Terraform
๐ INSTALL TERRAFORM ON macOS (100% working)
You have two options:
โ
OPTION 1 โ Install Terraform using Homebrew (RECOMMENDED)
Step 1: Update Homebrew
brew update
Step 2: Install Terraform
brew tap hashicorp/tap
brew install hashicorp/tap/terraform
Step 3: Verify the installation
terraform -version
You should see something like:
Terraform v1.7.x
๐งน OPTION 2 โ Manual Installation for Mac
Step 1: Download Terraform
Go to:
https://developer.hashicorp.com/terraform/downloads
Download:
macOS 64-bit .zip file
Step 2: Unzip
Double-click the .zip โ you will get a single file:
terraform
Step 3: Move Terraform binary to /usr/local/bin
Run:
sudo mv terraform /usr/local/bin/
sudo chmod +x /usr/local/bin/terraform
Step 4: Verify:
terraform -version
Done.
๐ช INSTALL TERRAFORM ON WINDOWS
You can install Terraform in two ways.
โ
OPTION 1 โ Install Terraform using Chocolatey (BEST)
Step 1 โ Install Chocolatey (if not installed)
Open PowerShell as Administrator
Run:
Set-ExecutionPolicy Bypass -Scope Process -Force; `
[System.Net.ServicePointManager]::SecurityProtocol = `
[System.Net.ServicePointManager]::SecurityProtocol `
-bor 3072; `
iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1'))
Step 2 โ Install Terraform
choco install terraform -y
Step 3 โ Verify
terraform -version
Done.
๐งน OPTION 2 โ Manual Installation for Windows
Step 1 โ Download Terraform
Visit:
https://developer.hashicorp.com/terraform/downloads
Download:
Windows 64-bit .zip
Step 2 โ Unzip
You get:
terraform.exe
Step 3 โ Move it to system PATH
Create a folder:
C:terraform
Move terraform.exe into that folder.
Step 4 โ Add to PATH
- Open Control Panel
- Click System
- Click Advanced system settings
- Click Environment Variables
- Under System Variables, find Path
- Click Edit
- Click New
- Add:
C:terraform
Save & close.
Step 5 โ Verify
Open new PowerShell:
terraform -version
Done.
๐ Terraform is installed on both systems!
๐ฑ ** What is Terraform? **
Terraform is:
- IaC โ Infrastructure as Code
- Declarative tool โ you write WHAT you want, Terraform decides HOW to build it
- Cloud-agnostic โ AWS, Azure, GCP, Kubernetes, GitHub, Datadog, Cloudflare, etc.
Terraform workflow:
Write โ Plan โ Apply โ Destroy
State file:
terraform.tfstate
Holds the real world infrastructure state.
Terraform compares:
desired (your code) vs real (state)
And creates an execution plan.
๐ฑ ** Basic Concepts**
1๏ธโฃ Providers
Example: AWS provider.
provider "aws" {
region = "us-east-1"
}
2๏ธโฃ Resources
The objects Terraform creates.
resource "aws_instance" "web" {
ami = "ami-123"
instance_type = "t2.micro"
}
3๏ธโฃ Variables
Reusable values.
variable "region" {
default = "us-east-1"
}
4๏ธโฃ Outputs
Show results after apply.
output "public_ip" {
value = aws_instance.web.public_ip
}
5๏ธโฃ Terraform commands
terraform init
terraform validate
terraform plan
terraform apply
terraform destroy
๐ฟ ** State Management**
State is the MOST important Terraform concept.
Local state:
Stored at:
terraform.tfstate
Remote state:
Recommended for teams.
Example: S3 + DynamoDB lock
terraform {
backend "s3" {
bucket = "tf-state-1234"
key = "prod/terraform.tfstate"
region = "us-east-1"
dynamodb_table = "terraform-lock"
encrypt = true
}
}
Benefits:
- Team collaboration
- State locking
- No corruption
- Secure
๐ฟ *Terraform Best Practices *
๐ 1 โ Use .tfvars for environment values
dev.tfvars
prod.tfvars
๐ 2 โ Use modules (DRY code)
Modules = reusable infrastructure blocks.
Directory structure:
modules/
vpc/
ec2/
s3/
envs/
dev/
prod/
Real module example:
module "vpc" {
source = "../modules/vpc"
cidr = "10.0.0.0/16"
}
๐ 3 โ Use workspaces (optional)
terraform workspace new dev
terraform workspace select dev
๐ 4 โ Follow naming standards
๐ณ ** Intermediate (4โ5 Years DevOps Experience)**
At this level you must understand:
โ๏ธ 1 โ Terraform modules (deep)
Reusable infrastructure packages.
Module structure:
modules/vpc
main.tf
outputs.tf
variables.tf
versions.tf
Module example:
module "eks" {
source = "terraform-aws-modules/eks/aws"
cluster_name = "my-eks"
cluster_version = "1.29"
subnets = module.vpc.private_subnets
}
โ๏ธ 2 โ Terraform Lifecycle Rules
resource "aws_security_group" "sg" {
lifecycle {
create_before_destroy = true
prevent_destroy = false
ignore_changes = [tags]
}
}
Used to avoid outages and control recreations.
โ๏ธ 3 โ Data sources
Read existing resources:
data "aws_ami" "ubuntu" {
most_recent = true
owners = ["099720109477"]
}
โ๏ธ 4 โ Managing secrets (VERY IMPORTANT)
DO NOT store passwords in Terraform.
Use:
- AWS Secrets Manager
- SSM Parameter Store
- Vault
Example:
data "aws_ssm_parameter" "db_password" {
name = "/prod/db/password"
}
โ๏ธ 5 โ Integrating Terraform in CI/CD
Typical pipeline:
terraform fmt โ terraform validate โ terraform plan โ terraform apply
Using tools:
- GitHub Actions
- GitLab CI
- Jenkins
- Azure DevOps
Pipeline best practice:
- No one runs
terraform applymanually - Only pipeline applies to PROD
- PR triggers plan output
โ๏ธ 6 โ Terraform Import
Import existing resources:
terraform import aws_s3_bucket.mybucket mybucket-name
THEN you write the code for it.
โ๏ธ 7 โ Terraform Workspaces (when to use and when not)
Use workspaces for:
- Small projects
- Quickly switching environments
Do NOT use workspaces for:
- Large teams
- Lots of environments
Better: separate folders or separate state files.
๐ณ ** Advanced DevOps (5โ6 Years)**
At this level you must know:
๐ 1 โ Terraform Architecture for Large Organizations
You must be able to design:
- Multi-account AWS structure
- Shared VPC
- Shared modules
- Remote state separation
- State locking
- IAM permissions per team
Example enterprise layout:
terraform/
global/
network/
platform/
environments/
dev/
prod/
modules/
๐ 2 โ Terraform with Terragrunt
Terragrunt solves:
- Duplicate code
- DRY principle
- Remote state automatically
- Module versioning
Terragrunt structure:
live/
prod/
vpc/
eks/
dev/
modules/
๐ 3 โ Policy as Code (OPA + Sentinel)
Used to enforce rules such as:
- No public S3
- No
0.0.0.0/0 - Mandatory tags
- Only approved instance types
Terraform Cloud uses Sentinel
Local workflows can use OPA Conftest:
Example:
deny[msg] {
input.resource.aws_security_group[*].ingress[*].cidr_blocks[_] == "0.0.0.0/0"
}
๐ 4 โ Terraform for Kubernetes (Helm + EKS)
Terraform can:
- Create cluster
- Create IAM roles
- Install Helm charts
- Manage namespaces
- Deploy OPA Gatekeeper
- Deploy Argo CD
๐ 5 โ Terraform for Serverless
Terraform manages:
- Lambda
- API Gateway
- DynamoDB
- Step Functions
- EventBridge
- SQS/SNS
๐ 6 โ Troubleshooting (Senior Level)
You must know how to solve:
โ Drift
Infrastructure changed manually.
Fix:
terraform plan
terraform refresh
โ State corruption
Fix with:
- backup state
- remote state repair
โ Orphaned resources
Caused by deleting from code only.
๐ LEVEL 6 โ Senior DevOps Knowledge (Interview Answers)
Hereโs how you answer:
Q: How do you structure Terraform in your organization?
Senior answer:
I design Terraform using a modular approach with separate state files per environment, stored in S3 with DynamoDB locking.
Each environment has its own pipeline that runs fmt, validate, plan, and apply.
Sensitive variables come from Secrets Manager.
We enforce security rules using OPA/Conftest, and we use Terragrunt to avoid repetitive code and manage multiple accounts.
Q: How do you handle Terraform state in a team?
We use remote S3 backend with DynamoDB locking.
CI/CD pipelines control all changes, and no one applies manually.
State is encrypted with SSE-KMS.
We use versioned state and tags for tracking deployments.
Q: How do you create reusable infrastructure?
Using modules with versioning, stored in a shared Git repository.
Each module includes variables, outputs, documentation, and examples.
Q: How do you prevent security issues in Terraform?
Using OPA Gatekeeper, Conftest, and Sentinel policies to detect public resources, uncontrolled IAM privileges, and missing encryption.
