Definition

Terraform

By

Rahul Awati
Alexander S. Gillis, Technical Writer and Editor

What is HashiCorp Terraform?

HashiCorp Terraform is an infrastructure as code (IaC) software tool that allows DevOps teams to automate infrastructure provisioning using reusable, shareable, human-readable configuration files. The tool can automate infrastructure provisioning in both on-premises and cloud environments.

infrastructure as code (IaC) features — Infrastructure as code software like HashiCorp's Terraform translates a data center's physical resources, services and discrete configurations into code. This enables IT teams to automatically provision and manage those resources.

Infrastructure as code and Terraform

Infrastructure as code is the practice of provisioning and managing IT infrastructure through programming. In contrast to manual infrastructure management where each required resource is manually configured by a human, IaC allows DevOps teams to programmatically and automatically manage, monitor and provision the resources they need.

Using Terraform, teams can describe and provision all the components of the infrastructure in the form of code. The code resides in configuration (config) files that can be easily shared, reused and versioned. The files help create a consistent workflow to manage the entire cloud or data center infrastructure and its resources throughout their lifecycle.

Terraform's config files are declarative, that is, they describe the infrastructure's end state. The tool itself handles the underlying logic eliminating the need to write step-by-step instructions -- a cumbersome and time-consuming process -- to create the required infrastructure resources.

The files codify the application programming interfaces (APIs) for cloud platforms and other services, making it easy for DevOps teams to do the following:

Provision resources from any cloud provider.
Implement security and compliance guardrails to standardize the infrastructure.
Utilize standardized and reliable workflows for consistent infrastructure provisioning, collaboration and reuse.
Integrate the self-service infrastructure with VCS, ITSM and CI/CD.

Terraform can manage infrastructure components, including compute, storage and networking resources, and high-level components like DNS entries. It can also be used to automate the provisioning of firewall policies, databases and servers. A Cloud Development Kit for Terraform (CDKTF) is available to help teams manage infrastructure with their preferred programming language, including TypeScript, Python, Go, C# and Java.

How Terraform works

Terraform uses APIs to automatically create and manage infrastructure resources. All major cloud providers provide accessible APIs that work with Terraform and enable the tool to create declarative configuration files. These providers are listed in the Terraform Registry. The Registry also lists the modules, policy libraries and tasks that teams can use to quickly deploy common infrastructure configurations and automatically manage them via code.

HashiCorp Terraform screenshot — Terraform allows IT teams to create sustainable infrastructure as code.

Terraform's workflow occurs in three stages. In stage 1 (write), a user defines the required resources in configuration files. These resources may be across multiple on-premises or cloud environments, and multiple providers and services. Once the user reviews and confirms the required stages, the next stage (plan) begins. Here Terraform creates an execution plan describing the actions it will take to create or update the infrastructure.

The user must approve the plan before Terraform will make changes to the infrastructure. After approval, Terraform performs the proposed operations in the given order (stage 3 – apply). It will always check resource dependencies before making changes. For instance, if a user changes the number of VMs in a VPC (virtual private cloud), Terraform will first recreate the VPC and then scale up the VMs.

HashiCorp Terraform screenshot showing the use of modules — IT teams can use modules -- self-contained configuration package (prebuilt or created by the user) -- to streamline the use of Terraform.

Benefits of Terraform

Terraform makes it easy to automate infrastructure provisioning on any cloud or data center. It also tracks all changes in a state file. The file can be committed to a version control system (VCS) and acts as a source of truth for the infrastructure. It thus provides more transparency and prevents unauthorized changes.

Also, Terraform handles the underlying logic when resources are created, removing the need for human input or effort. It also determines resource dependencies with a resource graph and can create or modify nondependent resources in parallel. All of this ensures that resources are provisioned properly, efficiently and in the correct order.

Teams can collaborate and manage Terraform workflows using Terraform Cloud. They can run Terraform in a consistent environment and securely access shared state and secret data. Additionally, they can implement role-based access controls (RBACs) to standardize and secure the infrastructure, and use a private registry to share modules and providers.

HashiCorp Terraform best practices — A few best practices to keep in mind when using HashiCorp Terraform.

Common use cases for Terraform

The most common use case for Terraform is IaC. The infrastructure deployments created with Terraform can be easily integrated with existing CI/CD workflows. The tool is also useful in other ways. For example, teams can use Terraform to automatically update load balancing member pools and other key networking tasks.

Terraform is also useful for multi-cloud provisioning. With Terraform, development teams can deploy serverless functions in AWS, manage Active Directory (AD) resources in Microsoft Azure, and provision load balancers in Google Cloud. They can also use Terraform (with HCP Packer) to create and manage multi-cloud golden image pipelines and deploy and manage multiple virtual machine (VM) images.

Some other use cases for Terraform include the following:

Manage Kubernetes clusters on any public cloud (AWS, Azure, Google).
Enforce policy-as-code before infrastructure components are created and provisioned.
Automate the use of secrets and credentials in Terraform configurations.
Codify existing infrastructure by importing it into an empty Terraform workspace.
Migrate state to Terraform to secure it and easily share it with authorized collaborators.

Terraform editions

Terraform is available in three versions: Open Source, Cloud and Enterprise:

Terraform Open Source

Terraform Open Source is a free tool to adopt IaC and provision infrastructure on any cloud provider. The tool automatically manages configuration, plugins and state, and adds all config files into a VCS to safely manage and track changes. It also includes templates called modules to speed up infrastructure deployment and group it into logically related components.

Terraform Cloud

Terraform Cloud is a SaaS tool that runs in a stable, remote environment and securely stores state and secrets. It provides a rich user interface, RBACs, a private registry and an API to integrate it into existing workflows. Teams can publish their configuration modules (that define approved infrastructure patterns) in the private registry. They can also enforce security rules with the Sentinel embedded policy-as-code framework. The tool connects to common VCS like GitHub, GitLab and Bitbucket. It can be integrated with the Terraform CLI.

Terraform Enterprise

Terraform Enterprise is suitable for teams looking to set up a self-hosted distribution of Terraform Cloud and for organizations with strict security and compliance requirements. This version supports air gapped and active-active architectures and allows private networking. HashiCorp provides dedicated support to set up a private instance of Terraform using Terraform Enterprise.

Explore the differences between Ansible versus Terraform versus Vagrant infrastructure as code automation platforms. Learn how to manage multiple environments with Terraform workspaces. Check out this Terraform Registry tutorial to build and share modules.

This was last updated in August 2023

Continue Reading About Terraform

Terraform cheat sheet: Notable commands, HCL and more

Compare Azure Bicep vs. Terraform to provision infrastructure

Deploy an app on Google Cloud Run with Terraform

Deploy and manage Azure Key Vault with Terraform

How to launch an EC2 instance using Terraform

Dig Deeper on Systems automation and orchestration

Search Software Quality

JetBrains, GitHub add coding agents to IDEs
Coding agents that can take on whole tasks with a natural language prompt are now tied in with widely used IDEs, including a ...
How to create API automation framework for testing
With an increasing need for API testing, having an efficient test strategy is a big concern for testers. Learn about building a ...
How to handle root cause analysis of software defects
Root cause analysis plays a significant role in helping software teams fix defects in applications. Here's how to employ it to ...

Search App Architecture

4 pseudocode examples: Python, Java, JavaScript and C++
Successful pseudocode conversion goes beyond simply making the code work. It's about creating implementations that respect each ...
Using AI and machine learning for APM
Discover how organizations can streamline operations and improve operational analytics by using AI and machine learning in their ...
My first attempt at vibe coding
Can you teach an old programming dog a new trick?

Search Cloud Computing

A snapshot of Oracle AI in the cloud market
Oracle AI is riding recent success in the cloud market. Can Oracle Cloud Infrastructure rise to become a standard in enterprise ...
What does a cloud network engineer do?
A cloud network engineer juggles a number of responsibilities -- from network design and troubleshooting to learning about ...
5 strategies to address the cloud skills gap
There seems to be no end in sight to the cloud skills gap, given the pace of innovation and new offerings. Learn how ...

Search AWS

Compare Datadog vs. New Relic for IT monitoring in 2024
Compare Datadog vs. New Relic capabilities including alerts, log management, incident management and more. Learn which tool is ...
AWS Control Tower aims to simplify multi-account management
Many organizations struggle to manage their vast collection of AWS accounts, but Control Tower can help. The service automates ...
Break down the Amazon EKS pricing model
There are several important variables within the Amazon EKS pricing model. Dig into the numbers to ensure you deploy the service ...

TheServerSide.com

Asynchronous programming in Python tutorial
Asynchronous programming in Python improves efficiency for I/O-bound applications, but it's not a performance cure-all. Here's ...
How developers can benefit from AI in job hiring
Companies increasingly rely on AI in job recruitment and hiring. Here's what software engineers must know to get seen and get ...
A developer's guide to thrive vs. AI in coding
Will AI replace software developers? No, if humans focus on what they can do best and AI can't: experienced analysis, imagination...

Search Data Center

Google Cloud Platform adds WAN and on-premises AI services
A handful of infrastructure announcements for the Google Cloud Platform debut at Next 2025 including a Cloud WAN service, ...
The state of quantum computing: What businesses need to know
Quantum computing's potential and steady advancement make the technology worth investigating, but adopters still need to deal ...
Broadcom VMware hardens vDefend, drops Tanzu branding in VCF
The VMware Cloud Foundation private cloud platform sheds the Tanzu branding for Kubernetes and adds new capabilities to vDefend, ...

Close