To Be a Terraform Expert

When you work with your colleagues with same terraform project, sometimes they maybe need to apply some changes that haven't merged yet for testing, when you run the plan command, you will find that terraform want to destroy his resources. You can wait until his changes have merged. But actually, you can use the -target to limit your resources for the plan command. So, you can run the plan command happily without destroying other people's resources.

If you need to work on the same project with your colleagues, you need to set up a remote state. We use s3 as our state backend, it will use s3 bucket to store the state file, and a DynamoDB table to store the lock. If you encounter some problems, you maybe need to check these resources manually to confirm it's all working properly.

You know, the state file includes the states terraform known about your resources, but what will happen if you delete some resources through other tools (e.g., make changes through AWS console)? Terraform didn't know those changes. We can use state rm command to tell terraform not to manage these states in the feature. Beware that, the destroy command will remove remote resources, and the state rm will only remove from the state, if you haven't removed the remote resources through other tools, the resources will still there.

We may need to change the resource name in our codes, for example rename or put the resource under another module. After the rename the Terraform usually will create a plan that include destroy and create. We can use mv to rename the resource names in the state file, so that Terraform will know the changes and create a correct plan.

Sometimes, it's easy to create some resources through web UI. With import command, we can create resources through the web UI, and then import them to terraform state.

If you have use providers in your module when you delete that module, terraform will report an error, that it can't find providers. It's annoying when you use modules in modules. You can simply create some fake module, these modules only have the same names as the original modules, but didn't have any resources. After apply, you can safely remove these fake modules.

HCL for terraform was not a programming language, but we can't stop to do programming in terraform. When we write some expressions, we need to test it. I suggest creating a temporary project to test it. Think about that you have a big project with 20+ resources, you need to refresh the states every time you want to run terraform plan.

Simply put the expressions in a locals block, and output the results in output blocks, you will see the terraform plan command run very fast.