π§Ύ Terraform Cheat Sheet: The Ultimate Reference for Infrastructure as Code (2025)
Learn and master Terraform with this complete cheat sheet β from basics to advanced automation.
π What is Terraform?
Terraform by HashiCorp is a declarative Infrastructure as Code (IaC) tool that allows you to provision, manage, and destroy infrastructure using human-readable configuration files.
In short: you write
.tfcode to define your cloud infrastructure, and Terraform makes it real β across AWS, Azure, GCP, and more.
π Typical Terraform Project Structure
my-project/
βββ main.tf # Core infrastructure code
βββ variables.tf # Variable declarations
βββ outputs.tf # Outputs (e.g., public IPs)
βββ terraform.tfvars # Actual variable values
βββ backend.tf # Remote backend config (S3, Terraform Cloud)
βοΈ Common Terraform Commands
| Command | Description |
|---|---|
terraform init | Initializes working directory (downloads provider plugins) |
terraform plan | Previews what Terraform will change |
terraform apply | Applies changes to reach desired state |
terraform destroy | Deletes all resources created |
terraform validate | Checks for syntax correctness |
terraform fmt | Auto-formats .tf files |
terraform output | Displays output values |
terraform show | Shows current state |
terraform taint <resource> | Marks resource for recreation on next apply |
terraform state list | Lists all managed resources |
π Terraform Configuration Syntax (HCL)
πΉ 1. Providers
provider "aws" {
region = var.region
}
πΉ 2. Resources
resource "aws_instance" "web" {
ami = var.ami_id
instance_type = "t2.micro"
}
πΉ 3. Variables
variable "region" {
description = "AWS Region"
type = string
default = "us-east-1"
}
Use in code:
region = var.region
πΉ 4. Outputs
output "instance_ip" {
value = aws_instance.web.public_ip
}
πΉ 5. Locals
locals {
name_tag = "web-${var.environment}"
}
π¦ Remote Backends (S3 Example)
terraform {
backend "s3" {
bucket = "my-tf-state"
key = "env/dev/terraform.tfstate"
region = "us-east-1"
dynamodb_table = "tf-locks"
}
}
π¦ Modules (Reusable Blocks)
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
name = "my-vpc"
cidr_block = "10.0.0.0/16"
}
π Security Best Practices
| Task | Tool |
|---|---|
| Lint & secure configs | TFLint, Checkov, TFSec |
| Secrets management | Avoid hardcoding β use Vault, SOPS, environment variables |
| Policy enforcement | OPA, Sentinel (in Terraform Cloud) |
π§ͺ Testing Terraform
| Tool | Description |
|---|---|
terraform validate | Syntax checks |
TFLint | Linting and best practices |
Checkov | Static security scanning |
Terratest | Integration testing using Go |
π Useful Patterns & Snippets
πΈ Conditional Logic
resource "aws_instance" "web" {
count = var.create_instance ? 1 : 0
}
πΈ Dynamic Blocks
resource "aws_security_group" "example" {
dynamic "ingress" {
for_each = var.ingress_rules
content {
from_port = ingress.value.from_port
to_port = ingress.value.to_port
protocol = ingress.value.protocol
cidr_blocks = ingress.value.cidr_blocks
}
}
}
πΈ Workspaces
terraform workspace list
terraform workspace new staging
terraform workspace select staging
π§ Best Practices
β
Use terraform plan before every apply
β
Format code using terraform fmt
β
Commit .tf files, NOT .tfstate
β
Store state in a remote backend with locking
β
Use modules to avoid repetition
β
Protect secrets (NEVER hardcode passwords in .tf files)
π Recommended Resources
| Resource | Link |
|---|---|
| Official Docs | https://developer.hashicorp.com/terraform |
| Terraform Registry | https://registry.terraform.io |
| DevOpsSchool Terraform Tutorials | https://www.devopsschool.com/blog/category/terraform |
| Hands-on Labs | https://learn.hashicorp.com |
π Final Thoughts
Terraform isnβt just an IaC tool β itβs an ecosystem.
Learning to use it well will let you:
- Automate cloud provisioning
- Create reproducible environments
- Build infrastructure pipelines
- Work in real enterprise cloud projects
Treat infrastructure like code, version it, review it, test it β thatβs Terraform magic.