CLI Basics

Sign Up to Build

About this Architecture

Here is some information about this architecture.

How to Build This Solution

Here are the steps you can follow to build this solution on your own.

The Terraform CLI is used to manage a Terraform project. You have to install the CLI on the computer(s) you’re working on. When you install the CLI, you have access to the terraform command. There are many subcommands that you’ll use to manage your project, which we’ll introduce here.

Terraform projects have a natural workflow that you control. The workflow looks like this (assuming you have the Terraform CLI already installed):

  1. Create a working directory on your computer

  2. Write text based configuration files that end in .tf

  3. Initialize the project by running terraform init in the root working directory

  4. Run terraform plan to review the changes to be deployed

  5. Run terraform apply to deploy changes to the provider (such as AWS)

  6. Repeat steps 4 & 5 for any additional changes you want to make

  7. Run terraform destroy to delete the resources

As you can see, the Terraform CLI is a key player in this workflow. Let’s go through the whole flow now.

Create a Working Directory

Use whatever method you prefer to create a working directory on your computer. Open that working directory with your terminal or command prompt.

We will refer to all terminal and command prompts as just “terminal”. A nod to the Windows folks for understanding!

Write Infrastructure Code

The workflow starts out by writing infrastructure code configuration files. In the working directory you created, create a file in it, and start defining resources.

Be sure to change the bucket = ““ name to something unique.

terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 3.42"
  required_version = ">= 0.15.3"

provider "aws" {
  profile = "skillmix-lab"
  region  = "us-west-2"

resource "aws_s3_bucket_acl" "my_bucket_acl" {
  bucket =
  acl    = "private"

resource "aws_s3_bucket" "my_bucket" {
  bucket = "_create_a_unique_name_here"

Terraform Init

This command should be run every time a new provider is introduced in the configuration. By running this command, Terraform identifies the providers required by the configuration along with their versions and downloads the appropriate plugin from the repository.

These plugins are downloaded in a directory .terraform created by Terraform in the same root directory.

$ terraform init

Note: Remember to specify .terraform directory into .gitignore file to avoid unnecessary transportation of modules.

There is no harm in re-initializing the repository every time. By doing this it makes sure all the required plugins are downloaded and available for use. It does not start a new download for the same.

Terraform Plan

Once the written configuration is ready (in case of an update or create) to be deployed - and the root directory initialized, the next action is to run the terraform plan command.

Running terraform plan into the root directory of Terraform project evaluates and validates the configuration provided in configuration files. It makes sure the correct syntax is used, appropriate plugins are installed, the state is not corrupted, checks the actual deployment and finds differences, lists out dependencies, etc.

Navigate to the root directory and run the below command. If successful, it would lay down the plan listing all the target resources which will be created or updated. In the end, it would beautifully tell us how many resources are planned for creation, modification, and deletion.

$ terraform plan

Terraform plan is an important step before application of configuration as it thoroughly validates the proposed configuration changes and also prepares a plan and presents us with a view of what activities would be carried during application. Terraform plan itself does not carry any modification of infrastructure resources.

Terraform Apply

Once the configuration is validated successfully using terraform plan, it is time to put that plan into action. This is done by running the below command:

$ terraform apply

Terraform works on the given configuration to implement it on the cloud provider. Terraform internally uses the access credentials set up for the cloud providers to consume their APIs for the creation, modification, and destruction of the resources.

Note: Having successfully run the plan command, doesn't mean there won't be any errors during the apply phase.

If the configuration is being applied for the first time, then a state file is created in the same directory which has details about the current state of all deployed resources.

In case of an update, the same state file is updated and a backup file is created which stores the previous state.

Terraform Destroy

There are 2 ways to destroy the cloud resources that are created by Terraform. If we want to delete specific cloud components, we can simply remove the code from Terraform script and “apply” the configuration again.

Terraform detects the changes to the configuration and identifies the resources to be deleted by comparing them to state files.

In case, if we want to delete all the resources created by a particular terraform configuration, we use terraform destroy.

Terraform destroy reads the state file to understand which resources currently exist and deletes the same. All you need to do is navigate to the root directory and run:

$ terraform destroy

These are basic resource lifecycle management CLI commands and are the most important to understand when working with Terraform.