// cheat sheet
Terraform Cheat Sheet
The Terraform HCL constructs and CLI commands you use to provision and manage infrastructure as code — providers, resources, variables, outputs, modules, and state operations.
Quick Reference
- ›terraform init / plan / apply / destroy
- ›terraform fmt -recursive && terraform validate
- ›terraform state list / mv / rm / show
- ›Use remote state (S3 + DynamoDB lock or Terraform Cloud)
- ›Pin provider versions in required_providers
Learning Path
Recommended order
- 1.Beginner
- 2.Intermediate
- 3.Advanced
Prerequisites
- •Cloud account (AWS/Azure/GCP/DO)
- •Basic networking concepts
Skills you will learn
- ✓Declarative IaC
- ✓Module composition
- ✓Remote state and locking
- ✓Plan/apply discipline
Estimated time
A weekend to feel productive.
Architecture Overview
Architecture
AWS Infrastructure Built with Terraform
Providers
terraform {
required_version = ">= 1.7"
required_providers {
aws = { source = "hashicorp/aws", version = "~> 5.0" }
}
backend "s3" {
bucket = "acme-tfstate"
key = "orders/terraform.tfstate"
region = "us-east-1"
dynamodb_table = "tf-locks"
encrypt = true
}
}
provider "aws" {
region = var.region
default_tags { tags = { Project = "orders", Env = var.env } }
}Resources
resource "aws_vpc" "main" {
cidr_block = "10.0.0.0/16"
enable_dns_hostnames = true
tags = { Name = "orders-${var.env}" }
}
resource "aws_instance" "api" {
ami = data.aws_ami.al2.id
instance_type = "t3.small"
subnet_id = aws_subnet.public[0].id
tags = { Name = "api" }
}Variables
variable "env" {
type = string
description = "Deployment environment"
validation {
condition = contains(["dev","staging","prod"], var.env)
error_message = "env must be dev/staging/prod"
}
}
variable "instance_count" {
type = number
default = 2
}
# Pass via CLI or tfvars
# terraform apply -var env=prod
# terraform apply -var-file=prod.tfvarsOutputs
output "vpc_id" {
value = aws_vpc.main.id
}
output "api_public_ip" {
value = aws_instance.api.public_ip
sensitive = false
}
# Consume from another stack
data "terraform_remote_state" "network" {
backend = "s3"
config = { bucket = "acme-tfstate", key = "network/terraform.tfstate", region = "us-east-1" }
}Modules
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
version = "~> 5.0"
name = "orders-${var.env}"
cidr = "10.0.0.0/16"
azs = ["us-east-1a","us-east-1b"]
private_subnets = ["10.0.1.0/24","10.0.2.0/24"]
public_subnets = ["10.0.101.0/24","10.0.102.0/24"]
enable_nat_gateway = true
}State commands
terraform init # download providers + backend
terraform plan -out plan.bin # preview
terraform apply plan.bin
terraform destroy
terraform state list
terraform state show aws_instance.api
terraform state mv aws_instance.api aws_instance.api_v2
terraform state rm aws_instance.api # forget without destroying
terraform import aws_instance.api i-0abc
terraform workspace new staging
terraform workspace select prodCommon Mistakes
- !Editing state by hand — always use `terraform state` subcommands.
- !Committing terraform.tfstate to Git — leaks secrets and breaks teams.
- !Letting providers float — pin with `~> 5.0` minimum.
- !Using `count` for unstable lists — switch to `for_each` keyed by id.
Production Tips
- ★Remote state with locking (S3 + DynamoDB or Terraform Cloud) is non-negotiable for teams.
- ★Run `terraform plan` in CI on every PR; require approval before apply.
- ★Use separate workspaces or state files per environment.
- ★Tag every resource (Project, Env, Owner) via provider default_tags.
Further Reading
Frequently Asked Questions
How should I use this cheat sheet?
Skim once end-to-end, then keep it open in a pinned tab. Copy a snippet, adapt it to your project, and refer back when memory fails.
Is this cheat sheet up to date?
It's maintained against the latest stable releases in 2026 and revised when commands or APIs change meaningfully.