Terraform CLI commands Flashcards
State lock file
State lock file
.terraform.tfstate.lock.hcl
in directory terraform.tfstate.d
terraform workspace select default
change to the selected workspace
terraform workspace select default
terraform destroy –auto-approve
destroy/cleanup deployment without being prompted for “yes”
terraform destroy –auto-approve
terraform apply -replace=aws_instance.web
terraform apply -replace=aws_instance.web
Marks the resource as tainted, forcing it to be destroyed and recreated in the next apply.
Only modifies the state file marking the resource as tainted.
terraform init -lockfile=MODE
terraform init -lockfile=MODE
Set a dependency lockfile mode.
readonly: suppress the lockfile changes, but verify checksums against the information already recorded.
It conflicts with the -upgrade flag. If you update the lockfile with third-party dependency management tools, it would be useful to control when it changes explicitly.
Dependency lock file
Dependency lock file
,terraform.lock.hcl
terraform init -from-module=MODULE-SOURCE
terraform init -from-module=MODULE-SOURCE
init can be run against an empty directory with the -from-module=MODULE-SOURCE option, in which case the given module will be copied into the target directory before any other initialization steps are run.
terraform state list
list out all the resources tracked via the current state file
terraform state list
terraform plan -replace module.example.aws_instance.example
terraform plan -replace module.example.aws_instance.example
instructs Terraform to plan to replace the resource instance with the given address. This is helpful when one or more remote objects have become degraded, and you can use replacement objects with the same configuration to align with immutable infrastructure patterns.
terraform validate -backend=false
validate local code but skip backend validation
terraform validate -backend=false
terraform state show aws_instance.my_ec2
show details stored in Terraform state for the resource
terraform state show aws_instance.my_ec2
terraform import aws_instance.new_ec2_instance i-abcd1234
terraform import aws_instance.new_ec2_instance i-abcd1234
#import EC2 instance with id i-abcd1234 into the Terraform resource state. Have to add a blank resource "aws_instance.new_ec2_instance" first.
terraform apply does what?
terraform apply does what?
Refresh, executes plan, validate and the apply.
terraform apply -lock=true
lock the state file so it can’t be modified by any other Terraform apply or modification action(possible only where backend allows locking
terraform apply -lock=true
terraform workspace new mynewworkspace
create a new workspace and select
terraform workspace new mynewworkspace
terraform untaint aws_instance.my_ec2
Remove taint from a resource
terraform untaint aws_instance.my_ec2
terraform apply -target=aws_instance.my_ec2
only apply/deploy changes to the targeted resource
terraform apply -target=aws_instance.my_ec2
terraform state pull > terraform.tfstate
Pull current remote state and output to stdoutput
terraform state pull > terraform.tfstate
terraform output instance_public_ip
terraform output instance_public_ip
list out a specific declared output
terraform plan -destroy
terraform plan -destroy #outputs a destroy plan
terraform console
terraform console
This command provides an interactive command-line console for evaluating and experimenting with expressions.
Reads the configuration in the current working directory and locks the state file.
terraform fmt
terraform fmt
rewrite Terraform configuration files to a HCL canonical format and style. This command applies a subset of the Terraform language style conventions, along with other minor adjustments for readability.
terraform get -update=true
terraform get -update=true
Modules that are already downloaded will be checked for updates and the updates will be downloaded if present.
terraform workspace delete example
This command will delete the specified workspace “example”
terraform workspace delete example
terraform taint aws_instance.my_ec2
taints resource to be recreated on next apply
terraform taint aws_instance.my_ec2
echo “aws_instance.my_ec2.public_ip” | terraform console
display the Public IP against the “my_ec2” Terraform resource as seen in the Terraform state file
echo “aws_instance.my_ec2.public_ip” | terraform console
terraform state mv aws_iam_role.my_ssm_role module.custom_module
terraform state mv aws_iam_role.my_ssm_role module.custom_module
- rename existing resources
- move a resource into a module
- move a module into a module
terraform fmt -diff
terraform fmt -diff
Used to see the differences?
terraform output -json
list all outputs in JSON format
terraform output -json
terraform -install-autocomplete
terraform -install-autocomplete
#Setup tab auto-completion, requires logging back in If you use either bash or zsh as your command shell, Terraform can provide tab-completion support for all command names and (at this time) some command arguments.
terraform apply plan.out
use the plan.out plan file to deploy infrastructure
terraform apply plan.out
terraform apply –auto-approve
apply changes without being prompted to enter “yes”
terraform apply –auto-approve
terraform force-unlock LOCK_ID
forcefully unlock a locked state file, LOCK_ID provided when locking the State file beforehand
terraform force-unlock LOCK_ID
terraform init -from-module=MODULE-SOURCE
terraform init -from-module=MODULE-SOURCE
the given module will be copied into the target directory before any other initialization steps are run.
Given a version control source, it can serve as a shorthand for checking out a configuration from version control and then initializing the working directory for it.
If the source refers to an example configuration, it can be copied into a local directory to be used as a basis for a new configuration.
terraform apply -refresh-only flag
terraform apply -refresh-only flag
When an approved manual configuration of a resource has changed or removed
We use the––refresh–only flag to reflect the changes in our state file
terraform login
obtain and save API token for Terraform cloud
terraform login
echo ‘join(“,”,[“foo”,”bar”])’ | terraform console
echo an expression into terraform console and see its expected result as output
echo ‘join(“,”,[“foo”,”bar”])’ | terraform console
terraform providers
get information about providers used in current configuration
terraform providers
terraform validate
terraform validate
#validate code for syntax. Validate runs checks that verify whether a configuration is syntactically valid and internally consistent, regardless of any provided variables or existing state. Directory must be initialized or will error.
terraform plan -detailed-exitcode
terraform plan -detailed-exitcode
Return a detailed exit code when the command exits. When provided, this argument changes the exit codes and their meanings to provide more granular information about what the resulting plan contains:
terraform import ‘aws_instance.new_ec2_instance[0]’ i-abcd1234
terraform import ‘aws_instance.new_ec2_instance[0]’ i-abcd1234
imports a real-world resource into state.
Have to add a blank resource “aws_instance” “new_ec2_instance” first.
terraform init
terraform init
• Downloading plugin dependencies e.g. Providers and Modules to .terraform\provifers\registry.terraform.io
• Create a .terraform directory
• Create a dependency lock file to enforce expected versions for plugins and terraform itself
- Caches source code locally
terraform graph | dot -Tpng > graph.png
produce a PNG diagrams showing relationship and dependencies between Terraform resource in your configuration/code
terraform graph | dot -Tpng > graph.png
terraform state pull
terraform state pull
This command will download the state from its current location, upgrade the local copy to the latest state file version that is compatible with locally-installed Terraform, and output the raw format to stdout.
This is useful for reading values out of state (potentially pairing this command with something like jq). It is also useful if you need to make manual modifications to state.
terraform apply refresh=false
terraform apply refresh=false
do not reconcile state file with real-world resources(helpful with large complex deployments for saving deployment time)
terraform fmt -list=false
terraform fmt -list=false
Don’t want to see the list of file changes.
terraform state replace-provider hashicorp/aws registry.custom.com/aws
replace an existing provider with another
terraform state replace-provider hashicorp/aws registry.custom.com/aws
terraform fmt -recursive
terraform fmt -recursive
Run format in subdirectories as well.
terraform init -get-plugins=false
initialize directory, do not download plugins
terraform init -get-plugins=false
terraform workspace show
terraform workspace show
Output the current workspace
terraform apply -var my_region_variable=us-east-1
pass a variable via command-line while applying a configuration
terraform apply -var my_region_variable=us-east-1
terraform state push
terraform state push # The terraform state push command is used to manually upload a local state file to remote state. This command also works with local state.
terraform init -verify-plugins=false
initialize directory, do not verify plugins for Hashicorp signature
terraform init -verify-plugins=false
terraform output
terraform output
Used to extract the value of an output variable from the state file.
terraform state rm ‘packet_device.worker’
The terraform state rm command is used to remove items from the Terraform state. This command can remove single resources, single instances of a resource, entire modules, and more.
terraform state rm ‘packet_device.worker’
terraform get
terraform get
Used to download and update modules mentioned in the root module.
The modules are downloaded into a .terraform subdirectory of the current working directory. Don’t commit this directory to your version control repository.
terraform plan -target=ADDRESS
terraform plan -target=ADDRESS
Instructs Terraform to focus its planning efforts only on resource instances which match the given address and on any objects that those instances depend on.
Note: Use -target=ADDRESS in exceptional circumstances only, such as recovering from mistakes or working around Terraform limitations.
terraform logout
terraform logout
Log out of Terraform Cloud, defaults to hostname app.terraform.io
terraform workspace list
list out all workspaces
terraform workspace list
terraform state rm aws_instance.myinstace
unmanage a resource, delete it from Terraform state file
terraform state rm aws_instance.myinstace
terraform apply –parallelism=5
number of simultaneous resource operations
terraform apply –parallelism=5
terraform init -reconfigure
terraform init -reconfigure
When backend changes, run this to migrate to new settings, like move to S3 remote,
terraform plan -out plan.out
output the deployment plan to plan.out
terraform plan -out plan.out
terraform init -get=false
terraform init -get=false
modules that are already downloaded will NOT be checked for updates
terraform version
display Terraform binary version, also warns if version is old
terraform version
Terraform plan
Terraform plan
Read current state of the managed environment - refresh
Compare to the current state file
Propose a set of changes to make remote match configurations
Validate
