DevOps

Terraform

Terraform is an open-source tool from HashiCorp for Infrastructure as Code (IaC) with which cloud infrastructure can be defined declaratively, versioned and provisioned automatically.

Manual infrastructure management via cloud consoles is error-prone, poorly documented and not reproducible. Terraform addresses this by treating infrastructure as code – versionable, reviewable and deployable automatically. As one of the most used IaC tools Terraform supports over 3,000 providers for cloud services, SaaS products and internal systems. Whether AWS, Azure, Google Cloud or multi-cloud – Terraform is the de facto standard for declarative infrastructure provisioning.

What is Terraform?

Terraform is an open-source Infrastructure-as-Code tool released by HashiCorp in 2014. It uses the declarative configuration language HCL (HashiCorp Configuration Language) to describe infrastructure resources such as servers, networks, databases and DNS records. The declarative approach means developers define the desired state and Terraform computes the steps to achieve it. Terraform stores the current state of the infrastructure in a state file and can detect differences between desired and actual state (drift detection). The provider ecosystem includes over 3,000 providers that abstract APIs of cloud providers, SaaS and internal systems. Modules enable reuse of configurations, and Terraform Cloud offers a team platform with remote state, policy as code and collaboration.

How does Terraform work?

Terraform follows a workflow of three steps: Write, Plan and Apply. In the Write phase developers define the desired infrastructure in HCL files (.tf). The command terraform plan creates an execution plan showing which resources will be created, changed or destroyed – without making changes. After reviewing the plan, terraform apply runs the changes via the provider APIs. Terraform stores the current state in a state file that serves as the single source of truth. For team use the state is stored in a remote backend (e.g. S3, Terraform Cloud) to avoid conflicts. The command terraform destroy can tear down the infrastructure in a controlled way.

Practical Examples

A company defines its entire AWS infrastructure (VPC, EC2, RDS, S3, CloudFront) in Terraform and deploys identical environments for development, staging and production.

A DevOps team uses Terraform modules to provision standardized Kubernetes clusters on Google Cloud that meet all security and compliance requirements.

A startup uses Terraform Cloud for team collaboration with remote state, automatic plan reviews and policy-as-code checks before each apply.

A multi-cloud company manages infrastructure on AWS and Azure with Terraform and uses workspaces to separate environments.

A financial services provider integrates Terraform into its CI/CD pipeline so infrastructure changes go through the same code review and approval process as application code.

Typical Use Cases

Automated provisioning of cloud infrastructure on AWS, Azure, Google Cloud or multi-cloud

Reproducible environments: Identical infrastructure for development, test, staging and production

Compliance and governance through policy as code with Sentinel or Open Policy Agent (OPA)

Disaster recovery: Quick recovery of entire infrastructure from versioned Terraform configs

Self-service platforms where development teams provision standardized infrastructure via modules

Advantages and Disadvantages

Advantages

Cloud-agnostic: One tool for all providers – AWS, Azure, Google Cloud, Kubernetes and 3,000+ more
Declarative and reproducible: Infrastructure is defined as code, versioned and shared in the team
Plan before apply: The plan step shows all changes in advance and helps avoid unintended changes
Modular design: Reusable modules enable standardized, consistent infrastructure patterns
Large ecosystem: Active community, Terraform Registry with ready-made modules and providers

Disadvantages

State management: The state file must be managed carefully – corruption or drift can cause problems
Learning curve: HCL and Terraform concepts (state, providers, modules, workspaces) require onboarding
Limited logic: HCL is not a full programming language – complex logic can get cumbersome
Licence change: HashiCorp moved Terraform to the BSL licence from 1.6, which matters to some users (alternative: OpenTofu)

Frequently Asked Questions about Terraform

What is the difference between Terraform and Ansible?

Terraform is a declarative IaC tool mainly for provisioning and managing infrastructure (servers, networks, databases). Ansible is a configuration management tool mainly for configuring existing servers (installing software, config files). In practice they complement each other: Terraform creates the infrastructure, Ansible configures the servers.

What is the Terraform state and why does it matter?

The Terraform state is a JSON file storing the current state of managed infrastructure. Terraform compares desired state (code) with the stored state on each plan to compute necessary changes. Without state Terraform cannot know which resources already exist. The state should be stored remotely (e.g. S3 with locking) and never edited manually.

What is OpenTofu and how does it differ from Terraform?

OpenTofu is a fork of Terraform created after HashiCorp's licence change (from MPL to BSL) under the Linux Foundation. OpenTofu remains under the open-source MPL 2.0 licence and is largely compatible with Terraform. For organizations concerned about the BSL licence OpenTofu is an alternative with the same core functionality.

Want to use Terraform in your project?

We are happy to advise you on Terraform and find the optimal solution for your requirements. Benefit from our experience across over 200 projects.

Learn more Get free consultation

Back to IT Glossary