Terraform CLI commands

Question 1

State lock file

Answer 1

State lock file

.terraform.tfstate.lock.hcl
in directory terraform.tfstate.d

Question 2

terraform workspace select default

Answer 2

change to the selected workspace

terraform workspace select default

Question 3

terraform destroy –auto-approve

Answer 3

destroy/cleanup deployment without being prompted for “yes”

terraform destroy –auto-approve

Question 4

terraform apply -replace=aws_instance.web

Answer 4

terraform apply -replace=aws_instance.web

Marks the resource as tainted, forcing it to be destroyed and recreated in the next apply.
Only modifies the state file marking the resource as tainted.

Question 5

terraform init -lockfile=MODE

Answer 5

terraform init -lockfile=MODE

Set a dependency lockfile mode.

readonly: suppress the lockfile changes, but verify checksums against the information already recorded.
It conflicts with the -upgrade flag. If you update the lockfile with third-party dependency management tools, it would be useful to control when it changes explicitly.

Question 6

Dependency lock file

Answer 6

Dependency lock file

,terraform.lock.hcl

Question 7

terraform init -from-module=MODULE-SOURCE

Answer 7

terraform init -from-module=MODULE-SOURCE

init can be run against an empty directory with the -from-module=MODULE-SOURCE option, in which case the given module will be copied into the target directory before any other initialization steps are run.

Question 8

terraform state list

Answer 8

list out all the resources tracked via the current state file

terraform state list

Question 9

terraform plan -replace module.example.aws_instance.example

Answer 9

terraform plan -replace module.example.aws_instance.example

instructs Terraform to plan to replace the resource instance with the given address. This is helpful when one or more remote objects have become degraded, and you can use replacement objects with the same configuration to align with immutable infrastructure patterns.

Question 10

terraform validate -backend=false

Answer 10

validate local code but skip backend validation

terraform validate -backend=false

Question 11

terraform state show aws_instance.my_ec2

Answer 11

show details stored in Terraform state for the resource

terraform state show aws_instance.my_ec2

Question 12

terraform import aws_instance.new_ec2_instance i-abcd1234

Answer 12

terraform import aws_instance.new_ec2_instance i-abcd1234

#import EC2 instance with id i-abcd1234 into the Terraform resource state.
Have to add a blank resource "aws_instance.new_ec2_instance" first.

Question 13

terraform apply does what?

Answer 13

terraform apply does what?

Refresh, executes plan, validate and the apply.

Question 14

terraform apply -lock=true

Answer 14

lock the state file so it can’t be modified by any other Terraform apply or modification action(possible only where backend allows locking

terraform apply -lock=true

Question 15

terraform workspace new mynewworkspace

Answer 15

create a new workspace and select

terraform workspace new mynewworkspace

Question 16

terraform untaint aws_instance.my_ec2

Answer 16

Remove taint from a resource

terraform untaint aws_instance.my_ec2

Question 17

terraform apply -target=aws_instance.my_ec2

Answer 17

only apply/deploy changes to the targeted resource

terraform apply -target=aws_instance.my_ec2

Question 18

terraform state pull > terraform.tfstate

Answer 18

Pull current remote state and output to stdoutput

terraform state pull > terraform.tfstate

Question 19

terraform output instance_public_ip

Answer 19

terraform output instance_public_ip

list out a specific declared output

Question 20

terraform plan -destroy

Answer 20

terraform plan -destroy
#outputs a destroy plan

Question 21

terraform console

Answer 21

terraform console

This command provides an interactive command-line console for evaluating and experimenting with expressions.
Reads the configuration in the current working directory and locks the state file.

Question 22

terraform fmt

Answer 22

terraform fmt

rewrite Terraform configuration files to a HCL canonical format and style. This command applies a subset of the Terraform language style conventions, along with other minor adjustments for readability.

Question 23

terraform get -update=true

Answer 23

terraform get -update=true

Modules that are already downloaded will be checked for updates and the updates will be downloaded if present.

Question 24

terraform workspace delete example

Answer 24

This command will delete the specified workspace “example”

terraform workspace delete example

Question 25

terraform taint aws_instance.my_ec2

Answer 25

taints resource to be recreated on next apply

terraform taint aws_instance.my_ec2

Question 26

echo “aws_instance.my_ec2.public_ip” | terraform console

Answer 26

display the Public IP against the “my_ec2” Terraform resource as seen in the Terraform state file

echo “aws_instance.my_ec2.public_ip” | terraform console

Question 27

terraform state mv aws_iam_role.my_ssm_role module.custom_module

Answer 27

terraform state mv aws_iam_role.my_ssm_role module.custom_module

• rename existing resources
• move a resource into a module
• move a module into a module

Question 28

terraform fmt -diff

Answer 28

terraform fmt -diff

Used to see the differences?

Question 29

terraform output -json

Answer 29

list all outputs in JSON format

terraform output -json

Question 30

terraform -install-autocomplete

Answer 30

terraform -install-autocomplete

#Setup tab auto-completion, requires logging back in
If you use either bash or zsh as your command shell, Terraform can provide tab-completion support for all command names and (at this time) some command arguments.

Question 31

terraform apply plan.out

Answer 31

use the plan.out plan file to deploy infrastructure

terraform apply plan.out

Question 32

terraform apply –auto-approve

Answer 32

apply changes without being prompted to enter “yes”

terraform apply –auto-approve

Question 33

terraform force-unlock LOCK_ID

Answer 33

forcefully unlock a locked state file, LOCK_ID provided when locking the State file beforehand

terraform force-unlock LOCK_ID

Question 34

terraform init -from-module=MODULE-SOURCE

Answer 34

terraform init -from-module=MODULE-SOURCE

the given module will be copied into the target directory before any other initialization steps are run.

Given a version control source, it can serve as a shorthand for checking out a configuration from version control and then initializing the working directory for it.

If the source refers to an example configuration, it can be copied into a local directory to be used as a basis for a new configuration.

Question 35

terraform apply -refresh-only flag

Answer 35

terraform apply -refresh-only flag

When an approved manual configuration of a resource has changed or removed
We use the––refresh–only flag to reflect the changes in our state file

Question 36

terraform login

Answer 36

obtain and save API token for Terraform cloud

terraform login

Question 37

echo ‘join(“,”,[“foo”,”bar”])’ | terraform console

Answer 37

echo an expression into terraform console and see its expected result as output

echo ‘join(“,”,[“foo”,”bar”])’ | terraform console

Question 38

terraform providers

Answer 38

get information about providers used in current configuration

terraform providers

Question 39

terraform validate

Answer 39

terraform validate

#validate code for syntax. Validate runs checks that verify whether a configuration is syntactically valid and internally consistent, regardless of any provided variables or existing state.
Directory must be initialized or will error.

Question 40

terraform plan -detailed-exitcode

Answer 40

terraform plan -detailed-exitcode

Return a detailed exit code when the command exits. When provided, this argument changes the exit codes and their meanings to provide more granular information about what the resulting plan contains:

Question 41

terraform import ‘aws_instance.new_ec2_instance[0]’ i-abcd1234

Answer 41

terraform import ‘aws_instance.new_ec2_instance[0]’ i-abcd1234

imports a real-world resource into state.
Have to add a blank resource “aws_instance” “new_ec2_instance” first.

Question 42

terraform init

Answer 42

terraform init

• Downloading plugin dependencies e.g. Providers and Modules to .terraform\provifers\registry.terraform.io
• Create a .terraform directory
• Create a dependency lock file to enforce expected versions for plugins and terraform itself
- Caches source code locally

Question 43

terraform graph | dot -Tpng > graph.png

Answer 43

produce a PNG diagrams showing relationship and dependencies between Terraform resource in your configuration/code

terraform graph | dot -Tpng > graph.png

Question 44

terraform state pull

Answer 44

terraform state pull

This command will download the state from its current location, upgrade the local copy to the latest state file version that is compatible with locally-installed Terraform, and output the raw format to stdout.

This is useful for reading values out of state (potentially pairing this command with something like jq). It is also useful if you need to make manual modifications to state.

Question 45

terraform apply refresh=false

Answer 45

terraform apply refresh=false

do not reconcile state file with real-world resources(helpful with large complex deployments for saving deployment time)

Question 46

terraform fmt -list=false

Answer 46

terraform fmt -list=false

Don’t want to see the list of file changes.

Question 47

terraform state replace-provider hashicorp/aws registry.custom.com/aws

Answer 47

replace an existing provider with another

terraform state replace-provider hashicorp/aws registry.custom.com/aws

Question 48

terraform fmt -recursive

Answer 48

terraform fmt -recursive

Run format in subdirectories as well.

Question 49

terraform init -get-plugins=false

Answer 49

initialize directory, do not download plugins

terraform init -get-plugins=false

Question 50

terraform workspace show

Answer 50

terraform workspace show

Output the current workspace

Question 51

terraform apply -var my_region_variable=us-east-1

Answer 51

pass a variable via command-line while applying a configuration

terraform apply -var my_region_variable=us-east-1

Question 52

terraform state push


Answer 52

terraform state push

# The terraform state push command is used to manually upload a local state file to remote state. This command also works with local state.

Question 53

terraform init -verify-plugins=false

Answer 53

initialize directory, do not verify plugins for Hashicorp signature

terraform init -verify-plugins=false

Question 54

terraform output

Answer 54

terraform output

Used to extract the value of an output variable from the state file.

Question 55

terraform state rm ‘packet_device.worker’


Answer 55

The terraform state rm command is used to remove items from the Terraform state. This command can remove single resources, single instances of a resource, entire modules, and more.

terraform state rm ‘packet_device.worker’


Question 56

terraform get

Answer 56

terraform get

Used to download and update modules mentioned in the root module.
The modules are downloaded into a .terraform subdirectory of the current working directory. Don’t commit this directory to your version control repository.

Question 57

terraform plan -target=ADDRESS

Answer 57

terraform plan -target=ADDRESS

Instructs Terraform to focus its planning efforts only on resource instances which match the given address and on any objects that those instances depend on.
Note: Use -target=ADDRESS in exceptional circumstances only, such as recovering from mistakes or working around Terraform limitations.

Question 58

terraform logout

Answer 58

terraform logout

Log out of Terraform Cloud, defaults to hostname app.terraform.io

Question 59

terraform workspace list

Answer 59

list out all workspaces

terraform workspace list

Question 60

terraform state rm aws_instance.myinstace

Answer 60

unmanage a resource, delete it from Terraform state file

terraform state rm aws_instance.myinstace

Question 61

terraform apply –parallelism=5

Answer 61

number of simultaneous resource operations

terraform apply –parallelism=5

Question 62

terraform init -reconfigure

Answer 62

terraform init -reconfigure

When backend changes, run this to migrate to new settings, like move to S3 remote,

Question 63

terraform plan -out plan.out

Answer 63

output the deployment plan to plan.out

terraform plan -out plan.out

Question 64

terraform init -get=false

Answer 64

terraform init -get=false

modules that are already downloaded will NOT be checked for updates

Question 65

terraform version

Answer 65

display Terraform binary version, also warns if version is old

terraform version

Question 66

Terraform plan

Answer 66

Terraform plan

Read current state of the managed environment - refresh
Compare to the current state file
Propose a set of changes to make remote match configurations
Validate