Terraform
CLI
Cheat
Sheet
Change
backend
con guration
during
the
init                                    
About
Terraform
CLI
                                                                           $
terraform
init
backendconfig=cfg/s3.dev.tf
                              Apply
and
de ne
new
variables
value
Terraform,
 a
 tool
 created
 by
 Hashicorp
 in
 2014,
 written
 in
 Go,   reconfigure
aims
to
build,
change
and
version
control
your
infrastructure.
This                                                                                      $
terraform
apply
autoapprove
tool
have
a
powerfull
and
very
intuitive
Command
Line
Interface.           reconfigure
is
used
in
order
to
tell
terraform
to
not
copy
the               var
tagsrepository_url=${GIT_URL}
                                                                           existing
state
to
the
new
remote
state
location.
Installation                                                               Get
                                                                                                                                                         Apply
only
one
module
Install
through
curl                                                                                                                                     $
terraform
apply
target=module.s3
                                                                           This
 command
 is
 useful
 when
 you
 have
 de ned
 some
 modules.
                                                                           Modules
 are
 vendored
 so
 when
 you
 edit
 them,
 you
 need
 to
 get        This
-target
option
works
with
terraform
plan
too.
$
curl
O
https://releases.hashicorp.com/terraform/
1.4.6/terraform_1.4.6_darwin_amd64.zip
                                   again
modules
content.
$
sudo
terraform_1.4.6_darwin_amd64.zip
                                                                                                                 Destroy
                                                                           $
terraform
get
update=true
d
/usr/local/bin/
$
rm
terraform_1.4.6_darwin_amd64.zip                                                                                                                    $
terraform
destroy
                                                                           When
you
use
modules,
the
 rst
thing
you’ll
have
to
do
is
to
do
a
                                                                           terraform
 get.
 This
 pulls
 modules
 into
 the
 .terraform
 directory.      Delete
all
the
resources!
OR
install
through
tfenv:
a
Terraform
version
manager                      Once
 you
 do
 that,
 unless
 you
 do
 another
 terraform
 get
 
                                                                           update=true,
you’ve
essentially
vendored
those
modules.                       A
deletion
plan
can
be
created
before:
First
of
all,
download
the
tfenv
binary
and
put
it
in
your
PATH.
$
git
clone
https://github.com/tfutils/tfenv.git
                          Plan                                                                          $
terraform
plan
–destroy
depth=1
~/.tfenv
$
echo
'export
PATH="$HOME/.tfenv/bin:$PATH"'
                             The
plan
step
check
con guration
to
execute
and
write
a
plan
to               target
option
allow
to
destroy
only
one
resource,
for
example
>>
~/.bash_profile                                                        apply
to
target
infrastructure
provider.                                      a
S3
bucket
:
Then,
you
can
install
and
use
desired
version
of
terraform:                $
terraform
plan
out
plan.out                                                $
terraform
destroy
target
aws_s3_bucket.my_bucket
$
tfenv
install
1.4.6
                                                     It’s
 an
 important
 feature
 of
 Terraform
 that
 allows
 a
 user
 to
 see   Debug
$
tfenv
use
1.4.6                                                          which
 actions
 Terraform
 will
 perform
 prior
 to
 making
 any
                                                                           changes,
 increasing
 con dence
 that
 a
 change
 will
 have
 the             The
 Terraform
 console
 command
 is
 useful
 for
 testing
Usage                                                                      desired
effect
once
applied.                                                  interpolations
 before
 using
 them
 in
 con gurations.
 Terraform
                                                                                                                                                         console
will
read
con gured
state
even
if
it
is
remote.
                                                                           When
 you
 execute
 terraform
 plan
 command,
 terraform
 will
 scan
Show
version                                                                                                                                             $
echo
"aws_iam_user.notif.arn"
|
terraform
console
                                                                           all
*.tf
 les
in
your
directory
and
create
the
plan.
                                                                                                                                                         arn:aws:iam::123456789:user/notif
$
terraform
v
Terraform
v1.4.6                                                          Apply
                                                                                                                                                         Logs
level
Init
Terraform                                                             Now
you
have
the
desired
state
so
you
can
execute
the
plan.
                                                                                                                                                         Set
the
log
to
DEBUG
level
and
save
the
log
in
an
output
external
                                                                           $
terraform
apply
plan.out                                                     le.
$
terraform
init
                                                                           Good
 to
 know:
 Since
 terraform
 v0.11+,
 in
 an
 interactive
 mode         $
TF_LOG_PATH=mylogfile.txt
TF_LOG=debug
It’s
 the
 rst
 command
 you
 need
 to
 execute.
 Unless,
 terraform                                                                                     
terraform
apply
                                                                           (non
 CI/CD/autonomous
 pipeline),
 you
 can
 just
 execute
plan,
 apply,
 destroy
 and
 import
 will
 not
 work.
 The
 command
                                                                           terraform
apply
command
which
will
print
out
which
actions
terraform
init
will
install
:                                                                                                                            Graph
                                                                           TF
will
perform.
     terraform
modules
                                                                           By
 generating
 the
 plan
 and
 applying
 it
 in
 the
 same
 command,         $
terraform
graph
|
dot
–Tpng
>
graph.png
     eventually
a
backend                                                  Terraform
 can
 guarantee
 that
 the
 execution
 plan
 won’t
 change,
                                                                           without
 needing
 to
 write
 it
 to
 disk.
 This
 reduces
 the
 risk
 of      Visual
dependency
graph
of
terraform
resources.
     and
provider(s)
plugins                                               potentially-sensitive
 data
 being
 left
 behind,
 or
 accidentally
                                                                           checked
into
version
control.                                                 Validate
Init
Terraform
and
don’t
ask
any
input
                                                                           $
terraform
apply                                                             Validate
 command
 is
 used
 to
 validate/check
 the
 syntax
 of
 the
$
terraform
init
input=false                                                                                                                            Terraform
 les.
A
syntax
check
is
done
on
all
the
terraform
 les
in
                                                                           Apply
and
auto
approve                                                        the
 directory,
 and
 will
 display
 an
 error
 if
 any
 of
 the
 les
 doesn’t
                                                                                                                                                         validate.
The
syntax
check
does
not
cover
every
syntax
common
                                                                           $
terraform
apply
autoapprove                                               issues.
 
$
terraform
validate                                                         $
terraform
import
aws_iam_policy.elastic_post
                       Usage
                                                                             arn:aws:iam::123456789:policy/elastic_post
Providers                                                                                                                                          For
example,
we
de nd
outputs
in
a
module
and
when
we
execute
                                                                             Workspaces                                                            terraform
apply
outputs
are
displayed:
You
can
use
a
lot
of
providers/plugins
in
your
terraform
de nition
resources,
so
it
can
be
useful
to
have
a
tree
of
providers
used
by           To
 manage
 multiple
      distinct
   sets
   of
   infrastructure   $
terraform
apply
modules
in
your
project.                                                     resources/environments.                                               ...
                                                                                                                                                   Apply
complete!
Resources:
0
added,
0
changed,
$
terraform
providers
                                                       Instead
of
create
a
directory
for
each
environment
to
manage,
we      
0
destroyed.
.
                                                                           need
to
just
create
needed
workspace
and
use
them:                    
├──
provider.aws
~>
1.24.0
                                                                                                                        Outputs:
├──
module.my_module
                                                                                                                              
                                                                             Create
workspace
│
├──
provider.aws
(inherited)
                                                                                                                  elastic_endpoint
=
vpctoto12fgfd4d5f4ds5fngetwe4.
│
├──
provider.null
                                                                                                                             eucentral1.es.amazonaws.com
│
└──
provider.template
                                                   This
command
create
a
new
workspace
and
then
select
it
└──
module.elastic
                                                                             $
terraform
workspace
new
dev                                         We
can
extract
the
value
that
we
want
in
order
to
use
it
in
a
script
└──
provider.aws
(inherited)                                                                                                                   for
example.
With
jq
it’s
easy:
                                                                             Select
a
workspace
State                                                                                                                                              $
terraform
output
json
                                                                                                                                                   {
                                                                             $
terraform
workspace
select
dev                                      
"elastic_endpoint":
{
Show
and
output
the
state
(human
readable
way)                                                                                                     
"sensitive":
false,
                                                                             List
workspaces                                                       
"type":
"string",
$
terraform
show                                                                                                                                   
"value":
"vpctoto12fgfd4d5f4ds5fngetwe4.
                                                                             $
terraform
workspace
list
                                           
eucentral1.es.amazonaws.com"
Refresh                                                                      
default
                                                            
}
                                                                             *
dev
                                                                }
Compare
 the
 current
 real
 remote
 information
 and
 put
 it
 in
 the      
prod                                                                
state.                                                                                                                                             $
terraform
output
json
|
jq
'.elastic_endpoint.val
                                                                             Show
current
workspace                                                "vpctoto12fgfd4d5f4ds5fngetwe4.eucentral1.
$
terraform
refresh                                                                                                                                es.amazonaws.com"
                                                                             $
terraform
workspace
show
Pull
remote
state
in
a
local
copy                                            dev                                                                   gcloud
bulk-export
in
terraform
format
$
terraform
state
pull
>
terraform.tfstate
                                                                             Tools                                                                 Export
natively
Google
Cloud
resources
in
Terraform
Push
state
in
remote
backend
storage                                                                                                               Usage
                                                                             jq
$
terraform
state
push
                                                                             jq
is
a
lightweight
command-line
JSON
processor.
Combined
with        $
 gcloud
 beta
 resourceconfig
 bulkexport
 
This
command
is
usefull
if
for
example
you
riginally
use
a
local
tf          terraform
output
it
can
be
powerful.                                  resourceformat=terraform
state
and
then
you
de ne
a
backend
storage,
in
S3
or
Consul…
                                                                             Installation                                                          Resources
types
supported:
How
 to
 tell
 to
 Terraform
 you
 moved
 a
 ressource
 in
 a
                                                                                                                                                   $
gcloud
beta
resourceconfig
listresources
module?                                                                      For
Linux:
                                                                             $
sudo
aptget
install
jq                                             Authors
:
If
 you
 moved
 an
 existing
 resource
 in
 a
 module,
 you
 need
 to
update
the
state:
                                                                             or                                                                             @aurelievache
$
terraform
state
mv
aws_iam_role.role1
module.mymodul                                                                                                      DevRel
at
OVHcloud
                                                                             $
yum
install
jq
                                                                                                                                                   v1.0.4
How
to
import
existing
resource
in
Terraform?
                                                                             For
OS
X:
If
 you
 have
 an
 existing
 resource
 in
 your
 infrastructure
 provider,
you
can
import
it
in
your
Terraform
state:                                   $
brew
install
jq