🧾 Terraform Cheat Sheet: The Ultimate Reference for Infrastructure as Code (2025)
Learn and master Terraform with this complete cheat sheet — from basics to advanced automation.
🚀 What is Terraform?
Terraform by HashiCorp is a declarative Infrastructure as Code (IaC) tool that allows you to provision, manage, and destroy infrastructure using human-readable configuration files.
In short: you write
.tfcode to define your cloud infrastructure, and Terraform makes it real — across AWS, Azure, GCP, and more.
📁 Typical Terraform Project Structure
my-project/
├── main.tf # Core infrastructure code
├── variables.tf # Variable declarations
├── outputs.tf # Outputs (e.g., public IPs)
├── terraform.tfvars # Actual variable values
├── backend.tf # Remote backend config (S3, Terraform Cloud)
⚙️ Common Terraform Commands
| Command | Description |
|---|---|
terraform init | Initializes working directory (downloads provider plugins) |
terraform plan | Previews what Terraform will change |
terraform apply | Applies changes to reach desired state |
terraform destroy | Deletes all resources created |
terraform validate | Checks for syntax correctness |
terraform fmt | Auto-formats .tf files |
terraform output | Displays output values |
terraform show | Shows current state |
terraform taint <resource> | Marks resource for recreation on next apply |
terraform state list | Lists all managed resources |
📘 Terraform Configuration Syntax (HCL)
🔹 1. Providers
provider "aws" {
region = var.region
}
🔹 2. Resources
resource "aws_instance" "web" {
ami = var.ami_id
instance_type = "t2.micro"
}
🔹 3. Variables
variable "region" {
description = "AWS Region"
type = string
default = "us-east-1"
}
Use in code:
region = var.region
🔹 4. Outputs
output "instance_ip" {
value = aws_instance.web.public_ip
}
🔹 5. Locals
locals {
name_tag = "web-${var.environment}"
}
📦 Remote Backends (S3 Example)
terraform {
backend "s3" {
bucket = "my-tf-state"
key = "env/dev/terraform.tfstate"
region = "us-east-1"
dynamodb_table = "tf-locks"
}
}
📦 Modules (Reusable Blocks)
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
name = "my-vpc"
cidr_block = "10.0.0.0/16"
}
🔐 Security Best Practices
| Task | Tool |
|---|---|
| Lint & secure configs | TFLint, Checkov, TFSec |
| Secrets management | Avoid hardcoding – use Vault, SOPS, environment variables |
| Policy enforcement | OPA, Sentinel (in Terraform Cloud) |
🧪 Testing Terraform
| Tool | Description |
|---|---|
terraform validate | Syntax checks |
TFLint | Linting and best practices |
Checkov | Static security scanning |
Terratest | Integration testing using Go |
🔄 Useful Patterns & Snippets
🔸 Conditional Logic
resource "aws_instance" "web" {
count = var.create_instance ? 1 : 0
}
🔸 Dynamic Blocks
resource "aws_security_group" "example" {
dynamic "ingress" {
for_each = var.ingress_rules
content {
from_port = ingress.value.from_port
to_port = ingress.value.to_port
protocol = ingress.value.protocol
cidr_blocks = ingress.value.cidr_blocks
}
}
}
🔸 Workspaces
terraform workspace list
terraform workspace new staging
terraform workspace select staging
🧠 Best Practices
✅ Use terraform plan before every apply
✅ Format code using terraform fmt
✅ Commit .tf files, NOT .tfstate
✅ Store state in a remote backend with locking
✅ Use modules to avoid repetition
✅ Protect secrets (NEVER hardcode passwords in .tf files)
📚 Recommended Resources
| Resource | Link |
|---|---|
| Official Docs | https://developer.hashicorp.com/terraform |
| Terraform Registry | https://registry.terraform.io |
| DevOpsSchool Terraform Tutorials | https://www.devopsschool.com/blog/category/terraform |
| Hands-on Labs | https://learn.hashicorp.com |
🏁 Final Thoughts
Terraform isn’t just an IaC tool — it’s an ecosystem.
Learning to use it well will let you:
- Automate cloud provisioning
- Create reproducible environments
- Build infrastructure pipelines
- Work in real enterprise cloud projects
Treat infrastructure like code, version it, review it, test it — that’s Terraform magic.
Leave a Reply