Terraform is an open-source Infrastructure as Code (IaC) tool created by HashiCorp that lets you define, provision, and manage cloud and on-premises infrastructure using a declarative configuration language called HCL (HashiCorp Configuration Language).
Terraform allows engineers to describe their desired infrastructure state in plain text configuration files, then automatically creates or modifies real resources to match that state. It supports hundreds of providers including AWS, Azure, Google Cloud, Kubernetes, and more. Rather than clicking through cloud consoles, you write code that becomes the single source of truth for your infrastructure.
Infrastructure as Code brings software engineering practices — version control, code review, and automation — to infrastructure management. Teams can reproduce environments consistently, avoid configuration drift, and roll back changes using Git history. This dramatically reduces human error and speeds up provisioning from hours to minutes.
Terraform operates in a three-step workflow: Write (author .tf config files), Plan (run 'terraform plan' to preview changes), and Apply (run 'terraform apply' to execute them). It maintains a state file (terraform.tfstate) that tracks the real-world resources it manages, allowing it to calculate the diff between current and desired state. The underlying engine builds a dependency graph to determine the correct order of resource creation.
Providers are plugins that translate Terraform configurations into API calls for specific platforms like AWS or GitHub. Modules are reusable, composable packages of Terraform configurations that encapsulate common infrastructure patterns. Using the Terraform Registry, teams can share and consume community-built modules to avoid reinventing the wheel.
By default Terraform stores state locally, which is dangerous for team environments — two engineers applying changes simultaneously can corrupt state or cause conflicts. Always use a remote backend such as AWS S3 with DynamoDB locking, Terraform Cloud, or Azure Blob Storage for any production or team workflow. Treat the state file as sensitive, as it can contain secrets and resource metadata in plain text.
Never run 'terraform apply' without first reviewing the output of 'terraform plan', especially in production. Use the '-out' flag to save the plan and pass it directly to apply, ensuring exactly what was reviewed is what gets executed. Integrating plan and apply steps into a CI/CD pipeline adds an approval gate that prevents accidental infrastructure destruction.
© RM Full Stack & AI Engineer · All guides · Roadmaps · Open the app