DEV Community

AWS Community Builders profile image Srinivasulu Paranduru
Srinivasulu Paranduru for AWS Community Builders

Posted on • Updated on

Terraform commands

#terraform #iac #aws #cloud

1.Terraform Validate:

  • Terraform validate primarily checks whether a configuration is synatically valid.
  • It can check various aspects like unsupported arguments, undeclared variables and others 
terraform validate
Enter fullscreen mode Exit fullscreen mode

2.Terraform format: Formats the configuration files in the folder where you can ran terraform commands

terraform fmt
Enter fullscreen mode Exit fullscreen mode

3. Destroy: The terraform destroy command is a convenient way to destroy all remote objects managed by a particular Terraform configuration.

Usage : Terraform destroy [options]

3.1 You can check destroy plan by running the below command

terraform plan -destroy
Enter fullscreen mode Exit fullscreen mode

3.2 To apply the terraform destroy , run the command

terraform apply -destroy
Enter fullscreen mode Exit fullscreen mode

Note : The -destroy option to terraform apply exists only in Terraform v0.15.2 and later. For older versions, you must use terraform destroy to get the effect of terraform apply -destroy.

4. Terraform functions:
The Terraform language includes a number of built-in functions that you can use to transform and combine values.

The general syntax for function calls is a function name followed by comma-separated arguments in parentheses:

function (argument1, argument2)

Example:

max(5, 12, 9)
12

Can be tested by the command – terraform console
The Terraform language does not support user-defined functions, and so only the functions built into the language are available for use

  • Numeric
  • String
  • Collection
  • Encoding
  • Filesystem
  • Date and Time
  • Hash and Crypto
  • IP Network
  • Type Conversion

Link - https://www.terraform.io/docs/language/functions/index.html

5.Data Sources : It allow data to be fetched or computed for use elsewhere in Terraform configuration

A data source is defined under the data block.

It reads from a specific data source (aws_ami) and exports results under “app_ami”

data "aws_ami" "app_ami" {
   most_recent =true
   owners = ["amazon"]
    filter{
     name = "name"
     values = ["amzn2-ami-hvm*"]
   }
}
Enter fullscreen mode Exit fullscreen mode 
resource "aws_instance" "myfirstec2" {
  ami           = data.aws_ami.app_ami.id
  instance_type = var.instance_type
}
Enter fullscreen mode Exit fullscreen mode

6.Debugging in Terraform :
Terraform has detailed logs which can be enabled by setting the TF_LOG environment variable to any value

Possible values for TF_LOG are : TRACE, DEBUG,INFO, WARN, ERROR

7.Dynamic Blocks
Understanding the actual Challenge:

In many of the use-cases, there are repeatable nested blocks that need to be defined.

This can lead to a long code and it can be difficult to manage in a long time.

Image description

Overview of Dynamic Blocks

Dynamic Block allows us to dynamically construct repeatable nested blocks which is supported inside resource, data, provider, and provisioner blocks:

Before.tf ( Terraform configuration with out using Dynamics Block)

# Before.tf ( Terraform configuration with out using Dynamics Block)

resource "aws_security_group" "demo_sg" {
  name        = "sample-sg"

  ingress {
    from_port   = 8200
    to_port     = 8200
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  ingress {
    from_port   = 8201
    to_port     = 8201
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  ingress {
    from_port   = 8300
    to_port     = 8300
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  ingress {
    from_port   = 9200
    to_port     = 9200
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  ingress {
    from_port   = 9500
    to_port     = 9500
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
}
Enter fullscreen mode Exit fullscreen mode

Dynamic.tf ( Terraform configuration with using Dynamics Block)

#Dynamic.tf ( Terraform configuration with using Dynamics Block)

variable "sg_ports" {
  type        = list(number)
  description = "list of ingress ports"
  default     = [8200, 8201,8300, 9200, 9500]
}

resource "aws_security_group" "dynamicsg" {
  name        = "dynamic-sg"
  description = "Ingress for Vault"

  dynamic "ingress" {
    for_each = var.sg_ports
    iterator = port
    content {
      from_port   = port.value
      to_port     = port.value
      protocol    = "tcp"
      cidr_blocks = ["0.0.0.0/0"]
    }
  }

  dynamic "egress" {
    for_each = var.sg_ports
    content {
      from_port   = egress.value
      to_port     = egress.value
      protocol    = "tcp"
      cidr_blocks = ["0.0.0.0/0"]
    }
  }
}
Enter fullscreen mode Exit fullscreen mode

Note : Using the same blog, will add the remaining commands

8.Overview of Iterators
The iterator argument (optional) sets the name of a temporary variable that represents the current element of the complex value

If omitted, the name of the variable defaults to the label of the dynamic block ("ingress" in the example above).

Image description

9.Splat Expression: It allows us to get a list of all the attributes

Splat.tf

provider "aws" {
  region     = "us-west-2"
  access_key = "YOUR-ACCESS-KEY"
  secret_key = "YOUR-SECRET-KEY"
}
resource "aws_iam_user" "lb" {
  name = "iamuser.${count.index}"
  count = 3
}

output "arns" {
  value = aws_iam_user.lb[*].arn
}
Enter fullscreen mode Exit fullscreen mode

10.Terraform Graph: The terraform graph command is used to generate a visual representation of either a configuration or execution plan

The output of terraform graph is in the DOT format, which can easily be converted to an image.

11.Saving Terraform Plan to a File

terraform plan -out=path
Enter fullscreen mode Exit fullscreen mode

12.Dealing with Large Infrastructure
Setting Refresh to False

We can prevent terraform from querying the current state during operations like terraform plan.

This can be achieved with the -refresh=false flag

The -target=resource flag can be used to target a specific resource.

Generally used as a means to operate on isolated portions of very large configurations

Image description

13.Zipmap Functions: The zipmap function constructs a map from a list of keys and a corresponding list of values.
Image description

Following screenshot shows a sample output of Zipmap

Image description

14.Taint: The terraform taint command informs Terraform that a particular object has become degraded or damaged. Terraform represents this by marking the object as "tainted" in the Terraform state, and Terraform will propose to replace it in the next plan you create.

Warning: This command is deprecated. For Terraform v0.15.2 and later, we recommend using the -replace option with terraform apply instead (details below).

Recommended Alternative: For Terraform v0.15.2 and later, its been recommended using the -replace option with terraform apply to force Terraform to replace an object even though there are no configuration changes that would require it.

$ terraform apply -replace="aws_instance.myec2"
Enter fullscreen mode Exit fullscreen mode

_aws_instance.myec2 is the ec2 instance configuration code you are having currently.

15.Terraform untaint -

terraform untaint [options] address
Enter fullscreen mode Exit fullscreen mode

Refer :https://developer.hashicorp.com/terraform/cli/commands/untaint

💬 If you enjoyed reading this blog post and found it informative, please take a moment to share your thoughts by leaving a review and liking it 😀 and follow me in linkedin

Top comments (0)

Read next

kiryl_anoshka profile image

Lambda Internals: Why AWS Lambda Will Not Help With Machine Learning

Kiryl Anoshka -

fady_nabil10 profile image

AWS Community Builders partnership with Techne Summit Cairo 2024

Fady Nabil -

aagalib profile image

Create a knowledge base using Amazon OpenSearch

Asadullah Al Galib -

piyushbagani15 profile image

A Day in the Life of a DevOps Engineer

Piyush Bagani -