https://github.com/atulkamble/terraform-cheat-sheet
Terraform Commands Cheatsheet © 2025
https://github.com/atulkamble/terraform-cheat-sheet
aws azure cheatsheet cloud cloudnative gcp hashicorp hashicorp-terraform terraform
Last synced: 4 months ago
JSON representation
Terraform Commands Cheatsheet © 2025
- Host: GitHub
- URL: https://github.com/atulkamble/terraform-cheat-sheet
- Owner: atulkamble
- License: apache-2.0
- Created: 2021-06-08T19:11:05.000Z (about 5 years ago)
- Default Branch: main
- Last Pushed: 2025-09-26T06:37:40.000Z (9 months ago)
- Last Synced: 2025-09-26T08:30:05.413Z (9 months ago)
- Topics: aws, azure, cheatsheet, cloud, cloudnative, gcp, hashicorp, hashicorp-terraform, terraform
- Homepage: https://atulkamble.github.io/Terraform-Cheat-Sheet/
- Size: 40 KB
- Stars: 7
- Watchers: 3
- Forks: 16
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE
Awesome Lists containing this project
README
# Terraform Cheatsheet (Commands, Codes & Steps)
> A fast, practical reference for everyday Terraform work — installation, init → plan → apply workflow, variables & modules, state, workspaces, backends, and common HCL patterns.
---
## 0) Install & Setup
### macOS (Homebrew)
```bash
brew tap hashicorp/tap
brew install hashicorp/tap/terraform
terraform -install-autocomplete
terraform version
```
### Linux (Zip release)
```bash
curl -fsSL https://releases.hashicorp.com/terraform/ | head -n 20 # find latest version
curl -O https://releases.hashicorp.com/terraform/1.7.5/terraform_1.7.5_linux_amd64.zip
unzip terraform_1.7.5_linux_amd64.zip
sudo mv terraform /usr/local/bin/
terraform -install-autocomplete
terraform version
```
### Optional: tfenv (Version Manager)
```bash
git clone https://github.com/tfutils/tfenv.git ~/.tfenv
echo 'export PATH="$HOME/.tfenv/bin:$PATH"' >> ~/.bash_profile
source ~/.bash_profile
tfenv install 1.7.5
tfenv use 1.7.5
```
---
## 1) Project Scaffolding
```
project/
├─ main.tf # root module (resources, data, providers)
├─ variables.tf # input variables
├─ outputs.tf # outputs
├─ providers.tf # provider blocks
├─ versions.tf # required_version, etc.
├─ terraform.tfvars # variable defaults (don’t commit secrets)
└─ modules/ # reusable child modules
```
Recommended `.gitignore`:
```
.terraform/
.terraform.lock.hcl
*.tfstate
*.tfstate.*
crash.log
*.tfvars
*.auto.tfvars
override.tf*
*_override.tf*
```
---
## 2) Initialize Providers, Modules & Backend
```bash
terraform init # first command in a new repo
terraform init -upgrade # upgrade providers/modules
terraform init -backend-config=backend.hcl -reconfigure
terraform providers # list required providers
terraform -help # built-in help
```
Example `backend.hcl` (AWS S3 + DynamoDB):
```hcl
bucket = "my-tf-state-bucket"
key = "envs/dev/terraform.tfstate"
region = "ap-south-1"
dynamodb_table = "tf-state-locks"
encrypt = true
```
---
## 3) Core Workflow
```bash
terraform fmt -recursive # format
terraform validate # validate HCL
terraform plan -out=plan.tfplan # generate plan
terraform apply plan.tfplan # apply saved plan
terraform apply [-auto-approve] # direct apply
terraform destroy [-auto-approve] # destroy infra
```
Targeted & replace:
```bash
terraform plan -target=aws_s3_bucket.site
terraform apply -replace=aws_instance.web
```
Troubleshooting:
```bash
TF_LOG=DEBUG TF_LOG_PATH=tf.log terraform apply
terraform console
terraform graph | dot -Tpng > graph.png
```
---
## 4) Variables, Locals & Outputs
`variables.tf`
```hcl
variable "aws_region" { type = string, default = "ap-south-1" }
variable "tags" {
type = map(string)
default = { project="demo", owner="Atul" }
}
```
`terraform.tfvars`
```hcl
aws_region = "ap-south-1"
tags = { project="demo", owner="Atul" }
```
CLI overrides:
```bash
terraform apply -var 'aws_region=us-east-1'
terraform apply -var-file=prod.tfvars
```
Locals:
```hcl
locals {
prefix = "${var.project}-${terraform.workspace}"
}
```
Outputs:
```hcl
output "website_url" {
value = "http://${aws_s3_bucket.site.bucket_regional_domain_name}"
}
```
---
## 5) Resources, Data Sources & Meta-Arguments
Resource:
```hcl
resource "aws_s3_bucket" "site" {
bucket = "${local.prefix}-site"
tags = var.tags
}
```
Data source:
```hcl
data "aws_ami" "amazon_linux" {
most_recent = true
owners = ["amazon"]
filter {
name = "name"
values = ["al2023-ami-*"]
}
}
```
Meta-args:
```hcl
count, for_each, depends_on, lifecycle
```
---
## 6) Modules
Example reusable VPC module:
```hcl
module "vpc" {
source = "./modules/vpc"
cidr = "10.0.0.0/16"
}
```
Pull/update:
```bash
terraform get -update=true
```
---
## 7) Workspaces
```bash
terraform workspace new dev
terraform workspace select dev
terraform workspace list
terraform.workspace # reference in code
```
---
## 8) State Management
Inspect/move/import:
```bash
terraform show
terraform state list
terraform state show aws_s3_bucket.site
terraform state mv aws_iam_role.old module.iam.aws_iam_role.new
terraform state rm aws_s3_bucket.legacy
terraform state pull > terraform.tfstate
terraform state push terraform.tfstate
terraform state replace-provider hashicorp/aws registry.opentofu.org/aws
```
Import existing:
```bash
terraform import aws_s3_bucket.imported my-existing-bucket
```
---
## 9) Terraform Cloud / Remote Runs
```bash
terraform login
terraform logout
```
Configure with `cloud {}` or `backend "remote" {}`.
---
## 10) Example: AWS Static Website
`main.tf`:
```hcl
resource "aws_s3_bucket" "site" {
bucket = "tf-site-${terraform.workspace}"
}
resource "aws_s3_bucket_website_configuration" "site" {
bucket = aws_s3_bucket.site.id
index_document { suffix = "index.html" }
error_document { key = "index.html" }
}
output "url" {
value = "http://${aws_s3_bucket_website_configuration.site.website_endpoint}"
}
```
Commands:
```bash
terraform init -backend-config=backend.hcl
terraform workspace new dev
terraform plan -out=plan.tfplan
terraform apply plan.tfplan
terraform output url
```
---
## 11) Extended Commands
Taint & unlock:
```bash
terraform taint aws_instance.my_ec2
terraform untaint aws_instance.my_ec2
terraform force-unlock LOCK_ID
```
Console:
```bash
echo 'join(",",["foo","bar"])' | terraform console
```
Graph:
```bash
terraform graph | dot -Tpng > graph.png
```
---
## 12) Best Practices
* Pin provider versions & commit `.terraform.lock.hcl`.
* Never commit `*.tfstate` or secrets.
* Use `for_each` instead of `count` for stable keys.
* Minimize use of `-target`.
* Use `terraform plan -refresh-only` for drift detection.
* Limit concurrency with `-parallelism=N`.
---
## 13) One-Page Command Reference
```bash
terraform version
terraform init [-backend-config=FILE] [-upgrade] [-reconfigure]
terraform fmt -recursive
terraform validate
terraform plan [-out=plan.tfplan] [-target=ADDR] [-replace=ADDR] [-refresh-only]
terraform apply [plan.tfplan] [-auto-approve]
terraform destroy [-target=ADDR] [-auto-approve]
terraform output [-raw NAME] [-json]
terraform providers
terraform console
terraform graph | dot -Tpng > graph.png
terraform workspace list|new|select|show
terraform state list|show|mv|rm|pull|push|replace-provider
terraform import
terraform taint|untaint
terraform force-unlock
```
---
## Author & Links
* 📘 [Terraform Cheatsheet](https://atulkamble.github.io/Terraform-Commands-Cheatsheet/)
* 👨💻 [GitHub: atulkamble](https://github.com/atulkamble)
* 💼 [LinkedIn: atuljkamble](https://linkedin.com/in/atuljkamble)
* 📝 [Medium: atuljkamble](https://atuljkamble.medium.com)