Terraformcloud~10 mins

Integration testing strategies in Terraform - Commands & Configuration

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Introduction

Integration testing in Terraform helps ensure that multiple infrastructure components work together correctly. It checks that resources connect and behave as expected when combined, preventing issues before deployment.

When you want to verify that a network and a virtual machine can communicate properly after deployment.

When you need to confirm that a database and an application server are correctly linked and accessible.

When you want to test that security groups and firewall rules allow the right traffic between services.

When you want to validate that a load balancer distributes traffic correctly to backend instances.

When you want to ensure that infrastructure changes do not break existing resource dependencies.

Config File - main.tf

main.tf

terraform {
  required_version = ">= 1.3.0"
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 4.0"
    }
  }
}

provider "aws" {
  region = "us-east-1"
}

resource "aws_vpc" "test_vpc" {
  cidr_block = "10.0.0.0/16"
  tags = {
    Name = "test-vpc"
  }
}

resource "aws_subnet" "test_subnet" {
  vpc_id            = aws_vpc.test_vpc.id
  cidr_block        = "10.0.1.0/24"
  availability_zone = "us-east-1a"
  tags = {
    Name = "test-subnet"
  }
}

resource "aws_security_group" "test_sg" {
  name        = "test-sg"
  description = "Allow SSH and HTTP"
  vpc_id      = aws_vpc.test_vpc.id

  ingress {
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  ingress {
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }

  tags = {
    Name = "test-sg"
  }
}

resource "aws_instance" "test_instance" {
  ami                    = "ami-0c94855ba95c71c99"
  instance_type          = "t2.micro"
  subnet_id              = aws_subnet.test_subnet.id
  vpc_security_group_ids = [aws_security_group.test_sg.id]
  tags = {
    Name = "test-instance"
  }
}

This Terraform file creates a simple AWS setup for integration testing:

VPC: A private network for resources.
Subnet: A smaller network segment inside the VPC.
Security Group: Rules to allow SSH and HTTP traffic.
Instance: A virtual machine inside the subnet using the security group.

This setup allows testing connectivity and resource interaction.

Commands

Initializes Terraform in the current directory, downloading required providers and preparing the environment.

Terminal

terraform init

Expected OutputExpected

Initializing the backend... Initializing provider plugins... - Finding hashicorp/aws versions matching "~> 4.0"... - Installing hashicorp/aws v4.60.0... - Installed hashicorp/aws v4.60.0 (signed by HashiCorp) Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure.

Shows the planned changes Terraform will make to create the infrastructure defined in the config file.

Terminal

terraform plan

Expected OutputExpected

An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # aws_vpc.test_vpc will be created + resource "aws_vpc" "test_vpc" { + cidr_block = "10.0.0.0/16" + id = (known after apply) + tags = { + "Name" = "test-vpc" } } # aws_subnet.test_subnet will be created + resource "aws_subnet" "test_subnet" { + cidr_block = "10.0.1.0/24" + id = (known after apply) + vpc_id = (known after apply) + availability_zone = "us-east-1a" + tags = { + "Name" = "test-subnet" } } # aws_security_group.test_sg will be created + resource "aws_security_group" "test_sg" { + description = "Allow SSH and HTTP" + id = (known after apply) + name = "test-sg" + tags = { + "Name" = "test-sg" } + vpc_id = (known after apply) } # aws_instance.test_instance will be created + resource "aws_instance" "test_instance" { + ami = "ami-0c94855ba95c71c99" + id = (known after apply) + instance_type = "t2.micro" + subnet_id = (known after apply) + vpc_security_group_ids = [ + (known after apply), ] + tags = { + "Name" = "test-instance" } } Plan: 4 to add, 0 to change, 0 to destroy. ───────────────────────────────────────────────────────────────────────────── Note: You didn't specify an "-out" parameter to save this plan, so Terraform can't guarantee that exactly these actions will be performed if "terraform apply" is subsequently run.

Applies the planned changes to create the infrastructure without asking for confirmation.

Terminal

terraform apply -auto-approve

Expected OutputExpected

aws_vpc.test_vpc: Creating... aws_vpc.test_vpc: Creation complete after 3s [id=vpc-0a1b2c3d4e5f67890] aws_subnet.test_subnet: Creating... aws_subnet.test_subnet: Creation complete after 2s [id=subnet-0a1b2c3d4e5f67890] aws_security_group.test_sg: Creating... aws_security_group.test_sg: Creation complete after 1s [id=sg-0a1b2c3d4e5f67890] aws_instance.test_instance: Creating... aws_instance.test_instance: Still creating... [10s elapsed] aws_instance.test_instance: Creation complete after 15s [id=i-0a1b2c3d4e5f67890] Apply complete! Resources: 4 added, 0 changed, 0 destroyed.

→

-auto-approve - Skips manual approval to apply changes immediately

Displays the outputs defined in the Terraform state, useful to verify resource attributes after deployment.

Terminal

terraform output

Expected OutputExpected

No output (command runs silently)

Key Concept

If you remember nothing else from this pattern, remember: integration testing in Terraform means deploying multiple resources together and verifying they work as expected in combination.

Common Mistakes

Running terraform apply without terraform init first

Terraform needs to download providers and initialize the working directory before applying changes.

Always run terraform init before terraform apply in a new or changed directory.

Not verifying the plan output before applying

Skipping terraform plan can cause unexpected changes or resource destruction without warning.

Always run terraform plan and review changes before applying.

Not cleaning up test resources after integration testing

Leaving test infrastructure running can incur unnecessary costs and clutter your environment.

Use terraform destroy to remove test resources when done.

Summary

Initialize Terraform with 'terraform init' to prepare the environment.

Use 'terraform plan' to preview infrastructure changes before applying.

Apply infrastructure changes with 'terraform apply -auto-approve' to deploy resources for integration testing.