Skip to content

Terraform Concepts

Below are some of the main concepts that you will see while working with Terraform. The examples provided in each concept are part of a Terraform script that outputs the name a record that was created with an existing Route53 zone. The final script is provided at the end.


The main function of a provider is to configure it with some parameter. In most cases, supplying credentials is needed to reach API and submit requests. If required parameters are not provided, Terraform will look elsewhere.

terraform {
  required_providers {
    github = {
      source  = "integrations/github"
      version = "~> 4.0"
    aws = {
      source  = "hashicorp/aws"
      version = "~> 3.0"


Resources is a target for CRUD operations. The resource can be broken into type and and a user-defined name that must be unique to only this resource type in the same module.

resource "aws_route53_record" "dev" {
  zone_id  = data.aws_route53_zone.this[0].zone_id
  name     = "www-dev-concept-example"
  type     = "CNAME"
  ttl      = "300"
  records  = []

Data Sources

Data Sources are "read-only" resources that can pull information that already exist within in the account or environment. The main use of data sources is to fetch parameters needed to create other resources.

data "aws_cloudfront_distribution" "dev" {
  id       = var.cloudfront_id

resource "aws_route53_record" "dev" {
  zone_id  = data.aws_route53_zone.this[0].zone_id
  name     = "www-dev-concept-example"
  type     = "CNAME"
  ttl      = "300"
  records  = []


Within in Terraform, the state file gives details about the resources that were created within the given project. The primary focus is to provide existing information to communicate with Terraform in case of modifications. These state file also contain sensitive information. In order to store and retrieve state file, Terraform uses the concept of backend module to specify a bucket, key, and region to store the stat information.

backend "s3" {
  region         = "INPUT-REGION"
  acl            = "private"
  profile        = "INPUT-PROFILE-NAME"
  bucket         = "INPUT-BUCKET-NAME"



Using the variable block, input variables can be declared usually with the following information: type, default, description.

variable "domain_name" {
  description = "The main domain name being used"
  type         = string
  default      = "INPUT-DOMAIN-NAME"


Local variable work similar to input variables but the scope of use is limited to the module where they have been declared. The main use of local variables is to reduce code repetition.

locals {
  # Use existing (via data source) or create new zone (will fail validation, if zone is not reachable)
  use_existing_route53_zone = true

  domain_name = var.domain_name

data "aws_route53_zone" "this" {
  count = local.use_existing_route53_zone ? 1 : 0 # Make sure the existing record are there

  name         = local.domain_name
  private_zone = false


In some case, when a resource is created within the module, that output output will sometimes be needed as an input for another module. The output variable can address that case by defining a output block that can store a subset of created resources.

output "record_name" {
  description = "Name of the record that was just made"
  value  =

Putting it all together

The examples in each concept are parts of the full Terraform script. Use the Github link to see the full script.

Terraform Basic Commands

The following four commands are the will mostly be used within Terraform.


After writing terraform code or retrieving a clone of an existing Terraform code, the terraform init command is the first command to initialize the working directory. The command performs initialization to the backend, child modules, and plugins.


Once the initialization of terraform init is finished, terraform plan will create an execution plan that will preview the changes to the infrastructure associated to the account. To save the plan that was previewed, use the option -out=FILE.


terraform apply will execute the plans that were previewed from terraform plan. The command will prompt you again with a preview of the infrastructure changes and to approve of the changes. Once approve, it will start to execute the plan of changes. The plan file create from the terraform plan -out=FILE can be an input (terraform apply FILE).


Once all the changes are made, terraform destroy will delete all the changes within that was executed. Similar to terraform apply it will prompt with changes to the infrastructure and wait for the approval. Once approved, it will carry the changes that was previewed.

Back to top