Beginner’s Guide to Terraform apply

terraform apply is likely one of the most elementary and essential instructions you may ever use in Terraform.

You actually can’t flip your code into infrastructure with out it.

Nonetheless, there are some things about terraform apply that aren’t apparent till you’ve used it for some time, and people particulars could make the distinction between clean deployments and irritating surprises.

So on this information I’ll break down the way it works and how one can use it, whereas additionally avoiding widespread errors.

Sidenote:  If you wish to dive deeper into studying and utilizing Terraform, take a look at my DevOps Bootcamp for Terraform. 

I cowl all the things from the basics all the way in which to provisioning real-world cloud infrastructure on AWS.

This implies you may go from whole newbie to with the ability to get employed as a DevOps Engineer or System Administrator, so it’s an excellent useful resource for any talent stage.

With that out of the way in which, let’s get into this information…

What’s Terraform apply and the way does it work?

Sooner or later in each Terraform mission, you need to push the button that makes your code actual, and that button is terraform apply. It’s the step the place all these traces you wrote in .tf recordsdata lastly present up as precise infrastructure you should utilize.

The factor is, it feels like terraform apply simply fees forward and builds all the things, but it surely’s quite a bit smarter (and safer) than that. 

Right here’s what actually occurs whenever you run it:

• Terraform begins off by checking your configuration recordsdata (what you need), the state file (what it already is aware of about), and your cloud account (what’s really on the market)

• Subsequent, it figures out the variations from what’s dwell (within the state file) vs what you wish to occur (in your config file). This manner it could see what’s lacking, what’s outdated, and what doesn’t belong anymore. With that, it places collectively a plan. Even in the event you by no means ran terraform plan“ by itself, you continue to get that preview right here

• Then comes the security examine. Earlier than taking the motion Terraform stops and exhibits you the plan in plain English. Nothing occurs till you sort sure. In case you resolve to not, it simply exits politely, no hurt performed

• Solely when you’ve given the inexperienced gentle does it go forward and execute what’s in your config file. (Creating what you requested for, fixing what’s drifted, and cleansing up something you’ve eliminated out of your code)

• Lastly, when it’s completed, it updates the state file so it remembers precisely what it’s now managing, and may examine in opposition to it the following time you alter your code

This 5 step course of helps you retain all the things working easily, assuming you’re utilizing it accurately…

Easy methods to use Terraform apply

There are a number of completely different run choices obtainable when utilizing terraform apply. That will help you see the way it works, let’s stroll by way of it step-by-step with a primary instance. 

We’ll undergo the total cycle: 

So let’s have a state of affairs.

Think about that you just’ve simply joined a group, and your first job is to create an AWS storage bucket for mission recordsdata. 

Positive, it’s a reasonably easy activity and you would click on round within the AWS console to set it up, however then it solely exists as soon as and you haven’t any historical past, and no simple option to share the setup with teammates. 

If you set it up with Terraform instead, you may write it in code, reserve it in Git in the event you like, after which anybody can re-create the identical factor in seconds.

Right here’s how we might go about this.

Step #1. Create a mission folder and write your configuration

As a result of we’re assuming that is your very first time working with Terrafrom, it is advisable to begin by making a brand new folder for this mission. 

This folder shall be your “house base” for everytime you use Terraform, and also you’ll hold all of your .tf recordsdata right here, so you should utilize them and in addition come again to them anytime you wish to replace the mission later.

Inside that folder, create a file referred to as most important.tf and add this code:

supplier "aws" {
  area = "us-east-1"
}

useful resource "aws_s3_bucket" "project_files" {
  bucket = "my-first-terraform-bucket-1234"
}

Right here’s what’s happening:

• The supplier block tells Terraform we’re working with AWS within the us-east-1 area

• The useful resource block defines the S3 bucket you need. Bucket names should be globally distinctive, so swap out the instance identify for one thing private, like ‘my-first-terraform-bucket-1234’ or no matter you wish to name it

Step #2. Initialize Terraform

The very first time you arrange a brand new mission folder, you additionally must run:

This helps Terraform to “inventory the toolbox” in your mission and obtain plugins and so forth.

On this case, we wish it to obtain the AWS supplier plugin (so Terraform is aware of how one can speak to AWS), in addition to creates a hidden .terraform folder inside your mission, in order that all the things’s able to go.

Sidenote:

You don’t must run this each time you alter your code. Simply as soon as for the mission until you later add new suppliers (say Azure or Google Cloud) or improve Terraform and wish recent plugins.

Step #3. Apply the configuration

Now it’s time to truly make your bucket, so in the identical mission folder, run:

Keep in mind although that Terraform doesn’t cost forward blindly. First, it figures out what must occur after which exhibits you the plan. 

So, you’ll see one thing like this:

Terraform will carry out the next actions:

  # aws_s3_bucket.project_files shall be created
  + useful resource "aws_s3_bucket" "project_files" {
      + bucket = "my-first-terraform-bucket-2025"
      + id     = (identified after apply)
    }

Plan: 1 so as to add, 0 to vary, 0 to destroy.

As you may see, it’s damaged down into two most important elements. The motion to be taken, after which a closing guidelines plan.

Plan: 1 so as to add, 0 to vary, 0 to destroy

That is Terraform saying: 

“I see you wish to add one new factor (the bucket). Nothing that already exists is altering. Nothing that already exists is being destroyed.”

Then it pauses with a security examine:

Do you wish to carry out these actions?
  Solely 'sure' shall be accepted to approve

• In case you sort `sure`, Terraform will go forward and create the bucket in AWS

• In case you sort `no`, it stops and nothing occurs. Nothing is created, modified, or destroyed

In our case we wish this to run so we sort sure.

Then as soon as it’s completed, Terraform additionally updates its state file so it remembers precisely what it simply created. That’s the way it is aware of what’s already there subsequent time you run it.

Straightforward proper!?

However what about if we wished to replace or change something? 

Properly that’s tremendous easy additionally.

For instance

In case your group later decides the bucket ought to have versioning enabled, you’d merely edit your most important.tf like so:

useful resource "aws_s3_bucket" "project_files" {
  bucket = "my-first-terraform-bucket-1234"

  versioning {
    enabled = true
  }
}

Then merely run terraform apply once more. (No terraform init or new folder creation required).

This time Terraform will discover the bucket already exists, evaluate it together with your up to date code, and simply activate versioning as an alternative of recreating the bucket from scratch.

And that’s the magic of Terraform as a result of it retains observe of your infrastructure, so you can also make adjustments safely and predictably, as an alternative of ranging from zero every time.

We are able to additionally do a number of different issues with it, so let’s check out a few of them.

The commonest apply flags and when to make use of them

Typically you’ll wish to modify how terraform apply behaves, particularly whenever you’re automating Terraform or coping with particular instances, and that’s the place flags are available.

Listed here are essentially the most helpful ones, together with whenever you’d really use them.

Terraform apply -auto-approve

This flag removes the security examine from our code so we don’t must sort sure for it to run.

So why would we wish this?

Properly, in a CI/CD pipeline, nobody is there to sort “sure”, so in the event you don’t skip the immediate, the run will simply grasp endlessly. Clearly we don’t need this to occur however on the similar time, we nonetheless need this to run safely.

So how can we remedy this?

The trick is to maneuver our security checks as much as earlier within the course of, by ensuring we totally examine the plan ourselves. This manner we all know it is secure to run and it received’t grasp within the pipeline.

That is type of behavior to have, even in the event you’re not utilizing -auto-approve.

Why?

Just because it builds a behavior of deeper checking .i.e. that is all you are centered  on at that cut-off date.

For instance

While you soar straight to apply, you’re already in ‘go’ mode. The plan scrolls by, however as a result of the following step is an approval immediate, it’s simple to skim and kind “sure” with out noticing one thing dangerous. 

However working plan by itself forces you right into a take a look at mode mindset as an alternative. Nothing is utilized but, so your solely job is to evaluate fastidiously, and that pause makes you more likely to catch points like a useful resource being destroyed and recreated as an alternative of merely up to date.

Consider what number of instances you’ve written an e-mail and have been positive there have been no typos earlier than you hit ship. You then learn it again later and they’re tremendous apparent. 

This is similar type of factor, solely this typo would possibly break your infrastructure, which is why it is best to take a step again and examine.

Anyhow, rant over and again to the opposite flags!

terraform apply -refresh-only

One of many most important options of apply is it retains observe of your state file. This manner it could then see the present configuration after which see what must be modified.

Nonetheless, generally individuals make adjustments to apps exterior of Terraform. If we don’t replace our state file for these adjustments, we’ll overwrite them  accidentally once we do any future adjustments.

So what we are able to do is use terraform apply -refresh-only to as an alternative check out what’s at the moment on the market in our infrastructure, and use that to replace the present saved state file.

terraform apply -target

Usually, Terraform applies adjustments to all the things in your mission without delay as that’s the most secure option to hold issues constant. 

Nonetheless, generally you solely wish to apply adjustments to a single useful resource and that is precisely what terraform apply -target permits us to do.

For instance

Think about you’re debugging and solely wish to replace the S3 bucket you simply edited. As a substitute of ready for Terraform to plan your complete mission, you may run:

terraform apply -target=aws_s3_bucket.project_files

This tells Terraform:

“Simply replace this one factor, and go away the remaining alone.”

It’s useful for fast fixes throughout improvement, however you don’t wish to overuse it. 

Why?

Properly in the event you apply solely elements of your mission too usually, you may create drift the place some assets don’t line up together with your code anymore. It’s helpful in particular instances, however not an on a regular basis behavior.

terraform apply -parallelism

Terraform often makes adjustments in parallel, which speeds issues up. However some suppliers (or tough dependencies) don’t like being hit with too many adjustments without delay.

This flag means that you can gradual issues down.

For instance

terraform apply -parallelism=1

That forces Terraform to use assets one by one. It’s slower, however generally essential when a supplier’s API struggles beneath load.

terraform apply -force-unlock

By default, Terraform locks the state file whereas it’s working. This prevents two processes from making adjustments on the similar time, which may corrupt the state.

Typically a run crashes or will get interrupted, abandoning a stale lock. In case you see an error like:

Error buying the state lock

That often means Terraform thinks one thing continues to be working when it’s not. 

We are able to unlock it by working:

This clears the lock with out disabling Terraform’s safety. It’s the best option to get better from a crash and get again to a clear state.

Time to attempt apply for your self

In order you may see, there’s extra to terraform apply than you would possibly assume!

Hopefully this information has helped you perceive the interior workings and choices you’ve gotten obtainable when utilizing it. That being mentioned, figuring out the way it works is nowhere close to pretty much as good as making an attempt it out for your self.

So why not give it a go? 

You can begin with small, low-stakes tasks and create a easy useful resource, evaluate the plan, affirm the adjustments, and see how Terraform updates state alongside the way in which. 

Then when you’re snug with the fundamentals, you’ll know when to achieve for flags or automation, and also you’ll belief Terraform to deal with larger, production-level adjustments simply as reliably.

P.S.

Don’t neglect, if you wish to dive deeper into studying and utilizing Terraform, take a look at my DevOps Bootcamp for Terraform. 

I cowl all the things from the basics all the way in which to provisioning real-world cloud infrastructure on AWS and getting employed!

When you be part of, you may have the chance to from me, different college students and dealing professionals.

Not solely that, however as a member, you’ll also get access to every course in the Zero To Mastery library!

Extra Terraform content material

In case you loved this put up, take a look at different articles I’ve written on Terraform and DevOps: