Terraform Cheat Sheet
Quick reference for Terraform — CLI commands, HCL syntax, providers, resources, variables, modules, and state management. All essential patterns in one page.
CLI Commands
| terraform init | Initialize working directory, download providers |
| terraform plan | Preview changes before applying |
| terraform apply | Apply changes to infrastructure |
| terraform apply -auto-approve | Apply without confirmation prompt |
| terraform destroy | Destroy all managed resources |
| terraform fmt | Format .tf files to canonical style |
| terraform validate | Validate configuration syntax |
| terraform output | Show output values |
| terraform state list | List resources in state file |
| terraform state show aws_instance.web | Show details of a resource in state |
| terraform import aws_instance.web i-123 | Import existing resource into state |
| terraform refresh | Sync state with real infrastructure |
HCL Basics
| resource "aws_instance" "web" { ami = "..." } | Define a resource |
| data "aws_ami" "latest" { filter { ... } } | Data source (read-only query) |
| variable "region" { default = "us-east-1" } | Input variable with default |
| variable "name" { type = string } | Typed variable |
| var.region | Reference a variable |
| output "ip" { value = aws_instance.web.public_ip } | Output value |
| locals { env = "prod" } | Local values (computed constants) |
| local.env | Reference a local value |
| terraform { required_version = ">= 1.5" } | Pin Terraform version |
Providers
| provider "aws" { region = var.region } | Configure AWS provider |
| provider "google" { project = "my-proj" } | Configure GCP provider |
| provider "azurerm" { features {} } | Configure Azure provider |
| required_providers { aws = { source = "hashicorp/aws" } } | Pin provider source |
| alias = "west" | Provider alias for multi-region |
| provider = aws.west | Use aliased provider in resource |
Resources & References
| aws_instance.web.id | Reference resource attribute |
| aws_instance.web.public_ip | Reference computed attribute |
| depends_on = [aws_db_instance.db] | Explicit dependency |
| count = 3 | Create multiple instances |
| aws_instance.web[0].id | Reference counted resource |
| for_each = toset(["a", "b"]) | Iterate over set/map |
| each.key / each.value | Access for_each key/value |
| lifecycle { prevent_destroy = true } | Prevent accidental deletion |
| lifecycle { create_before_destroy = true } | Zero-downtime replacement |
Modules
| module "vpc" { source = "./modules/vpc" } | Local module |
| module "vpc" { source = "terraform-aws-modules/vpc/aws" } | Registry module |
| module "vpc" { source = "git::https://..." } | Git module source |
| module.vpc.vpc_id | Reference module output |
| terraform get | Download module sources |
State & Backend
| backend "s3" { bucket = "tf-state" key = "prod.tfstate" } | Remote state in S3 |
| backend "gcs" { bucket = "tf-state" } | Remote state in GCS |
| terraform state mv aws_instance.old aws_instance.new | Rename resource in state |
| terraform state rm aws_instance.web | Remove resource from state (unmanage) |
| terraform workspace new staging | Create new workspace |
| terraform workspace select prod | Switch workspace |
| terraform.workspace | Current workspace name in HCL |
Step-by-Step Guide
Read Guide →