Terraform CLI commands

Question 1

State lock file

Answer 1

State lock file

.terraform.tfstate.lock.hcl
in directory terraform.tfstate.d

Question 2

terraform workspace select default

Answer 2

change to the selected workspace

terraform workspace select default

Question 3

terraform destroy –auto-approve

Answer 3

destroy/cleanup deployment without being prompted for “yes”

terraform destroy –auto-approve

Question 4

terraform apply -replace=aws_instance.web

Answer 4

terraform apply -replace=aws_instance.web

Marks the resource as tainted, forcing it to be destroyed and recreated in the next apply.
Only modifies the state file marking the resource as tainted.

Question 5

terraform init -lockfile=MODE

Answer 5

terraform init -lockfile=MODE

Set a dependency lockfile mode.

readonly: suppress the lockfile changes, but verify checksums against the information already recorded.
It conflicts with the -upgrade flag. If you update the lockfile with third-party dependency management tools, it would be useful to control when it changes explicitly.

Question 6

Dependency lock file

Answer 6

Dependency lock file

,terraform.lock.hcl

Question 7

terraform init -from-module=MODULE-SOURCE

Answer 7

terraform init -from-module=MODULE-SOURCE

init can be run against an empty directory with the -from-module=MODULE-SOURCE option, in which case the given module will be copied into the target directory before any other initialization steps are run.

Question 8

terraform state list

Answer 8

list out all the resources tracked via the current state file

terraform state list

Question 9

terraform plan -replace module.example.aws_instance.example

Answer 9

terraform plan -replace module.example.aws_instance.example

instructs Terraform to plan to replace the resource instance with the given address. This is helpful when one or more remote objects have become degraded, and you can use replacement objects with the same configuration to align with immutable infrastructure patterns.

Question 10

terraform validate -backend=false

Answer 10

validate local code but skip backend validation

terraform validate -backend=false

Question 11

terraform state show aws_instance.my_ec2

Answer 11

show details stored in Terraform state for the resource

terraform state show aws_instance.my_ec2

Question 12

terraform import aws_instance.new_ec2_instance i-abcd1234

Answer 12

terraform import aws_instance.new_ec2_instance i-abcd1234

#import EC2 instance with id i-abcd1234 into the Terraform resource state.
Have to add a blank resource "aws_instance.new_ec2_instance" first.

Question 13

terraform apply does what?

Answer 13

terraform apply does what?

Refresh, executes plan, validate and the apply.

Question 14

terraform apply -lock=true

Answer 14

lock the state file so it can’t be modified by any other Terraform apply or modification action(possible only where backend allows locking

terraform apply -lock=true

Question 15

terraform workspace new mynewworkspace

Answer 15

create a new workspace and select

terraform workspace new mynewworkspace

Question 16

terraform untaint aws_instance.my_ec2

Answer 16

Remove taint from a resource

terraform untaint aws_instance.my_ec2

Question 17

terraform apply -target=aws_instance.my_ec2

Answer 17

only apply/deploy changes to the targeted resource

terraform apply -target=aws_instance.my_ec2

Question 18

terraform state pull > terraform.tfstate

Answer 18

Pull current remote state and output to stdoutput

terraform state pull > terraform.tfstate

Question 19

terraform output instance_public_ip

Answer 19

terraform output instance_public_ip

list out a specific declared output

Question 20

terraform plan -destroy

Answer 20

terraform plan -destroy
#outputs a destroy plan

Question 21

terraform console

Answer 21

terraform console

This command provides an interactive command-line console for evaluating and experimenting with expressions.
Reads the configuration in the current working directory and locks the state file.

Question 22

terraform fmt

Answer 22

terraform fmt

rewrite Terraform configuration files to a HCL canonical format and style. This command applies a subset of the Terraform language style conventions, along with other minor adjustments for readability.

Question 23

terraform get -update=true

Answer 23

terraform get -update=true

Modules that are already downloaded will be checked for updates and the updates will be downloaded if present.

Question 24

terraform workspace delete example

Answer 24

This command will delete the specified workspace “example”

terraform workspace delete example

Question 25

terraform taint aws_instance.my_ec2

Answer 25

terraform taint aws_instance.my_ec2 #taints resource to be recreated on next apply

Question 26

echo "aws_instance.my_ec2.public_ip" | terraform console

Answer 26

echo "aws_instance.my_ec2.public_ip" | terraform console #display the Public IP against the “my_ec2” Terraform resource as seen in the Terraform state file

Question 27

terraform state mv aws_iam_role.my_ssm_role module.custom_module

Answer 27

terraform state mv aws_iam_role.my_ssm_role module.custom_module * rename existing resources * move a resource into a module * move a module into a module

Question 28

terraform fmt -diff

Answer 28

terraform fmt -diff Used to see the differences?

Question 29

terraform output -json

Answer 29

terraform output -json #list all outputs in JSON format

Question 30

terraform -install-autocomplete

Answer 30

terraform -install-autocomplete ``` #Setup tab auto-completion, requires logging back in If you use either bash or zsh as your command shell, Terraform can provide tab-completion support for all command names and (at this time) some command arguments. ```

Question 31

terraform apply plan.out

Answer 31

terraform apply plan.out #use the plan.out plan file to deploy infrastructure

Question 32

terraform apply --auto-approve

Answer 32

terraform apply --auto-approve #apply changes without being prompted to enter “yes”

Question 33

terraform force-unlock LOCK_ID

Answer 33

terraform force-unlock LOCK_ID #forcefully unlock a locked state file, LOCK_ID provided when locking the State file beforehand

Question 34

terraform init -from-module=MODULE-SOURCE

Answer 34

terraform init -from-module=MODULE-SOURCE the given module will be copied into the target directory before any other initialization steps are run. Given a version control source, it can serve as a shorthand for checking out a configuration from version control and then initializing the working directory for it. If the source refers to an example configuration, it can be copied into a local directory to be used as a basis for a new configuration.

Question 35

terraform apply -refresh-only flag

Answer 35

terraform apply -refresh-only flag When an approved manual configuration of a resource has changed or removed We use the––refresh--only flag to reflect the changes in our state file

Question 36

terraform login

Answer 36

terraform login #obtain and save API token for Terraform cloud

Question 37

echo 'join(",",["foo","bar"])' | terraform console

Answer 37

echo 'join(",",["foo","bar"])' | terraform console #echo an expression into terraform console and see its expected result as output

Question 38

terraform providers

Answer 38

terraform providers #get information about providers used in current configuration

Question 39

terraform validate

Answer 39

terraform validate ``` #validate code for syntax. Validate runs checks that verify whether a configuration is syntactically valid and internally consistent, regardless of any provided variables or existing state. Directory must be initialized or will error. ```

Question 40

terraform plan -detailed-exitcode

Answer 40

terraform plan -detailed-exitcode Return a detailed exit code when the command exits. When provided, this argument changes the exit codes and their meanings to provide more granular information about what the resulting plan contains:

Question 41

terraform import 'aws_instance.new_ec2_instance[0]' i-abcd1234

Answer 41

terraform import 'aws_instance.new_ec2_instance[0]' i-abcd1234 imports a real-world resource into state. Have to add a blank resource "aws_instance" "new_ec2_instance" first.

Question 42

terraform init

Answer 42

terraform init • Downloading plugin dependencies e.g. Providers and Modules to .terraform\provifers\registry.terraform.io • Create a .terraform directory • Create a dependency lock file to enforce expected versions for plugins and terraform itself - Caches source code locally

Question 43

terraform graph | dot -Tpng > graph.png

Answer 43

terraform graph | dot -Tpng > graph.png #produce a PNG diagrams showing relationship and dependencies between Terraform resource in your configuration/code

Question 44

terraform state pull

Answer 44

terraform state pull This command will download the state from its current location, upgrade the local copy to the latest state file version that is compatible with locally-installed Terraform, and output the raw format to stdout. This is useful for reading values out of state (potentially pairing this command with something like jq). It is also useful if you need to make manual modifications to state.

Question 45

terraform apply refresh=false

Answer 45

terraform apply refresh=false do not reconcile state file with real-world resources(helpful with large complex deployments for saving deployment time)

Question 46

terraform fmt -list=false

Answer 46

terraform fmt -list=false Don’t want to see the list of file changes.

Question 47

terraform state replace-provider hashicorp/aws registry.custom.com/aws

Answer 47

terraform state replace-provider hashicorp/aws registry.custom.com/aws #replace an existing provider with another

Question 48

terraform fmt -recursive

Answer 48

terraform fmt -recursive Run format in subdirectories as well.

Question 49

terraform init -get-plugins=false

Answer 49

terraform init -get-plugins=false #initialize directory, do not download plugins

Question 50

terraform workspace show

Answer 50

terraform workspace show Output the current workspace

Question 51

terraform apply -var my_region_variable=us-east-1

Answer 51

terraform apply -var my_region_variable=us-east-1 #pass a variable via command-line while applying a configuration

Question 52

terraform state push


Answer 52

``` terraform state push
 # The terraform state push command is used to manually upload a local state file to remote state. This command also works with local state. ```

Question 53

terraform init -verify-plugins=false

Answer 53

terraform init -verify-plugins=false #initialize directory, do not verify plugins for Hashicorp signature

Question 54

terraform output

Answer 54

terraform output Used to extract the value of an output variable from the state file.

Question 55

terraform state rm 'packet_device.worker'


Answer 55

terraform state rm 'packet_device.worker'
 #The terraform state rm command is used to remove items from the Terraform state. This command can remove single resources, single instances of a resource, entire modules, and more.

Question 56

terraform get

Answer 56

terraform get Used to download and update modules mentioned in the root module. The modules are downloaded into a .terraform subdirectory of the current working directory. Don't commit this directory to your version control repository.

Question 57

terraform plan -target=ADDRESS

Answer 57

terraform plan -target=ADDRESS Instructs Terraform to focus its planning efforts only on resource instances which match the given address and on any objects that those instances depend on. Note: Use -target=ADDRESS in exceptional circumstances only, such as recovering from mistakes or working around Terraform limitations.

Question 58

terraform logout

Answer 58

terraform logout Log out of Terraform Cloud, defaults to hostname app.terraform.io

Question 59

terraform workspace list

Answer 59

terraform workspace list #list out all workspaces

Question 60

terraform state rm aws_instance.myinstace

Answer 60

terraform state rm aws_instance.myinstace #unmanage a resource, delete it from Terraform state file

Question 61

terraform apply --parallelism=5

Answer 61

terraform apply --parallelism=5 #number of simultaneous resource operations

Question 62

terraform init -reconfigure

Answer 62

terraform init -reconfigure When backend changes, run this to migrate to new settings, like move to S3 remote,

Question 63

terraform plan -out plan.out

Answer 63

terraform plan -out plan.out #output the deployment plan to plan.out

Question 64

terraform init -get=false

Answer 64

terraform init -get=false modules that are already downloaded will NOT be checked for updates

Question 65

terraform version

Answer 65

terraform version #display Terraform binary version, also warns if version is old

Question 66

Terraform plan

Answer 66

Terraform plan Read current state of the managed environment - refresh Compare to the current state file Propose a set of changes to make remote match configurations Validate