Hey everyone 👋
If you're learning Terraform or working in DevOps, you're bound to hit moments where “it just doesn’t work.” Maybe Terraform plan is acting weird. Maybe apply didn’t create what you expected. Maybe the provider is just… being awkward.
That’s where Terraform debugging steps in. And trust me — knowing how to read and generate logs can save you hours (and your sanity).
Let me break it down the way I wish someone had explained it to me 👇
🔍 Think of It Like Your Cloud's Black Box Recorder
You know how airplanes have flight data recorders that capture what happened before a crash? That’s what Terraform logs are for your infrastructure.
If something breaks, you don’t want to guess. You want evidence. Logs show you what Terraform was doing under the hood — every decision, every request, every response.
💥 Why Debugging (and Logs) Matter
Setting up Terraform is usually smooth… until it’s not.
✅ Something didn’t deploy?
✅ A module isn’t working?
✅ A provider’s API is throwing weird errors?
You’ll save hours if you can look under the hood with detailed logs instead of flying blind.
⚙️ The 2 Most Important Tools: TF_LOG and TF_LOG_PATH
1. TF_LOG
This environment variable controls the verbosity (how detailed) the logs are.
Here are the levels:
| 🧠 Level | 🔍 Detail |
|---|---|
ERROR |
Only critical failures |
WARN |
Warnings + errors |
INFO |
General process flow |
DEBUG |
Module-level logic and decisions |
TRACE |
Every. Single. Thing. Terraform does |
💡 Analogy:
TRACE is like wearing a GoPro inside your brain. It sees everything, including what you didn’t even realize was happening.
2. TF_LOG_PATH
If you don’t want 700 lines of TRACE spam in your terminal, this lets you redirect the logs to a file.
It’s cleaner and easier to share with teammates.
# Example (Linux/macOS)
export TF_LOG=TRACE
export TF_LOG_PATH=trace.log
terraform plan
# Example (Windows)
set TF_LOG=TRACE
set TF_LOG_PATH=trace.txt
terraform plan
📁 Boom — logs go to a file and your terminal stays neat.
🧪 How Different Log Levels Look in Real Life
Let’s say you run terraform plan with:
-
TF_LOG=INFO→ 16 lines of output -
TF_LOG=TRACE→ 782 lines of output 😅
The difference is massive. But when things break, that extra detail is gold.
👟 Temporary vs Permanent Setup
You don’t need logs all the time. That’s why setting these as temporary environment variables is ideal.
# Temporary for Linux/macOS
export TF_LOG=DEBUG
# Temporary for Windows
set TF_LOG=DEBUG
They vanish when you close the terminal. Great for one-off debugging.
But if you want logs always on (not usually recommended), you can set them in your system’s environment variables.
🔧 What Logs Help You Debug
Logs are helpful when:
✅ A resource isn’t behaving as expected
✅ You’re writing custom modules
✅ A provider plugin is misbehaving
✅ You need to report a bug to HashiCorp
🚫 Logs are not helpful when:
– Everything’s working fine
– You’re just doing a quick plan/apply
– You forget to read them 😅
💡 Final Thoughts
Debugging in Terraform isn’t just a side skill — it’s a survival skill. And learning to use TF_LOG and TF_LOG_PATH effectively can seriously level up your troubleshooting game.
To recap:
✅ Use TF_LOG to control how much detail you want
✅ Use TF_LOG_PATH to send logs to a file
✅ Only turn logs on when you need them
✅ TRACE is your deep-dive tool when nothing else is helping
If you’ve ever had a mysterious Terraform failure, I’d love to hear how you debugged it. Or if you're just getting started and want to trade notes — feel free to connect on LinkedIn or drop a comment below ☁️🔍
Let’s debug smarter, not harder.
Top comments (0)