1suleyman

Posted on Jul 30

🧱 Terraform Plan Files and Outputs (And Why They're Like Blueprints and Receipts for Your Cloud)

#terraform #aws #beginners #documentation

Hey everyone 👋

If you’ve been learning Terraform (or already using it to build infrastructure), you’ve probably used terraform plan and terraform apply. But have you ever tried saving the plan to a file or querying outputs afterward?

These two simple concepts — plan files and output variables — can make your deployments safer, clearer, and way more consistent, especially in production environments.

Let me explain it the way I wish someone had early on 👇

📐 Think of Plan Files Like Construction Blueprints

Let’s say you’re building a house. First, you draft a blueprint. You show it to your team, get approvals, and once everyone signs off, the builders use that exact version to build — not some last-minute revision.

That’s what saving a Terraform plan does:

terraform plan -out=infra.plan

This tells Terraform, “Hey, save the plan exactly as it looks now.” You’ve now frozen the blueprint.

🛠️ Why This Is a Game-Changer (Especially for Teams)

By applying the saved plan later:

terraform apply infra.plan

You're guaranteeing that what gets deployed is exactly what was planned — even if the .tf files change later.

🧠 Why It Matters

✅ Consistency: No last-minute surprises
✅ Approval Workflows: Share the .plan with your team for review
✅ CI/CD Pipelines: Keep plan/apply separate for better automation

💡 Pro Tip: Plan files are binary — you can’t read them like text. To view what’s inside, use:

terraform show infra.plan

Or, if you want structured data:

terraform show -json infra.plan

You can even pipe it into tools like jq for better formatting.

📦 Terraform Output Is Like Asking for Receipts

After a deployment, you might wonder:

“What’s the ARN of the IAM users I just created?”
“What’s the public IP of my EC2 instance?”

Instead of hunting through .tfstate or logs, you can define outputs in your code:

output "iam_names" {
  value = aws_iam_user.this[*].name
}

output "iam_arn" {
  value = aws_iam_user.this[*].arn
}

Then, whenever you want to check them:

terraform output iam_names
terraform output iam_arn

It’s like asking your system, “Hey, what did I just build?” And it replies immediately.

🧾 Three Ways to View Output Values

🔍 Method	💬 Description
`terraform apply`	Shows outputs after every apply
`.tfstate` file	Manually view saved outputs
`terraform output`	Query values directly via CLI (best way!)

🔐 A Quick Note on Security

If your output includes secrets (like passwords or tokens), mark them as sensitive:

output "db_password" {
  value     = var.db_password
  sensitive = true
}

Terraform will then hide the value from CLI output to keep things safe.

🧩 Why This Matters in Real Life

Whether you're a solo developer or part of a DevOps team, these two features help you:

✅ Prevent accidental changes during deploys
✅ Build safer automation pipelines
✅ Share important info without giving access to state files
✅ Keep your cloud setups transparent and traceable

🧠 Final Thoughts

When you’re first learning Terraform, it’s easy to just run terraform apply and move on. But when you start using plan files and output commands, you’re stepping into production-grade Terraform — the kind that’s safe, auditable, and scalable.

If you’re building cool stuff in the cloud (or just learning like I am), I’d love to hear from you!

Drop a comment here or reach out on LinkedIn. Let’s build together ☁️🛠️

DEV Community