Bird
Raised Fist0
Terraformcloud~5 mins

Plan and apply separation in pipelines in Terraform - Commands & Configuration

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Introduction
When you manage infrastructure with Terraform, you want to see what changes will happen before applying them. Separating the planning and applying steps in pipelines helps avoid surprises and keeps your infrastructure safe.
When you want to review infrastructure changes before making them live.
When you have a team and want approvals before applying changes.
When you want to automate infrastructure updates but keep control.
When you want to catch errors early by checking the plan output.
When you want to keep your production environment stable by separating steps.
Config File - main.tf
main.tf
terraform {
  required_version = ">= 1.0"
  backend "local" {}
}

provider "aws" {
  region = "us-east-1"
}

resource "aws_s3_bucket" "example" {
  bucket = "example-bucket-terraform-pipeline"
  acl    = "private"
}

This file sets up Terraform to use a local backend for state storage and configures the AWS provider for the us-east-1 region. It defines a simple S3 bucket resource named "example-bucket-terraform-pipeline" with private access.

Commands
This command initializes the Terraform working directory. It downloads provider plugins and sets up the backend. Run this first to prepare Terraform for the project.
Terminal
terraform init
Expected OutputExpected
Initializing the backend... Initializing provider plugins... - Finding latest version of hashicorp/aws... - Installing hashicorp/aws v4.0.0... - Installed hashicorp/aws v4.0.0 (signed by HashiCorp) Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure.
This command creates an execution plan and saves it to a file named tfplan. It shows what changes Terraform will make without applying them. This helps you review changes safely.
Terminal
terraform plan -out=tfplan
Expected OutputExpected
Refreshing Terraform state in-memory prior to plan... An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # aws_s3_bucket.example will be created + resource "aws_s3_bucket" "example" { + acl = "private" + bucket = "example-bucket-terraform-pipeline" + id = (known after apply) } Plan: 1 to add, 0 to change, 0 to destroy. ───────────────────────────────────────────────────────────────────────────── Note: You didn't specify an "-input=false" flag, so Terraform will ask for input if necessary.
-out=tfplan - Saves the plan to a file for later apply
This command applies the changes described in the saved plan file tfplan. It makes the planned changes to your infrastructure exactly as reviewed.
Terminal
terraform apply tfplan
Expected OutputExpected
aws_s3_bucket.example: Creating... aws_s3_bucket.example: Creation complete after 2s [id=example-bucket-terraform-pipeline] Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
This command shows the current state of your infrastructure as Terraform sees it. Use it to verify what resources exist after applying.
Terminal
terraform show
Expected OutputExpected
aws_s3_bucket.example: id = example-bucket-terraform-pipeline acl = private bucket = example-bucket-terraform-pipeline region = us-east-1
Key Concept

If you remember nothing else from this pattern, remember: always run terraform plan first to preview changes, then terraform apply with the saved plan to safely update infrastructure.

Common Mistakes
Running terraform apply without running terraform plan first
You might apply unexpected changes without reviewing them, causing errors or downtime.
Always run terraform plan -out=tfplan to create and review a plan before applying it.
Running terraform apply without specifying the saved plan file
Terraform will create a new plan and apply it immediately, skipping the review step.
Use terraform apply tfplan to apply the exact reviewed plan.
Not running terraform init before plan or apply
Terraform won't have the necessary plugins or backend configured, causing errors.
Run terraform init once before planning or applying.
Summary
Run terraform init to prepare your working directory and download providers.
Run terraform plan -out=tfplan to create and save a plan showing changes.
Run terraform apply tfplan to apply the reviewed changes safely.
Use terraform show to verify the current infrastructure state.

Practice

(1/5)
1. What is the main benefit of separating terraform plan and terraform apply in pipelines?
easy
A. It speeds up the deployment by combining steps
B. It skips the need for state files
C. It automatically fixes errors during apply
D. It allows you to review changes before applying them

Solution

  1. Step 1: Understand the purpose of terraform plan

    This command shows what changes Terraform will make without applying them.

  2. Step 2: Understand the purpose of terraform apply

    This command applies the changes to the infrastructure based on the plan.

  3. Final Answer:

    It allows you to review changes before applying them -> Option D

  4. Quick Check:

    Plan shows changes first = B [OK]
Hint: Plan shows changes, apply makes them live [OK]
Common Mistakes:
  • Thinking plan applies changes
  • Believing apply skips state files
  • Assuming steps run faster combined
2. Which command correctly saves a Terraform plan to a file named myplan.tfplan?
easy
A. terraform apply -out=myplan.tfplan
B. terraform save myplan.tfplan
C. terraform plan -out=myplan.tfplan
D. terraform plan save myplan.tfplan

Solution

  1. Step 1: Identify the correct syntax for saving a plan

    The correct command uses terraform plan -out=filename to save the plan.

  2. Step 2: Check each option

    terraform plan -out=myplan.tfplan matches the correct syntax exactly.

  3. Final Answer:

    terraform plan -out=myplan.tfplan -> Option C

  4. Quick Check:

    Plan with -out saves file = C [OK]
Hint: Use 'plan -out=' to save plans, not apply [OK]
Common Mistakes:
  • Using apply instead of plan to save
  • Using incorrect command like 'save'
  • Missing the '-out=' flag
3. Given these commands run in order:
terraform plan -out=planfile
terraform apply planfile
What happens when you run terraform apply planfile?
medium
A. Terraform applies exactly the changes saved in planfile
B. Terraform ignores planfile and creates a new plan
C. Terraform applies changes but may differ from planfile
D. Terraform throws an error because planfile is not a valid command

Solution

  1. Step 1: Understand the role of the saved plan file

    The plan file contains the exact changes Terraform will apply.

  2. Step 2: Understand how terraform apply planfile works

    This command applies the saved plan exactly, without recalculating changes.

  3. Final Answer:

    Terraform applies exactly the changes saved in planfile -> Option A

  4. Quick Check:

    Apply saved plan = exact changes [OK]
Hint: Apply with plan file applies exact saved changes [OK]
Common Mistakes:
  • Thinking apply recalculates plan
  • Assuming apply ignores plan file
  • Believing apply with plan file causes errors
4. You run terraform apply myplan.tfplan but get an error saying the plan file is invalid. What is the most likely cause?
medium
A. You forgot to run terraform init before apply
B. The plan file was created with a different Terraform version
C. You used terraform plan without -out flag
D. The plan file is empty because no changes were detected

Solution

  1. Step 1: Identify compatibility issues with plan files

    Plan files are version-specific and may be invalid if Terraform versions differ.

  2. Step 2: Check other options

    Running init is required but usually causes different errors; missing -out means no plan file saved; empty plan files do not cause invalid file errors.

  3. Final Answer:

    The plan file was created with a different Terraform version -> Option B

  4. Quick Check:

    Version mismatch causes invalid plan file error [OK]
Hint: Check Terraform versions match when using saved plans [OK]
Common Mistakes:
  • Assuming missing init causes invalid plan file error
  • Thinking empty plan files cause invalid file errors
  • Confusing missing -out with invalid plan file
5. You want to implement a pipeline that separates planning and applying Terraform changes. Which sequence of commands ensures you can review the plan before applying exactly those changes?
hard
A. terraform plan -out=planfile && terraform apply planfile
B. terraform apply && terraform plan -out=planfile
C. terraform plan && terraform apply
D. terraform apply -out=planfile && terraform apply planfile

Solution

  1. Step 1: Identify correct order for plan and apply separation

    First, run terraform plan -out=planfile to save the plan and review it.

  2. Step 2: Apply the saved plan exactly

    Then, run terraform apply planfile to apply the reviewed changes exactly.

  3. Final Answer:

    terraform plan -out=planfile && terraform apply planfile -> Option A

  4. Quick Check:

    Plan with -out then apply saved plan = A [OK]
Hint: Plan with -out then apply saved plan file [OK]
Common Mistakes:
  • Applying before planning
  • Not saving plan with -out
  • Using apply -out which is invalid