Mastering the Terraform Plan: A Step-by-Step Guide

Introduction to Terraform Plan

Knowing how to manage and deploy resources efficiently is key to optimizing your workflow in the vast world of cloud infrastructure. One tool that has become invaluable in this process is Terraform, and within it, a particular command stands out: terraform plan.

Terraform, developed by HashiCorp, is an open-source infrastructure-as-code (IaC) software tool that enables users to define and provide their data center infrastructure using a declarative configuration language. This is where Terraform Plan comes in.

Here are the key points we’ll cover in this introduction:

What is Terraform Plan?
Why use Terraform Plan?
Understanding the Terraform Plan Output

Let’s dive in!

What is Terraform Plan?

The terraform plan command is a crucial part of the Terraform toolkit. This command allows you to see what Terraform intends to do before it makes any changes. This allows you to review the proposed changes and ensure they align with your expectations.

# Here's a basic example of Terraform code
provider "aws" {
  region = "us-west-2"
}
resource "aws_instance" "example" {
  ami           = "ami-0c55b159cbfafe1f0"
  instance_type = "t2.micro"
}
# Now run terraform plan
terraform plan

Based on your written code, this will show you what Terraform intends to do. In this case, it would show that it plans to create an AWS instance.

Why use Terraform Plan?

The terraform plan command provides several benefits:

Safety: Previewing changes allows you to catch any potential problems before they happen.
Efficiency: It helps to visualize the impact of the changes you intend to make.
Transparency: terraform plan gives you a clearer understanding of what Terraform is doing, which can be helpful in large teams.

Understanding the Terraform Plan Output

When you run terraform plan, the output will show three types of actions:

Create: If a resource doesn’t exist in the real infrastructure but is present in the Terraform configuration, Terraform will create it.
Update: If a resource exists and the configuration changes, Terraform will update the existing resource.
Destroy: If a resource exists but has been removed from the Terraform configuration, Terraform will destroy it.

In the next sections, we will explore more details about setting up your environment and maximizing the terraform plan command. Stay tuned!

Benefits of Using Terraform Plan with AWS

When managing cloud resources on a platform as expansive as Amazon Web Services (AWS), a tool like Terraform Plan can significantly streamline your operations. Using Terraform Plan with AWS offers a host of advantages:

Predictability: As explained in the introduction, terraform plan offers a snapshot of what will happen when you apply your configuration. This predictability is invaluable in a complex environment like AWS, where small changes can have big ripple effects.
Multi-Cloud Strategy: AWS might be your primary cloud provider, but Terraform’s cloud-agnostic approach is invaluable if you use others. The code you write for AWS will look similar to any other provider’s, making multi-cloud strategies easier to implement.
Version Control for Infrastructure: Your AWS setup is critical to your operation, and like any important asset, it’s essential to have version control. With Terraform, your infrastructure setup is codified and can be versioned like any other software code, making changes easier to track, manage, and roll back if needed.
Modular and Reusable Code: Terraform lets you write modular, reusable code. This means you can define an AWS setup once, then replicate it as often as needed.
Integration with AWS Services: Terraform integrates seamlessly with numerous AWS services, allowing you to manage various resources and services from one spot.

Consider the following Terraform configuration:

provider "aws" {
  region = "us-west-2"
}
resource "aws_vpc" "main" {
  cidr_block = "10.0.0.0/16"
}
resource "aws_subnet" "public" {
  vpc_id     = aws_vpc.main.id
  cidr_block = "10.0.1.0/24"
}
resource "aws_instance" "web" {
  ami           = "ami-0c55b159cbfafe1f0"
  instance_type = "t2.micro"
  subnet_id = aws_subnet.public.id
  tags = {
    Name = "HelloWorld"
  }
}
# Run terraform plan
terraform plan

In this example, running terraform plan would show you that Terraform intends to create a VPC, a public subnet within that VPC, and an EC2 instance within that subnet. The advantage of Terraform becomes clear when considering how many separate AWS console operations you’ve saved with this one block of code.

Whether working with a few AWS resources or managing a large-scale cloud setup, Terraform Plan can be a game-changer. In the upcoming sections, we will guide you through setting up your environment to use Terraform Plan with AWS.

Setting Up Your Environment

You’ll need to set up your environment before you can begin working with Terraform Plan and AWS. This involves two main steps:

Installing and Configuring Terraform
Setting up Python for AWS SDK

Let’s take a closer look at each.

Requirements for Terraform

Installing the Terraform binary on your system is the primary requirement for running Terraform. Here’s how to get set up:

Download Terraform: Visit the Terraform downloads page and download the appropriate package for your operating system.
Install Terraform: Extract the downloaded file and move the terraform binary to a directory in your system’s PATH.
Verify the Installation: Open a new terminal window and verify your installation by typing terraform. You should see a list of available Terraform commands.
Configure AWS Credentials: Terraform must authenticate with AWS to create resources. This requires an AWS access key and a secret key.

Here’s an example of how to set your AWS credentials in the environment:

export AWS_ACCESS_KEY_ID="your-access-key"
export AWS_SECRET_ACCESS_KEY="your-secret-key"

Note: Make sure to replace "your-access-key" and "your-secret-key" with your AWS credentials.

Alternatively, you can use aws-vault to manage your AWS credentials more securely.

Setting up Python for AWS SDK

The AWS Software Development Kit (SDK) for Python, known as boto3, allows developers to write software that uses services like Amazon S3, Amazon EC2, and others. Here’s how to set it up:

Install Python: You’ll need Python 3.6 or later. You can download it from the official website if you don’t have Python installed.
Install Boto3: Once Python is installed, you can install boto3 using pip, which is a package manager for Python. In your terminal, simply type:

pip install boto3

Configure AWS Credentials: Just like Terraform, boto3 needs your AWS credentials to interact with AWS services. You can set these up in the same way:

export AWS_ACCESS_KEY_ID="your-access-key"
export AWS_SECRET_ACCESS_KEY="your-secret-key"

With these installations and configurations in place, you can dive deeper into Terraform Plan and begin integrating it with Python and the AWS SDK. Stay tuned for the next sections, where we will guide you through this process.

Check out our Python Boto3 Tutorials for more information on using the Boto3 library.

Deep Dive into Terraform Plan

Now that you’ve set up your environment, it’s time to dive deeper into the workings of Terraform Plan. This section will break down the two essential aspects:

Understanding the Syntax
Key Features of Terraform Plan

Let’s get started!

Understanding the Syntax

Terraform uses a declarative language called HashiCorp Configuration Language (HCL) for its configuration files. The terraform plan command is used with these configuration files. Here is a simple example:

provider "aws" {
  region = "us-east-1"
}
resource "aws_instance" "example" {
  ami           = "ami-0c55b159cbfafe1f0"
  instance_type = "t2.micro"
}
# Now run terraform plan
terraform plan

In this example:

provider "aws" specifies the provider. This is followed by a block that provides the configuration for the provider. In this case, we’re specifying the region.
resource "aws_instance" "example" declares a resource of type aws_instance with the name example. The block following this line provides the configuration for this resource.
Finally, terraform plan is the command that will output the planned operations.

Key Features of Terraform Plan

Understanding the syntax of Terraform is the first step, but to fully leverage the power of terraform plan, it’s crucial to comprehend its key features:

Resource Actions: terraform plan categorizes the actions it will perform into create, update, and destroy, making it easy to understand what changes will be made to your infrastructure.
Saving Plans: You can save the output of a terraform plan command using the -out option. This can be useful when you want to review changes before applying them:

terraform plan -out=plan.out

Resource Targeting: If you want to limit the scope of your plan to specific resources or modules, you can use the -target option:

terraform plan -target=aws_instance.example

Refreshing State: By default, terraform plan refreshes the state file before generating a plan. If you want to skip this, you can use the -refresh=false option.

With these fundamentals in place, you’re ready to dive into more advanced applications of terraform plan. The following sections will guide you through a step-by-step tutorial, integration with Python, and a real-world case study. Stay tuned!

Step-by-Step Guide: Using Terraform Plan

You’re now ready to put your knowledge into action. This step-by-step guide will take you through:

Writing a Basic Terraform Configuration
Running Your First Terraform Plan
Analyzing the Output of Terraform Plan

Let’s begin!

Writing a Basic Terraform Configuration

The first step is to write a simple Terraform configuration. In this configuration, we’ll define an AWS provider and specify a resource for an EC2 instance.

provider "aws" {
  region = "us-east-1"
}
resource "aws_instance" "example" {
  ami           = "ami-0c55b159cbfafe1f0"
  instance_type = "t2.micro"
}

In this configuration, we’re specifying that we want to create an EC2 instance with instance type “t2.micro” in the “us-east-1” AWS region.

Running Your First Terraform Plan

Now that we have our configuration, it’s time to run terraform plan. In your terminal, navigate to the directory where you’ve saved your configuration file and run the following command:

terraform plan

Analyzing the Output of Terraform Plan

Running terraform plan will display an output of the actions that Terraform will take based on your configuration. Here’s an example of what you might see:

Plan: 1 to add, 0 to change, 0 to destroy.

This line tells you that Terraform will create one new resource (the EC2 instance), change zero resources, and destroy zero resources. You can also see details about the resource that will be created.

Congratulations, you’ve successfully written your first Terraform configuration and executed your first terraform plan command!

In the next sections, we’ll take this further and show you how to use Python to work with Terraform and AWS SDK. We’ll also show you how to integrate Terraform with Open Policy Agent and Infracost to optimize your cloud resource management further. Stay tuned!

Integrating Terraform with Python

The power of Terraform becomes even more evident when integrated with a programming language like Python. This can help you automate your operations and manage your resources more efficiently. This section will walk you through the following:

Writing a Python Script to Manage Terraform Plan
Automating Terraform Operations with Python

Writing a Python Script to Manage Terraform Plan

First, let’s write a simple Python script to execute the terraform plan command. We’ll use the subprocess module to run the command in a subprocess.

import subprocess
def run_terraform_plan():
    # Specify the directory where your Terraform files are located
    terraform_dir = "/path/to/your/terraform/files"
    # Command to run
    cmd = ["terraform", "plan"]
    # Execute the command
    result = subprocess.run(cmd, capture_output=True, text=True, cwd=terraform_dir)
    # Print the output
    print(result.stdout)
run_terraform_plan()

Automating Terraform Operations with Python

We can take this further and create a Python class to manage our Terraform operations. This will allow us to run any Terraform command, not just terraform plan.

class TerraformManager:
    def __init__(self, terraform_dir):
        self.terraform_dir = terraform_dir
    def run_command(self, command):
        cmd = ["terraform"] + command.split()
        result = subprocess.run(cmd, capture_output=True, text=True, cwd=self.terraform_dir)
        return result.stdout
terraform = TerraformManager("/path/to/your/terraform/files")
# Now we can run any command like this:
print(terraform.run_command("plan"))
print(terraform.run_command("apply"))
print(terraform.run_command("destroy"))

This Python class can be extended and customized to suit your needs, making cloud resource management more efficient and flexible.

In the following sections, we’ll guide you through integrating Terraform with the Open Policy Agent and Infracost, giving you even more tools to manage your resources effectively. Stay tuned!

Terraform Plan with Open Policy Agent (OPA)

Integrating Terraform with the Open Policy Agent (OPA) enables you to implement Policy-as-Code (PaC), a powerful strategy to enforce organization-wide rules on your infrastructure. This section will introduce you to:

OPA Basics for Terraform Users
Implementing Policy-as-Code with OPA and Terraform

OPA Basics for Terraform Users

OPA is an open-source, general-purpose policy engine that allows you to enforce policies across your stack. In the context of Terraform, it can enforce rules on your infrastructure defined in your Terraform configurations.

For example, you can ensure that all your AWS S3 buckets are private or that all your EC2 instances are of a certain type.

Implementing Policy-as-Code with OPA and Terraform

To integrate OPA with Terraform, we’ll use a tool called Conftest. It uses OPA under the hood and supports HCL, which Terraform uses.

First, install Conftest:

brew install conftest

Next, write a policy. Policies in OPA are written in a high-level declarative language called Rego. Save the following as policy.rego:

package main
deny["Instance type must be t2.micro"] {
  input.resource_changes[_].type == "aws_instance"
  input.resource_changes[_].change.after.instance_type != "t2.micro"
}

This policy ensures that all EC2 instances are of type “t2.micro”.

Next, save the output of terraform plan in JSON format:

terraform plan -out=tfplan
terraform show -json tfplan > tfplan.json

Finally, check your Terraform plan against your policy:

conftest test tfplan.json

If all your EC2 instances are of type “t2.micro”, the check will pass. Otherwise, it will fail and display the message “Instance type must be t2.micro”.

This is a basic introduction to integrating OPA with Terraform. By mastering this technique, you can ensure that your Terraform configurations always adhere to your organization’s policies.

Check out how to integrate OPA into your Terraform CICD pipeline in the Test Terraform code using CICD – Easy AWS automation article.

In the next section, we’ll explore how to integrate Infracost with Terraform Plan to estimate the cost of your infrastructure before deployment. Stay tuned!

Estimating Cloud Costs with Infracost

Managing cloud costs is a critical aspect of modern cloud infrastructure. Infracost, a powerful open-source tool, can help you understand how changes in your Terraform configurations impact your AWS costs before you deploy them. This section will introduce:

Introduction to Infracost
How to Integrate Infracost with Terraform Plan

Introduction to Infracost

Infracost provides a breakdown of costs (monthly or annually) for each resource in your Terraform configuration. It supports numerous AWS resources, with ongoing development to support even more. With Infracost, you can clearly understand how your architecture decisions will impact your cloud bill.

How to Integrate Infracost with Terraform Plan

First, install Infracost using the appropriate method for your operating system:

brew install infracost

Next, run Infracost against your Terraform configuration:

infracost breakdown --path /path/to/terraform/directory

This will output a breakdown of costs for each resource defined in your Terraform configuration.

For even better integration with your workflow, you can use Infracost in conjunction with terraform plan:

terraform plan -out tfplan.binary
terraform show -json tfplan.binary > tfplan.json
infracost breakdown --path tfplan.json --format json

This will output the cost breakdown in JSON format based on your planned changes.

Infracost is a valuable tool that adds a new dimension of visibility to your infrastructure planning. Integrating it into your workflow enables you to make more informed decisions about your cloud resource management.

Stay tuned for the final part of this guide, where we wrap everything up and provide some additional resources for mastering the use of Terraform Plan in your AWS management toolkit.

Check out how to integrate Infracost into your Terraform CICD pipeline in the Test Terraform code using CICD – Easy AWS automation article.

Case Study: A Real-world Application of Terraform Plan

To help solidify your understanding, let’s take a look at a real-world application of terraform plan in a typical development workflow.

Imagine we’re working on a web application that uses AWS services such as EC2 for hosting our application, RDS for our database, and S3 for storing our static files.

Starting with the Infrastructure Code

Our team uses Terraform to manage our infrastructure as code. We define all our required resources in our Terraform configuration files. Here’s an oversimplified example:

provider "aws" {
  region = "us-east-1"
}
resource "aws_instance" "web" {
  ami           = "ami-0c55b159cbfafe1f0"
  instance_type = "t2.micro"
}
resource "aws_db_instance" "db" {
  allocated_storage    = 10
  engine               = "mysql"
  instance_class       = "db.t2.micro"
  name                 = "mydb"
  username             = "admin"
  password             = "securepassword"
  parameter_group_name = "default.mysql5.7"
}
resource "aws_s3_bucket" "bucket" {
  bucket = "my-bucket"
  acl    = "private"
}

Implementing Changes

As our application grows, we need to adjust our infrastructure. We decided to increase the size of our database instance to handle the increased load. We change the instance_class of our aws_db_instance resource to “db.t2.medium”.

Reviewing Changes with Terraform Plan

Before applying this change, we want to see what will be altered in our infrastructure. This is where terraform plan comes in:

terraform plan

The output shows us that one resource will be changed (our RDS instance) and gives us detailed information about what will be changed.

Enforcing Policies with OPA

Before applying the change, we must check if it complies with our organization’s policies. Using OPA, we verify that our change aligns with our predefined rules.

Estimating Costs with Infracost

Finally, we use Infracost to estimate how this change will affect our AWS costs. We find out that the monthly cost of our RDS instance will increase, but it’s within our budget.

This case study demonstrates how terraform plan, in conjunction with OPA and Infracost, can provide a comprehensive overview of the potential impact of changes in your infrastructure. This empowers your team to make informed decisions and maintain efficient, cost-effective, and compliant cloud operations.

Common Mistakes to Avoid with Terraform Plan

As with any tool, understanding potential pitfalls is key to effective usage. Here are some common mistakes to avoid when using terraform plan:

Ignoring the Output: The main value of terraform plan lies in its detailed output. It provides a wealth of information about what will happen when you run terraform apply. Ignoring this output can lead to unwanted changes in your infrastructure. Always take the time to review the plan output before applying changes.
Not Using It in Conjunction with Other Commands: terraform plan should be used as a part of your workflow, not as a standalone command. It’s a preliminary step that should be followed by terraform apply if everything looks good. Also, using terraform plan in conjunction with terraform validate can help catch errors early in the development process.
Not Saving the Plan Output: You can (and should) save the output of terraform plan using the -out flag, like this: terraform plan -out=tfplan. This allows you to review the plan in detail later and also ensures that the exact plan is applied when you run terraform apply tfplan. Without this, the state of your infrastructure might change between when you run terraform plan and terraform apply, leading to inconsistencies.
Not Using It with Policy-as-Code Tools: Tools like Open Policy Agent can be integrated with terraform plan to enforce your organization’s policies. Ignoring this integration can lead to non-compliant infrastructure deployments.
Ignoring Cost Estimations: terraform plan can show you what changes will happen to your infrastructure, but it won’t tell you how they will affect your AWS bill. That’s why it’s a good practice to use cost estimation tools like Infracost in conjunction with terraform plan.
Not Documenting Changes: If you’re working in a team, it’s crucial to document the changes in your Terraform configurations and the corresponding plans. This ensures that everyone on the team understands the expected changes and can help prevent conflicts or confusion.

By avoiding these common mistakes, you can make the most of terraform plan and manage your AWS infrastructure more effectively and efficiently.

Tips for Optimizing Your Use of Terraform Plan

Building on the previous section, here are some tips to help you optimize your use of terraform plan:

Save and Review Your Plan: As previously mentioned, always save the output of terraform plan using the -out option. This lets you review the plan before applying it and guarantees that terraform apply uses the exact plan you reviewed.
Make Use of Terraform Format and Validate: Before running terraform plan, consider running terraform fmt and terraform validate. The fmt command rewrites your Terraform files in a canonical format and style, making it easier to spot errors. The validate command checks for syntax errors and missing arguments in your configurations.
Use a Version Control System (VCS): Store your Terraform configurations in a VCS like Git. This allows you to keep track of changes, explore the history of your configurations, and collaborate more effectively with your team.
Integrate with Continuous Integration (CI) Tools: You can integrate terraform plan into your CI/CD pipeline. This way, you can automate checking your infrastructure changes every time you change your configuration.
Use Workspaces for Different Environments: If using the same configurations for different environments (e.g., development, testing, production), consider using Terraform workspaces. You can then run terraform plan separately for each workspace.
Leverage Terragrunt for Dry Runs: Terragrunt is a thin wrapper that provides extra tools for working with multiple Terraform modules. It offers the plan-all command lets you see what changes would happen across all your modules without applying them.
Consider Cost Estimation Tools: As discussed earlier, using a tool like Infracost alongside terraform plan can give you insights into the financial impact of your planned changes.

Integrating these best practices into your workflow ensures you’re using terraform plan as effectively as possible. In the next section, we’ll summarize everything we’ve learned and point you to further resources to continue your Terraform journey.

FAQ

What is a Terraform plan?

A terraform plan is a crucial command in the Terraform command-line interface (CLI) that generates an execution plan detailing what actions Terraform will take to achieve the desired state of your infrastructure. This execution plan shows the operations to be executed (additions, modifications, deletions), the resources affected, and the order of these operations. A Terraform plan allows you to review infrastructure changes before deployment, allowing for safe and predictable infrastructure management and reducing the risk of unintended consequences in your cloud environment.

What happens in Terraform plan?

In Terraform, the terraform plan command compares the current state of your infrastructure with the state defined in your Terraform configuration files. It then generates an execution plan detailing the resources to be created, modified, or deleted to match your desired state. The plan offers an overview of the changes before implementation, allowing you to review and confirm the alterations. It also helps identify any potential issues or conflicts in the configuration. Thus, terraform plan is an essential command for previewing and validating changes, ensuring safer and more predictable infrastructure management.

What are the outputs of Terraform plan?

The output of the terraform plan command is an execution plan that displays a detailed overview of what Terraform will do when you apply your configuration. This output includes the resources to be added, changed, or destroyed, with detailed explanations for each operation. If changes are detected, each will be marked with a ‘+’ (addition), ‘-‘ (deletion), or ‘~’ (modification). In addition, the total count of changes is provided at the end. If there are no changes, the plan will indicate “No changes”. This output helps users understand the impact of their actions before executing terraform apply, thereby ensuring a predictable and error-free deployment of their infrastructure.

How do I view Terraform plans?

To view Terraform plans, you need to use the terraform plan command in your command line interface (CLI). Navigate to the directory containing your Terraform configuration files, then enter terraform init to initialize your working directory. After successful initialization, enter terraform plan. The output of this command is an execution plan that shows what Terraform will do when you run terraform apply. This execution plan displays the additions, modifications, and deletions that will be made to your infrastructure, giving you an opportunity to review the changes before they are implemented.

Conclusion: Embracing the Power of Terraform Plan

Throughout this guide, we’ve learned about the central role of terraform plan in managing infrastructure as code with Terraform. We’ve also explored its integrations with various tools and services, how to optimize its usage, and the common mistakes to avoid.

To summarize:

Understanding terraform plan: We delved into what terraform plan is, its syntax, and key features. This command provides a safety check, allowing you to see changes before they’re applied to your infrastructure.
Integration with Python: We learned how to leverage Python scripts to automate Terraform operations, enhancing productivity and reliability.
Policy-as-code with OPA: We integrated OPA with terraform plan, promoting secure and compliant infrastructure deployments.
Cost estimation with Infracost: This integration allows you to predict the cost implications of your planned changes, supporting better financial decision-making.
Real-world applications and pitfalls: The case study presented a practical application of terraform plan, while the sections on common mistakes and optimization tips helped you understand how to avoid errors and enhance your usage of terraform plan.

The power of terraform plan lies in its ability to give you a clear view of the future state of your infrastructure. By fully embracing this command, you can make informed, strategic decisions, ensure that your deployments align with your policies, and maintain tight control over your cloud costs.

However, this is just the tip of the iceberg. As you explore Terraform and its various commands and integrations, you’ll discover a world of possibilities that can revolutionize how you manage your cloud infrastructure.

This blog post aims to be a comprehensive guide, but remember to refer to the official Terraform documentation for the most accurate and up-to-date information.

Thank you for reading, and here’s to efficient, effective, and streamlined infrastructure management with Terraform!

References

Throughout this blog post, we’ve referenced several resources and tools. Here’s a quick summary of them:

Terraform
Python
- Official Website
- AWS SDK for Python (Boto3)
Open Policy Agent (OPA)
- Official Website
- Terraform and OPA Integration
Infracost
- Official Website
- Integration with Terraform
Terragrunt
- Official Website
- plan-all command documentation

All the information and links were accurate when writing this blog post. Always refer to the official documentation of each tool for the most up-to-date and accurate information.