Terraformcloud~5 mins

Plan and apply separation in pipelines in Terraform - Commands & Configuration

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Introduction

When you manage infrastructure with Terraform, you want to see what changes will happen before applying them. Separating the planning and applying steps in pipelines helps avoid surprises and keeps your infrastructure safe.

When you want to review infrastructure changes before making them live.

When you have a team and want approvals before applying changes.

When you want to automate infrastructure updates but keep control.

When you want to catch errors early by checking the plan output.

When you want to keep your production environment stable by separating steps.

Config File - main.tf

main.tf

terraform {
  required_version = ">= 1.0"
  backend "local" {}
}

provider "aws" {
  region = "us-east-1"
}

resource "aws_s3_bucket" "example" {
  bucket = "example-bucket-terraform-pipeline"
  acl    = "private"
}

This file sets up Terraform to use a local backend for state storage and configures the AWS provider for the us-east-1 region. It defines a simple S3 bucket resource named "example-bucket-terraform-pipeline" with private access.

Commands

This command initializes the Terraform working directory. It downloads provider plugins and sets up the backend. Run this first to prepare Terraform for the project.

Terminal

terraform init

Expected OutputExpected

Initializing the backend... Initializing provider plugins... - Finding latest version of hashicorp/aws... - Installing hashicorp/aws v4.0.0... - Installed hashicorp/aws v4.0.0 (signed by HashiCorp) Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure.

This command creates an execution plan and saves it to a file named tfplan. It shows what changes Terraform will make without applying them. This helps you review changes safely.

Terminal

terraform plan -out=tfplan

Expected OutputExpected

Refreshing Terraform state in-memory prior to plan... An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # aws_s3_bucket.example will be created + resource "aws_s3_bucket" "example" { + acl = "private" + bucket = "example-bucket-terraform-pipeline" + id = (known after apply) } Plan: 1 to add, 0 to change, 0 to destroy. ───────────────────────────────────────────────────────────────────────────── Note: You didn't specify an "-input=false" flag, so Terraform will ask for input if necessary.

→

-out=tfplan - Saves the plan to a file for later apply

This command applies the changes described in the saved plan file tfplan. It makes the planned changes to your infrastructure exactly as reviewed.

Terminal

terraform apply tfplan

Expected OutputExpected

aws_s3_bucket.example: Creating... aws_s3_bucket.example: Creation complete after 2s [id=example-bucket-terraform-pipeline] Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

This command shows the current state of your infrastructure as Terraform sees it. Use it to verify what resources exist after applying.

Terminal

terraform show

Expected OutputExpected

aws_s3_bucket.example: id = example-bucket-terraform-pipeline acl = private bucket = example-bucket-terraform-pipeline region = us-east-1

Key Concept

If you remember nothing else from this pattern, remember: always run terraform plan first to preview changes, then terraform apply with the saved plan to safely update infrastructure.

Common Mistakes

Running terraform apply without running terraform plan first

You might apply unexpected changes without reviewing them, causing errors or downtime.

Always run terraform plan -out=tfplan to create and review a plan before applying it.

Running terraform apply without specifying the saved plan file

Terraform will create a new plan and apply it immediately, skipping the review step.

Use terraform apply tfplan to apply the exact reviewed plan.

Not running terraform init before plan or apply

Terraform won't have the necessary plugins or backend configured, causing errors.

Run terraform init once before planning or applying.

Summary

Run terraform init to prepare your working directory and download providers.

Run terraform plan -out=tfplan to create and save a plan showing changes.

Run terraform apply tfplan to apply the reviewed changes safely.

Use terraform show to verify the current infrastructure state.