Terraform CLI Cheat Sheet

-reconfigure is used in order to tell terraform to not copy the Apply only one module
About Terraform CLI existing state to the new remote state location.
$ terraform apply -target=module.s3
Terraform, a tool created by Hashicorp in 2014, written in Go, aims Get
to build, change and version control your infrastructure. This tool This -target option works with terraform plan too.
have a powerfull and very intuitive Command Line Interface. This command is useful when you have de ned some modules.
Modules are vendored so when you edit them, you need to get Destroy
Installation again modules content.
$ terraform destroy
$ terraform get -update=true
Install through curl Delete all the resources!
When you use modules, the rst thing you’ll have to do is to do a
$ curl -O https://releases.hashicorp.com/terraform/ terraform get. This pulls modules into the .terraform directory. A deletion plan can be created before:
0.11.10/terraform_0.11.10_linux_amd64.zip Once you do that, unless you do another terraform get -
$ sudo unzip terraform_0.11.10_linux_amd64.zip update=true, you’ve essentially vendored those modules. $ terraform plan –destroy
-d /usr/local/bin/
$ rm terraform_0.11.10_linux_amd64.zip -target option allow to destroy only one resource, for example a
Plan
S3 bucket :
OR install through tfenv: a Terraform version manager
The plan step check con guration to execute and write a plan to $ terraform destroy -target aws_s3_bucket.my_bucket
apply to target infrastructure provider.
First of all, download the tfenv binary and put it in your PATH.
$ terraform plan -out plan.out Debug
$ git clone https://github.com/Zordrak/tfenv.git
~/.tfenv The Terraform console command is useful for testing
$ echo 'export PATH="$HOME/.tfenv/bin:$PATH"' It’s an important feature of Terraform that allows a user to see
which actions Terraform will perform prior to making any changes, interpolations before using them in con gurations. Terraform
>> $HOME/bashrc console will read con gured state even if it is remote.
increasing con dence that a change will have the desired effect
Then, you can install desired version of terraform: once applied. $ echo "aws_iam_user.notif.arn" | terraform console
arn:aws:iam::123456789:user/notif
$ tfenv install 0.11.10 When you execute terraform plan command, terraform will scan
all *.tf les in your directory and create the plan.
Graph
Usage
Apply
$ terraform graph | dot –Tpng > graph.png
Show version
Now you have the desired state so you can execute the plan.
Visual dependency graph of terraform resources.
$ terraform --version
$ terraform apply plan.out
Terraform v0.11.10 Validate
Good to know: Since terraform v0.11+, in an interactive mode (non
Init Terraform CI/CD/autonomous pipeline), you can just execute terraform Validate command is used to validate/check the syntax of the
apply command which will print out which actions TF will Terraform les. A syntax check is done on all the terraform les in
$ terraform init
perform. the directory, and will display an error if any of the les doesn’t
validate. The syntax check does not cover every syntax common
It’s the rst command you need to execute. Unless, terraform By generating the plan and applying it in the same command, issues.
plan, apply, destroy and import will not work. The command Terraform can guarantee that the execution plan won’t change,
terraform init will install : $ terraform validate
without needing to write it to disk. This reduces the risk of
terraform modules potentially-sensitive data being left behind, or accidentally
Providers
checked into version control.
eventually a backend You can use a lot of providers/plugins in your terraform de nition
$ terraform apply
resources, so it can be useful to have a tree of providers used by
and provider(s) plugins modules in your project.
Apply and auto approve
Init Terraform and don’t ask any input $ terraform providers
$ terraform apply -auto-approve .
$ terraform init -input=false ├── provider.aws ~> 1.24.0
Apply and de ne new variables value ├── module.my_module
Change backend con guration during the init │ ├── provider.aws (inherited)
$ terraform apply -auto-approve │ ├── provider.null
$ terraform init -backend-config=cfg/s3.dev.tf - -var tags-repository_url=${GIT_URL} │ └── provider.template
reconfigure └── module.elastic
└── provider.aws (inherited)
State $ terraform workspace show
dev
If you have an existing AWS account for examples with existing
components like S3 buckets, SNS, VPC … You can use
Pull remote state in a local copy terraforming tool, a tool written in Ruby, which extract existing
Tools AWS resources and convert it to Terraform les!
$ terraform state pull > terraform.tfstate
jq Installation
Push state in remote backend storage
jq is a lightweight command-line JSON processor. Combined with $ sudo apt install ruby or $ sudo yum install ruby
$ terraform state push terraform output it can be powerful.
and
This command is usefull if for example you riginally use a local tf Installation
state and then you de ne a backend storage, in S3 or Consul… $ gem install terraforming
For Linux:
How to tell to Terraform you moved a ressource in a Usage
module? $ sudo apt-get install jq
Pre-requisites :
If you moved an existing resource in a module, you need to update or
the state: Like for Terraform, you need to set AWS credentials
$ yum install jq
$ terraform state mv aws_iam_role.role1 module.mymodul $ export AWS_ACCESS_KEY_ID="an_aws_access_key"
For OS X: $ export AWS_SECRET_ACCESS_KEY="a_aws_secret_key"
How to import existing resource in Terraform? $ export AWS_DEFAULT_REGION="eu-central-1"
$ brew install jq
If you have an existing resource in your infrastructure provider, You can also specify credential pro le in ~/.aws/credentials_s and
you can import it in your Terraform state: Usage with _–pro le option.

$ terraform import aws_iam_policy.elastic_post $ cat ~/.aws/credentials

For example, we de nd outputs in a module and when we execute [aurelie]
arn:aws:iam::123456789:policy/elastic_post
terraform apply outputs are displayed: aws_access_key_id = xxx
aws_secret_access_key = xxx
Workspaces $ terraform apply aws_default_region = eu-central-1
...
To manage multiple distinct sets of infrastructure Apply complete! Resources: 0 added, 0 changed, $ terraforming s3 --profile aurelie
resources/environments. 0 destroyed.
Usage
Instead of create a directory for each environment to manage, we Outputs:
need to just create needed workspace and use them: $ terraforming --help
elastic_endpoint = vpc-toto-12fgfd4d5f4ds5fngetwe4. Commands:
Create workspace eu-central-1.es.amazonaws.com terraforming alb # ALB
...
This command create a new workspace and then select it We can extract the value that we want in order to use it in a script terraforming vgw # VPN Gateway
for example. With jq it’s easy: terraforming vpc # VPC
$ terraform workspace new dev
$ terraform output -json Example:
{
Select a workspace "elastic_endpoint": { $ terraforming s3 > aws_s3.tf
"sensitive": false,
$ terraform workspace select dev "type": "string", Remarks: As you can see, terraforming can’t extract for the
"value": "vpc-toto-12fgfd4d5f4ds5fngetwe4. moment API gateway resources so you need to write it manually.
List workspaces eu-central-1.es.amazonaws.com"
} Authors :
$ terraform workspace list }
default
@aurelievache
* dev $ terraform output -json | jq '.elastic_endpoint.value Cloud Dev(Ops) at Continental
prelive "vpc-toto-12fgfd4d5f4ds5fngetwe4.eu-central-1.
es.amazonaws.com" v1.0.2
Show current workspace
Terraforming