Archives for Terraform
Does sensitive = true Fully Protect Your Data in Terraform?
Does sensitive = true Fully Protect Your Data in Terraform? Marking a Terraform variable or output as sensitive = true is a useful safety measure, but it is widely misunderstood. It does not provide complete protection for your secrets. Here is exactly what it does and does not do. What…
Terraform create_before_destroy Lifecycle Rule Explained
Terraform create_before_destroy Lifecycle Rule Explained When Terraform needs to replace a resource (destroy and recreate), it follows a specific order. Understanding the create_before_destroy lifecycle rule helps you avoid downtime during infrastructure updates. Default Behavior: Destroy Then Create By default, when a resource needs to be replaced, Terraform: Destroys the old…
How to Migrate Terraform State from Local to a Remote Backend
How to Migrate Terraform State from Local to a Remote Backend When you first start with Terraform, state is stored locally in As your team grows, you need to migrate to a remote backend for collaboration, security, and state locking. Why Migrate to a Remote Backend? Enables team collaboration —…
What is the Purpose of a null_resource in Terraform?
What is the Purpose of a null_resource in Terraform? A null_resource is a special Terraform resource that does not manage any real cloud infrastructure. Instead, it acts as a placeholder to trigger side effects — like running scripts or commands — at the right point in the Terraform lifecycle. When…
Terraform Workspaces vs Separate Directories: Which is Better for Dev/Prod?
Terraform Workspaces vs Separate Directories: Which is Better for Dev/Prod? Managing multiple environments like Dev, Staging, and Production is one of the most common Terraform challenges. You have two main approaches: Workspaces and Separate Directories. Here is how they differ and when to use each. Terraform Workspaces Workspaces allow multiple…
How to Handle Secrets in Terraform Without Hardcoding Them
How to Handle Secrets in Terraform Without Hardcoding Them Hardcoding secrets like passwords, API keys, or tokens directly in .tf files is a critical security mistake. This guide covers the right ways to manage secrets in Terraform. What NOT to Do # NEVER do this — secrets committed to version…
What Happens If You Manually Delete a Resource in the Cloud Console?
What Happens If You Manually Delete a Resource in the Cloud Console? Manually deleting a cloud resource outside of Terraform — such as via the AWS Console, Azure Portal, or GCP Console — creates a situation called configuration drift. Understanding how Terraform handles this is critical for maintaining infrastructure integrity.…
When Should You Explicitly Use depends_on in Terraform?
When Should You Explicitly Use depends_on in Terraform? Terraform automatically builds a dependency graph by analyzing resource references in your code. In most cases, you never need to declare dependencies manually. But there are specific scenarios where depends_on is necessary. How Implicit Dependencies Work When one resource references another, Terraform…
How to Recover from a Corrupted Terraform State File
How to Recover from a Corrupted Terraform State File The Terraform state file () is the single source of truth for your managed infrastructure. A corrupted or lost state file is one of the most critical incidents you can face. Here is how to handle it. Prevention First: Enable Remote…
Terraform count vs for_each: Which is Better for Dynamic Resources?
Terraform count vs for_each: Which is Better for Dynamic Resources? When creating multiple instances of a resource in Terraform, you have two options: count and for_each. Knowing when to use each one is a key concept for writing reliable, maintainable infrastructure code. Using count count creates resources using a numeric…
