Terraform is a client tool used to manage IT resources. You can use commands in Terraform to manage all resources. This topic describes the common commands used for resource management and state management.

Common commands for resource management

Resource management in Terraform mainly involves managing the resource lifecycle. You can run commands to create, modify, view, and delete resources defined in the Terraform template.
  • terraform plan: previews resources
    The plan command is used to preview the resources defined in the template. It can be used in the following scenarios:
    • Preview whether the resources defined in the current template meet your management expectations. This is similar to Markdown preview.
    • If the corresponding state file exists in the current template, the plan command displays the diff results for definitions in the template and state file. If there is any change, the results are displayed.
    • For data sources, you can run the plan command to obtain and display the resources you want to query and their properties.
  • terraform apply: creates and modifies resources

    The apply command is used to create or modify actual resources. For security, manual interaction is added during command execution. You must manually confirm whether to continue the command. You can also add the --auto-approve parameter to skip the manual confirmation process.

    The apply command is applicable to the following scenarios:
    • Create resources.
    • Modify resource properties by modifying template parameters.
    • If you delete the definition of a resource from the current template, the apply command will completely delete the resource. Deleting resources is also a kind of modification.
  • terraform show: displays resources

    The show command is used to display all the managed resources and their property values in the current state.

  • terraform destroy: releases resources

    The destroy command is used to release resources. For security, manual interaction is added during command execution. You must manually confirm whether to continue the command. You can also add the --force parameter to skip the manual confirmation process.

    By default, the terraform destroy command releases all resources defined in the current template. If you only want to release a specified resource, you can add the -target = <Resource type>.<Resource name> parameter.

  • terraform import: imports resources
    The import command is used to import existing cloud resources to the terraform state and then add them to the Terraform management system. The import command is applicable to the following scenarios:
    • The web console, Alibaba Cloud CLI, ROS, or APIs have been used before to create and manage existing resources. Now you want to switch to Terraform.
    • Rebuild resource definitions in the template without affecting the use of resources.
    • Alibaba Cloud providers will support more parameters for resources defined in the original template after compatibility upgrades. You must synchronize the newest parameters.
    Note For more information about how to use the import command to manage existing resources, see Solutions for management problems with existing cloud resources.
  • terraform taint: marks a resource as tainted

    The taint command is used to mark a resource as tainted. When you run the apply command later, the tainted resource will be released first and then a new one is created. This is equivalent to deleting a resource before creating a new one.

    The complete command format is terraform taint <Resource type>.<Resource name>.
    $ terraform taint alicloud_vswitch.this
    Resource instance alicloud_vswitch.this has been marked as tainted.
  • terraform untaint: cancels the tainted marker
    The untaint command is the inverse of the taint command and is used to cancel the tainted marker. The complete command format is similar to that of the taint command: terraform untaint <Resource type>.<Resource name>.
    $ terraform untaint alicloud_vswitch.this
    Resource instance alicloud_vswitch.this has been successfully untainted.
  • terraform output: prints parameters and their values
    If the output parameter is defined in the template, the output value will be displayed after you run the apply command, but not when you run the plan command. To view the output value anytime, you can run the terraform output command.
    $ terraform output
    vswitchId = vsw-gw8gl31wz********

Common commands for state management

State management in Terraform involves managing data in the state file. The state file stores all resources and their properties managed by Terraform. The data is automatically stored by Terraform. To ensure data integrity, we recommend that you do not manually modify data in the state file. You can use the terraform state commands to manage data in the state file.

  • terraform state list: displays all resources in the current state file
    The state list command is used to display all resources (including data sources) in the current state file in the <Resource type>.<Resource name> format.
    $ terraform state list
    data.alicloud_slbs.default
    alicloud_vpc.default
    alicloud_vswitch.this
  • terraform state show: displays the properties of a resource
    The state show command is used to display all the properties and their values of a specified resource in the key-value format. The complete command format is terraform state show <Resource type>.<Resource name>.
    $ terraform state show alicloud_vswitch.this
    # alicloud_vswitch.this:
    resource "alicloud_vswitch" "this" {  
        availability_zone = "eu-central-1a"
        cidr_block        = "172.16.0.0/24"
        id                = "vsw-gw8gl31wz******"
        vpc_id            = "vpc-gw8calnzt*******"
    }
  • terraform state pull: obtains and displays data in the current state file
    The state pull command is used to display data in the current state. This command is similar to the cat command in Cloud Shell.
    $ terraform state pull
    {
        "version": 4,
        "terraform_version": "0.12.8",
        "serial": 615, 
        "lineage": "39aeeee2-b3bd-8130-c897-2cb8595cf8ec", 
        "outputs": {
            ***
        }
      }, 
    "resources": [
        {     
            "mode": "data",    
            "type": "alicloud_slbs",     
            "name": "default",     
            "provider": "provider.alicloud",
              ***
        },
        {     
            "mode": "managed",    
            "type": "alicloud_vpc",     
            "name": "default",    
            "provider": "provider.alicloud",
              ***
        }
      ]
    }
  • terraform state rm: removes a specified resource
    The state rm command is used to remove a resource from the state file. The resource is not deleted. The complete command format is terraform state rm <Resource type>.<Resource name>.
    $ terraform state rm alicloud_vswitch.this
    Removed alicloud_vswitch.this
    Successfully removed 1 resource instance(s).

    If the template content remains unchanged after the resource is removed from the state file, you can run the apply command to add the same resource. You can run the import command to add the removed resource to the state file again.

  • terraform state mv: changes the storage path of a specified resource
    The state mv command is used to change the state file where a resource is located. This command is similar to the mv command in Cloud Shell. You can add multiple parameters in this command. Run the terraform state mv --help to show details about the parameters. The most commonly used format is terraform state mv --state=./terraform.tfstate --state-out=<target path>/terraform-target.tfstate <Resource type>.<Resource name A> <Resource type>.<Resource name B>.
    $ terraform state mv --state-out=../tf.tfstate alicloud_vswitch.this alicloud_vswitch.default
    Move "alicloud_vswitch.this" to "alicloud_vswitch.default"
    Successfully moved 1 object(s)

    For this example, the --state=./terraform.tfstate parameter is omitted. The results of the example: The VSwitch resource is moved from the current state file to the tf.tfstate state file in the upper-layer directory and the VSwitch resource name is changed from "this" to "default".

  • terraform refresh: refreshes the current state file

    The refresh command is used to refresh the current state file. The command calls the API again and pulls and writes the latest data to the state file.

Other common commands

Some other commands are commonly used for templates and providers.

  • terraform init: initializes Terraform configuration files

    The init command is used to initialize Terraform configuration files, such as the configuration files for loaded providers, provisioners, and modules.

  • terraform graph: generates a relational graph of resources defined in the current template
    Resources defined in a template are related to each other. The terraform graph command is used to generate a relational graph of resources defined in the current template.
    $ terraform graph
    digraph {
            compound = "true"
            newrank = "true"
            subgraph "root" {
                    "[root] alicloud_vpc.default" [label = "alicloud_vpc.default", shape = "box"]
                    "[root] alicloud_vswitch.this" [label = "alicloud_vswitch.this", shape = "box"]             
                    ******
                    "[root] output.vswitchId" -> "[root] alicloud_vswitch.this"
                    "[root] provider.alicloud (close)" -> "[root] alicloud_vswitch.this"
                    ******
                    "[root] root" -> "[root] provider.alicloud (close)"
            }
    }                 
    You can run the terraform graph | dot -Tsvg > graph.svg command to directly export the output of this command to an image. To do this, you must run the brew install graphviz command to install Graphviz first. graph_img
  • terraform validate: checks whether the template syntax is correct

    Terraform templates must follow a set of simple syntax specifications defined in Terraform. If you want to check whether a template has syntax errors or if syntax errors are reported when you run the plan or apply command, you can run the terraform validate command to check and locate the locations and causes of errors.