1.01 Terraform: Installation & Introduction
Overview
Terraform is an open-source Infrastructure as Code (IaC) tool by HashiCorp that provisions and manages cloud and on-premise resources using a declarative configuration language called HCL.
Abstract
Terraform lets you define infrastructure as code using .tf files written in HCL (HashiCorp Configuration Language). A single binary handles everything — no agents, no daemons. It supports hundreds of providers across AWS, GCP, Azure, and on-premise platforms, making it the de facto standard for multi-cloud IaC.
Why It Matters in Production
Infrastructure managed manually is error-prone and difficult to reproduce. Terraform solves this by codifying your infrastructure, enabling version control, peer review, automated pipelines, and repeatable deployments across environments.
Key Concepts
| Concept | Description |
|---|---|
| HCL | HashiCorp Configuration Language — declarative, human-readable syntax |
| Resource | An object Terraform manages (VM, bucket, IAM user, DNS record, etc.) |
.tf file |
Configuration file containing resource definitions |
| Provider | Plugin that interfaces with a cloud or service API (AWS, GCP, Azure, etc.) |
| State | Terraform's record of what it has deployed (terraform.tfstate) |
| Plan | Preview of changes before applying (terraform plan) |
Installation
Terraform ships as a single static binary. No dependencies required.
Expected output after install:
Note
All examples in this course use Terraform v0.13 on Linux. Commands and syntax may differ slightly on newer versions. Always pin the version in production pipelines.
Resource Basics
A resource is anything Terraform creates and manages. Resources are declared in .tf files using HCL syntax.
Resource Syntax
Example — AWS EC2 Instance (aws.tf)
aws_instance→ provider (aws) + resource type (instance)"webserver"→ local name used to reference this resource within the configamiandinstance_type→ arguments specific to this resource type
Resource Types Covered in This Course
Early sections use simple, easy-to-understand resources to build foundational knowledge:
| Resource | Purpose |
|---|---|
local_file |
Creates a file on the local filesystem |
random_pet |
Generates a random pet name (useful for testing) |
Later sections introduce real-world resources: EC2 instances, S3 buckets, IAM users/groups/policies, DynamoDB tables, GCP Compute, Azure databases, and more.
HCL Configuration Files
- Files use the
.tfextension - Can be created in any text editor: Notepad++, VS Code, Vim, Emacs, etc.
- Multiple
.tffiles in the same directory are merged by Terraform at runtime - HCL is declarative — you describe the desired end state, not the steps to get there
Supported Platforms
| Platform | Supported |
|---|---|
| Linux (amd64, arm) | ✅ |
| macOS | ✅ |
| Windows | ✅ |
Note
Course labs run on Linux. If you're on Windows or macOS, behaviour is identical for HCL/Terraform logic, but file paths and shell commands may differ.
Best Practices
Best Practices
- Pin the Terraform version in all projects using a
required_versionconstraint interraformblock. - Store state remotely (S3 + DynamoDB, Terraform Cloud) — never commit
terraform.tfstateto version control. - Split resources into separate
.tffiles by concern (e.g.network.tf,compute.tf,iam.tf). - Always run
terraform planbeforeterraform applyin production. - Use a CI/CD pipeline to automate plan/apply with approvals.
Security Best Practices
Security
- Never hardcode AWS credentials or secrets in
.tffiles — use environment variables, IAM roles, or HashiCorp Vault. - Apply least-privilege IAM policies to the identity running Terraform.
- Enable state encryption at rest (e.g. S3 server-side encryption + KMS).
- Use
terraform planoutput as a pull request artifact for peer review before anyapply. - Scan
.tffiles with tools like tfsec or Checkov in CI pipelines.
Do and Don't
| ✅ Do | ❌ Don't |
|---|---|
| Pin Terraform version per project | Use whatever version happens to be installed |
| Use remote state with locking | Commit terraform.tfstate to Git |
Use terraform plan before every apply |
Run terraform apply blind in production |
| Store secrets in Vault or Secrets Manager | Hardcode credentials in .tf files |
Organise resources across multiple .tf files |
Dump everything into one massive main.tf |
Common Mistakes
Common Mistakes
- Binary not in PATH —
terraform: command not foundafter install. Fix: confirm/usr/local/binis in$PATHwithecho $PATH. - Wrong AMI ID for region — AMIs are region-specific. An AMI from
us-east-1won't work ineu-west-1. - Forgetting
terraform init— must be run beforeplanorapplyto download providers and initialise the working directory. - Editing state manually — never edit
terraform.tfstateby hand; useterraform statesubcommands.
Troubleshooting
# Check installed version
terraform version
# Confirm binary is accessible
which terraform
# Re-initialise working directory (safe to re-run)
terraform init
# Validate HCL syntax without connecting to any provider
terraform validate
# Preview changes without applying
terraform plan
Quick Recap
- Terraform is a single binary — download, unzip, move to PATH, done.
- Infrastructure is defined in
.tffiles using HCL (declarative syntax). - A resource is anything Terraform manages: files, VMs, buckets, IAM users, DNS records, etc.
- Early course examples use
local_fileandrandom_petto teach core concepts before moving to cloud resources. - HCL files can be edited in any text editor and have a
.tfextension. - This course targets Terraform v0.13 on Linux.
Interview / Revision Notes
Quick Revision
- What language does Terraform use? HCL — HashiCorp Configuration Language (declarative).
- What is a resource in Terraform? Any object Terraform creates and manages (VM, bucket, IAM policy, file, etc.).
- What file extension do Terraform configs use?
.tf - How do you install Terraform? Download the binary, unzip, move to system PATH.
- What command checks the installed version?
terraform version - What must you run before
planorapply?terraform init - What is Terraform state? A file (
terraform.tfstate) tracking the real-world resources Terraform manages.