Terraform Cheatsheet
Terraform commands for init, plan, apply, state management, workspaces, modules, and production workflows.
Setup & Authentication
terraform versionShow installed Terraform version
terraform -install-autocompleteEnable shell tab completion
export AWS_ACCESS_KEY_ID=xxxSet AWS credentials via env var
export AWS_SECRET_ACCESS_KEY=xxxSet AWS secret via env var
export AWS_DEFAULT_REGION=us-east-1Set default AWS region
aws configureConfigure AWS credentials interactively
Show installed Terraform version
Enable shell tab completion
Set AWS credentials via env var
Set AWS secret via env var
Set default AWS region
Configure AWS credentials interactively
Core Workflow
terraform initInitialize working directory, download providers
terraform init -upgradeUpgrade providers to latest allowed version
terraform init -reconfigureReinitialize backend configuration
terraform validateCheck configuration for syntax errors
terraform fmtReformat .tf files to canonical style
terraform fmt -checkCheck formatting without modifying files
terraform fmt -recursiveFormat all .tf files in subdirectories too
terraform planPreview changes before applying
terraform plan -out=tfplanSave plan to file for later apply
terraform plan -var-file=prod.tfvarsPlan using specific variable file
terraform applyApply changes to infrastructure
terraform apply tfplanApply a previously saved plan file
terraform apply -auto-approveApply without interactive confirmation prompt
terraform destroyDestroy all managed infrastructure
terraform destroy -auto-approveDestroy without confirmation (careful!)
Initialize working directory, download providers
Upgrade providers to latest allowed version
Reinitialize backend configuration
Check configuration for syntax errors
Reformat .tf files to canonical style
Check formatting without modifying files
Format all .tf files in subdirectories too
Preview changes before applying
Save plan to file for later apply
Plan using specific variable file
Apply changes to infrastructure
Apply a previously saved plan file
Apply without interactive confirmation prompt
Destroy all managed infrastructure
Destroy without confirmation (careful!)
State Management
terraform showShow current state or a saved plan
terraform state listList all resources in state
terraform state show aws_instance.webShow details of a specific resource
terraform state pullDownload and print remote state
terraform state push terraform.tfstateUpload local state to remote backend
terraform state rm aws_instance.webRemove resource from state (keeps real infra)
terraform state mv aws_instance.old aws_instance.newRename resource in state without recreating
terraform refreshSync state with real infrastructure
terraform force-unlock LOCK_IDRelease a stuck state lock
Show current state or a saved plan
List all resources in state
Show details of a specific resource
Download and print remote state
Upload local state to remote backend
Remove resource from state (keeps real infra)
Rename resource in state without recreating
Sync state with real infrastructure
Release a stuck state lock
Variables & Outputs
terraform apply -var="region=us-east-1"Pass single variable on command line
terraform apply -var-file=staging.tfvarsPass all variables from a .tfvars file
export TF_VAR_region=us-east-1Set variable via environment variable
terraform outputShow all output values from state
terraform output instance_ipShow a specific output value
terraform output -jsonShow all outputs in JSON format
terraform output -raw instance_ipShow raw output value (no quotes)
Pass single variable on command line
Pass all variables from a .tfvars file
Set variable via environment variable
Show all output values from state
Show a specific output value
Show all outputs in JSON format
Show raw output value (no quotes)
Targeting & Importing
terraform plan -target=aws_instance.webPlan only for a specific resource
terraform apply -target=aws_instance.webApply only a specific resource
terraform destroy -target=aws_instance.webDestroy only a specific resource
terraform import aws_instance.web i-1234567890abcdef0Import existing resource into state
terraform import -var-file=prod.tfvars aws_s3_bucket.main my-bucketImport resource using variable file
Plan only for a specific resource
Apply only a specific resource
Destroy only a specific resource
Import existing resource into state
Import resource using variable file
Workspaces
terraform workspace listList all workspaces
terraform workspace showShow current workspace name
terraform workspace new stagingCreate and switch to new workspace
terraform workspace select productionSwitch to an existing workspace
terraform workspace delete stagingDelete a workspace (must not be current)
List all workspaces
Show current workspace name
Create and switch to new workspace
Switch to an existing workspace
Delete a workspace (must not be current)
Modules
terraform getDownload and install modules from config
terraform init -upgradeUpdate modules to latest allowed versions
terraform plan -target=module.vpcPlan changes only for a specific module
terraform apply -target=module.vpcApply changes only for a specific module
terraform destroy -target=module.vpcDestroy only a specific module
terraform state list | grep module.vpcList all resources inside a module
Download and install modules from config
Update modules to latest allowed versions
Plan changes only for a specific module
Apply changes only for a specific module
Destroy only a specific module
List all resources inside a module
Debugging & Logs
TF_LOG=DEBUG terraform planRun with debug-level logging
TF_LOG=TRACE terraform applyRun with full trace logging (most verbose)
TF_LOG_PATH=./terraform.log terraform planWrite logs to a file instead of stdout
terraform graphOutput resource dependency graph (DOT format)
terraform graph | dot -Tsvg > graph.svgRender dependency graph as SVG image
terraform consoleOpen interactive REPL to test expressions
terraform providersList all required providers for current config
terraform providers lockLock provider versions in .terraform.lock.hcl
Run with debug-level logging
Run with full trace logging (most verbose)
Write logs to a file instead of stdout
Output resource dependency graph (DOT format)
Render dependency graph as SVG image
Open interactive REPL to test expressions
List all required providers for current config
Lock provider versions in .terraform.lock.hcl