or CLI inputs for mismatched or

missing values.

6. Ensure proper provider credentials and environment

variables are set.

7. Isolate problematic sections of the code by testing

smaller configurations independently.

8. Leverage tools like Datadog, or Logstash to monitor

Terraform logs and set alerts.

9. Keep track of API rate limits and adjust `-parallelism` if

needed.
Terraform Basics to Advanced in One Guide 68

9. Must Know Commands

Command Description

terraform Initializes the working directory, downloads

init provider plugins, and configures backends.

terraform Generates and displays an execution plan

plan showing the changes Terraform will apply.

terraform Validates the configuration files for syntax and

validate logical errors.

Applies the changes required to reach the

terraform
desired state as defined in the configuration
apply
files.

terraform Destroys all resources managed by the

destroy current configuration.

terraform Formats Terraform configuration files to follow

fmt standard formatting conventions.

terraform Displays the values of outputs defined in the

output configuration. eg: terraform output instance_ip

Imports existing infrastructure into Terraform

terraform
state. eg: terraform import
import
aws_instance.my_ec2 i-12345678
Terraform Basics to Advanced in One Guide 69

9. Must Know Commands (continued..)

Command Description

terraform Manages Terraform state, allowing users to

state list, move, or remove resources.

terraform Manages state file locking in supported

lock backends.

terraform Unlocks a state file that has been manually

unlock locked. eg: terraform unlock <lock-id>

Marks a resource for forced recreation on the

terraform
next apply. eg: terraform taint
taint
aws_instance.my_ec2

Generates a dependency graph of the

terraform
resources in DOT format. eg: terraform graph
graph
> graph.dot

Manages multiple workspaces for

terraform
environment isolation (e.g., dev, stage, prod).
workspace
eg: terraform workspace new dev

terraform Interacts with Terraform modules for creating,

module updating, and managing reusable code.

terraform Displays the providers required by the

providers configuration and their versions.
Terraform Basics to Advanced in One Guide 69

9. Must Know Commands (continued..)

Command Description

terraform Displays the current state or the plan file in a

show human-readable format.

terraform Reconciles the state file with the real

refresh infrastructure without applying changes.

terraform Authenticates with Terraform Cloud or other

login remote services.

Note:

Use terraform help <command> for detailed information

on any specific command.