Cheatsheets - Terraform

Terraform Blocks

Hierarchy:

terraform => provider => resource
                      => data

• Resource: Generate; e.g. generate a local file resource "local_file" "foo" {}
• Data Source: Read; e.g. read a local file data "local_file" "foo" {} , then content can be referenced by data.local_file.foo.content

3 types of values:

• variable: input variable (like the arguments of a func)
• output: output variable (like the return value of a func)
• locals: local values (like temp / local vars in a func)

terraform

Top level configs, e.g. required_providers, required_version, etc.

terraform {
  required_providers {
    docker = {
      source  = "kreuzwerker/docker"
      version = "2.15.0"
    }
  }
}

providers

providers = terraform plugins; Each provider adds a set of resource types and/or data sources that Terraform can manage.

The Terraform Registry is the main directory of publicly available Terraform providers

official: hashicorp

• source address: registry.terraform.io/hashicorp/http
• default registry host: registry.terraform.io
• namespace: hashicorp
• type: http

required provider:

terraform {
  required_providers {
    google = {
      source  = "hashicorp/google"
      version = ">=x.y.0"
    }
  }
  ...
}

provider "google" {
  ...
}

hashicorp/google, its preferred local name is google

if you do not use the preferred local name, must use a meta-argument provider = <local name> to specify the provider in data and resource etc.

version:

• >= minimum version
• ~> only allowing the rightmost component of a version to increment

version = "~> 1.0.4" allow only patch releases within a specific minor release:

Built-in Providers do not need to be declared in required_providers

resource

Each resource block describes one or more infrastructure objects, such as virtual networks, compute instances, or higher-level components such as DNS records.

resource "aws_instance" "web" {
    ami = "ami-a1b2c3d4"
    instance_type = "t2.micro"
}

resource <type> <local_name> {}

Most arguments in this section depend on the resource type

Each resource type is implemented by a provider; By convention, resource type names start with their provider's preferred local name.

data

Data sources allow Terraform to use information defined outside of Terraform, defined by another separate Terraform configuration, or modified by functions. Read from data_source and export the result under local_name

data <data_source> <local_name> {

}

data "<type>" "<name>" {
  provider = <provider_local_name>
  #...
}

output

Output values make information about your infrastructure available on the command line, and can expose information for other Terraform configurations to use.

output value can be referenced by module.<MODULE NAME>.<OUTPUT NAME>, e.g. module.web_server.instance_ip_addr.

check

The check block can validate your infrastructure outside the usual resource lifecycle.

import blocks

available in >=1.5

module

A Module is a collection of .tf and/or .tf.json files kept together in a directory.

Providers

built-in

• hashicorp/local
• hashicorp/http
• hashicorp/tls
• hashicorp/random

public cloud

• hashicorp/aws
• hashicorp/google
• hashicorp/azurerm
• aliyun/alicloud
• oracle/oci

k8s / container / vm

• hashicorp/kubernetes
• kreuzwerker/docker
• vmware/nsxt (for NSX-T virtualization platform)

Commands

• terraform init: command initializes a working directory containing Terraform configuration files.

Provision

• terraform plan: determine the desired state, and compare to the current state
• terraform apply: carries out the planned changes to each resource
• terraform destroy

Others

• terraform output: extract the value of an output variable from the state file.
• sterraform state :perform basic modifications of the state using the CLI.