Terraformcloud~30 mins

Auto-approve flag and its danger in Terraform - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Auto-approve Flag and Its Danger

📖 Scenario: You are managing infrastructure using Terraform. Terraform lets you apply changes to your cloud resources. There is a special flag called -auto-approve that skips the confirmation step before applying changes.Using this flag can be risky because it applies changes immediately without asking you to double-check. This can cause accidental changes or deletions.

🎯 Goal: You will create a simple Terraform configuration for an AWS S3 bucket. Then you will add a variable to control whether to use the -auto-approve flag. Finally, you will write a script snippet that applies Terraform changes safely without using -auto-approve by default.

📋 What You'll Learn

Create a Terraform configuration file for an AWS S3 bucket

Add a variable to control the use of the auto-approve flag

Write a shell script snippet that applies Terraform changes

Ensure the script does not use auto-approve by default

💡 Why This Matters

🌍 Real World

Terraform is widely used to manage cloud infrastructure. The auto-approve flag can speed up deployments but can cause accidental resource changes if used carelessly.

💼 Career

Understanding how to safely apply infrastructure changes with Terraform is essential for cloud engineers and DevOps professionals to avoid costly mistakes.

Progress0 / 4 steps

Create Terraform configuration for an AWS S3 bucket

Create a file named main.tf with a resource block for an AWS S3 bucket named exactly my-example-bucket. Use the resource type aws_s3_bucket and set the bucket attribute to "my-example-bucket".

Terraform

# Create the aws_s3_bucket resource named my-example-bucket
# Your code here

Need a hint?

Use the resource keyword, resource type aws_s3_bucket, and name my_example_bucket. Set the bucket attribute to "my-example-bucket".

Add a variable to control auto-approve flag

In the same main.tf file, add a Terraform variable named auto_approve of type bool with a default value of false. This variable will control whether to use the auto-approve flag.

Terraform

resource "aws_s3_bucket" "my_example_bucket" {
  bucket = "my-example-bucket"
}

# Add variable auto_approve here
# Your code here

Need a hint?

Use the variable block with name auto_approve. Set type = bool and default = false.

Write a shell script snippet to apply Terraform changes

Create a shell script snippet that runs terraform apply. Use the variable auto_approve to decide if the -auto-approve flag should be added. The script should use terraform apply without -auto-approve if auto_approve is false.

Terraform

resource "aws_s3_bucket" "my_example_bucket" {
  bucket = "my-example-bucket"
}

variable "auto_approve" {
  type    = bool
  default = false
}

# Add shell script snippet below
# Your code here

Need a hint?

Use a shell if statement to check if TF_VAR_auto_approve equals true. Run terraform apply -auto-approve if true, else run terraform apply.

Complete the Terraform setup with provider configuration

Add the AWS provider block to main.tf with region set to us-east-1. This completes the Terraform configuration to deploy the S3 bucket safely.

Terraform

resource "aws_s3_bucket" "my_example_bucket" {
  bucket = "my-example-bucket"
}

variable "auto_approve" {
  type    = bool
  default = false
}

# Add AWS provider block below
# Your code here

# Shell script snippet
if [ "$TF_VAR_auto_approve" = "true" ]; then
  terraform apply -auto-approve
else
  terraform apply
fi

Need a hint?

Add a provider "aws" block with region = "us-east-1" at the top of main.tf.