Essential Terraform Commands Reference

Posted on Oct 20, 2025 in Computers

Get Help

  • terraform -help — Get a list of available commands for execution with descriptions. This can be used with any other subcommand to get more information.
  • terraform fmt -help — Display help options for the fmt command.

Show Your Terraform Version

  • terraform version — Shows the current version of Terraform and notifies you if a newer version is available for download.

Format Your Terraform Code

This should be the first command you run after creating your configuration files to ensure your code is formatted using the HCL standards. This makes the code easier to follow and aids collaboration.

  • terraform fmt — Format your Terraform configuration files using the HCL language standard.
  • terraform fmt --recursive — Also formats files located in subdirectories.
  • terraform fmt --diff — Displays differences between original configuration files and formatting changes.
  • terraform fmt --check — Useful in automation CI/CD pipelines. The --check flag ensures configuration files are formatted correctly; if not, the exit status will be non-zero. If files are formatted correctly, the exit status will be zero.

Initialize Your Directory

  • terraform init — Prepares the working directory for use with Terraform by performing Backend Initialization, Child Module Installation, and Plugin Installation.
  • terraform init -get-plugins=false — Initializes the working directory but does not download plugins.
  • terraform init -lock=false — Initializes the working directory without holding a state lock during backend migration.
  • terraform init -input=false — Initializes the working directory and disables interactive prompts.
  • terraform init -migrate-state — Reconfigures a backend and attempts to migrate any existing state.
  • terraform init -verify-plugins=false — Initializes the working directory but does not verify plugins for the HashiCorp signature.

See our detailed rundown of the terraform init command!

Download and Install Modules

Note: This is usually not required as module installation is part of the terraform init command.

  • terraform get — Downloads and installs modules needed for the configuration.
  • terraform get -update — Checks the versions of already installed modules against available modules and installs newer versions if available.

Validate Your Terraform Code

  • terraform validate — Validates the configuration files in your directory. It does not access any remote state or services. terraform init should be run before this command.
  • terraform validate -json — Outputs validation results in JSON format, making it easier to parse the number of errors and warnings.

Learn how to validate your configuration locally.

Plan Your Infrastructure

  • terraform plan — Generates an execution plan, showing you what actions will be taken without actually performing the planned actions.
  • terraform plan -out=<path> — Saves the plan file to a given path. This file can then be passed to the terraform apply command.
  • terraform plan -destroy — Creates a plan to destroy all managed objects instead of performing usual creation/update actions.

Deploy Your Infrastructure

  • terraform apply — Creates or updates infrastructure based on the configuration files. By default, a plan is generated first and requires approval before application.
  • terraform apply -auto-approve — Applies changes without requiring interactive confirmation (‘yes’). Useful in automated CI/CD pipelines.
  • terraform apply <planfilename> — Provides the file generated using the terraform plan -out command. If provided, Terraform executes the actions in the plan without confirmation prompts.
  • terraform apply -lock=false — Does not hold a state lock during the apply operation. Use with caution if other engineers might run concurrent commands against the same workspace.
  • terraform apply -parallelism=<n> — Specifies the number of operations to run in parallel.
  • terraform apply -var="environment=dev" — Passes in a variable value.
  • terraform apply -var-file="varfile.tfvars" — Passes in variables contained within a file.
  • terraform apply -target="module.appgw.0" — Applies changes only to the targeted resource.

Destroy Your Infrastructure

  • terraform destroyDestroys the infrastructure managed by Terraform.
  • terraform destroy -target="module.appgw.0" — Destroys only the targeted resource.
  • terraform destroy --auto-approve — Destroys the infrastructure without requiring interactive confirmation (‘yes’). Useful in automated CI/CD pipelines.
  • terraform destroy -target="module.appgw.resource[\"key\"]" — Destroys an instance of a resource created using for_each.

Taint or Untaint Your Resources

Use the taint command to mark a resource instance as compromised or needing replacement. Terraform will delete and re-create it on the next apply.

  • terraform taint vm1.name — Taints a specified resource instance.
  • terraform untaint vm1.name — Untaints an already tainted resource instance.

Refresh the State File

  • terraform refresh — Modifies the state file with updated metadata reflecting the current real-world state of managed resources. This command will not modify your infrastructure.

View Your State File

  • terraform show — Shows the state file content in a human-readable format.
  • terraform show <path to statefile> — Shows a specific state file by providing its path. If no path is provided, the current state file is shown.

Manipulate Your State File

The terraform state command requires one of the following subcommands to manipulate the state file:

  • terraform state list — Lists all resources tracked in the current state file.
  • terraform state mv — Moves an item in the state. This is useful when renaming a resource, e.g., terraform state mv vm1.oldname vm1.newname.
  • terraform state pull > state.tfstate — Retrieves the current state and outputs it to a local file.
  • terraform state push — Updates the remote state using a local state file.
  • terraform state replace-provider hashicorp/azurerm customproviderregistry/azurerm — Replaces a provider, useful when switching to a custom provider registry.
  • terraform state rm — Removes the specified instance from the state file. Useful when a resource has been manually deleted outside of Terraform.
  • terraform state show <resourcename> — Shows the specified resource details within the state file.

Import Existing Infrastructure into State

  • terraform import vm1.name -i id123 — Imports a VM with ID id123 into the configuration defined in the configuration files under vm1.name.