Programster's Blog

Tutorials focusing on Linux, programming, and open-source

Terraform Cheatsheet


The following chained commands will install the Hashicorp GPG key, add their PPA, and use that to install Terraform.

curl -fsSL | sudo apt-key add - \
  && sudo apt-add-repository "deb [arch=amd64] $(lsb_release -cs) main" \
  && sudo apt-get update && sudo apt-get install terraform -y

Snap Installation

You can install the the terraform CLI tool con Ubuntu 20.04 by running:

sudo snap install terraform

... however, this will install Terraform v0.11.11 which will not work with some of the examples I provide, which need 0.12+.

File Extension and "Language"

Terraform files should have the .tf extension, and the "language" is called HCL (Hashicorp Configuration language).

One can use other tools like "Packer" to create custom AMIs.


Terraform Plan

The terraform plan command will tell you what changes are going to be made. Run this command before running terraform apply, which actually applies the changes.


Terraform will create the following files/folders that you may wish to add to your .gitignore file.

  • .terraform
  • .tfstate
  • .tfstate.backup

Terraform Apply

  • Run terraform apply to apply the changes that terraform plan says it would make.

Terraform Init

  • Sets up the area for terraform.
  • Can be run multiple times without issue.

Terraform Destroy

Run terraform destroy to completely remove anything that terraform set up.

Terraform Graph

  • Run the terraform graph command to map out the dependencies in your terraform setup. This will be output in DOT language which you can visualize by using GraphvizOnline.

Terraform Taint

  • Run the terraform taint command to mark a resource as "tainted". This allows you to force it to be replaced the next time you run terraform plan and terraform apply.
    • This is useful when you push an update to a docker image, which an EC2 image uses, but only fetches it when it is getting deployed etc.
    • Example usage: terraform taint aws_instance.my_compute_instance

AWS Authentication

To use terraform with AWS, you will need to provide it with your access key and secret. You can do this by running:

export AWS_ACCESS_KEY_ID=yourKeyId
export AWS_SECRET_ACCESS_KEY=yourKeySecret

Basic Example

The following terraform file will deploy a basic webserver (in London) that runs on port 8080 and will just respond with "Hello World". To "run" it, execute terraform apply.

provider "aws" {
  region = "eu-west-2"

# Create security group to allow port 8080
resource "aws_security_group" "instance" {
  name = "terraform-example-instance"

  ingress {
    from_port   = 8080
    to_port     = 8080
    protocol    = "tcp"
    cidr_blocks = [""]

# Create the ubuntu 20.04 EC2 webserver resource 
# that uses the above security group
resource "aws_instance" "example" {
  ami                    = "ami-05c424d59413a2876"
  instance_type          = "t2.micro"
  vpc_security_group_ids = []

  user_data = <<-EOF
              /usr/bin/sleep 10
              /usr/bin/echo "Hello, World" > index.html
              /usr/bin/nohup /usr/bin/busybox httpd -f -p 8080 &

  tags = {
    Name = "terraform-example"

If you wish to change the region, you will also need to change the AMI ID as AMIs are tied to regions.

After executing that successfully, log into your amazon web console, find the instance to find its IP address and go to that in your browser with :8080 on the end.

You should see "Hello World" in your browser. If it doesn't appear, just wait a bit. It takes quite a while before its ready, especially after I had to put in a sleep to make the script work.


Last updated: 6th January 2021
First published: 24th September 2020