Plan file generation and usage is a critical component of the Core Terraform Workflow that enables teams to review, save, and apply infrastructure changes in a controlled manner.
When you run 'terraform plan', Terraform compares your current configuration with the existing state and determines wha…Plan file generation and usage is a critical component of the Core Terraform Workflow that enables teams to review, save, and apply infrastructure changes in a controlled manner.
When you run 'terraform plan', Terraform compares your current configuration with the existing state and determines what changes are needed. By default, this output is displayed in the terminal but not saved. However, you can generate a saved plan file using the '-out' flag: 'terraform plan -out=tfplan'. This creates a binary file containing the exact changes Terraform will make.
The saved plan file serves several important purposes:
1. **Consistency**: The plan file ensures that the exact changes reviewed during planning are the same changes applied during execution. This prevents drift between plan and apply phases.
2. **Approval Workflows**: Teams can generate a plan, share it for review and approval, then apply it later. This is essential for change management processes and compliance requirements.
3. **Automation**: In CI/CD pipelines, plan files enable separation between planning and applying stages, allowing human approval gates between steps.
To apply a saved plan, use: 'terraform apply tfplan'. When applying a saved plan file, Terraform skips the confirmation prompt because the changes were already reviewed when the plan was created.
Important considerations:
- Plan files are binary and contain sensitive information, including variable values and resource configurations
- Plan files become stale if the infrastructure or configuration changes after generation
- Plan files should be treated as sensitive artifacts and secured appropriately
- The plan file format is not guaranteed to be compatible across different Terraform versions
Using plan files is considered a best practice in production environments, particularly when implementing GitOps workflows or when multiple team members need to review and approve infrastructure changes before they are executed.
Plan File Usage in Terraform
What is a Terraform Plan File?
A Terraform plan file is a binary file that captures the execution plan generated by the terraform plan command. This file contains all the information about what changes Terraform will make to your infrastructure, including resources to be created, modified, or destroyed.
Why is Plan File Usage Important?
Plan files serve several critical purposes in production environments:
• Consistency: They ensure the exact changes reviewed are the ones applied • Separation of Concerns: Allows different team members or systems to review plans before applying • Audit Trail: Provides a record of intended changes before execution • CI/CD Integration: Enables automated pipelines where planning and applying occur in separate stages • Safety: Prevents unexpected changes between planning and applying
How Plan Files Work
Generating a Plan File:
To create a saved plan file, use the -out flag:
terraform plan -out=tfplan
This saves the plan to a file named tfplan. The file is in a binary format specific to Terraform.
Applying a Saved Plan:
To apply a saved plan, pass the plan file to terraform apply:
terraform apply tfplan
When applying a saved plan file, Terraform will execute exactly what was planned. It will not prompt for confirmation because the plan was already reviewed.
Key Characteristics of Plan Files
• Plan files are binary, not human-readable text • They contain the complete state at the time of planning • They become stale if the state or configuration changes • They may contain sensitive data and should be protected accordingly • The -out flag is used to generate them
Common Use Cases
• Code Reviews: Generate a plan, share it for review, then apply the approved plan • Automated Deployments: CI/CD systems generate plans in one stage and apply in another • Change Management: Create plans for approval workflows before applying changes
Exam Tips: Answering Questions on Plan File Generation and Usage
• Remember that -out is the flag used with terraform plan to save the plan • When applying a saved plan file, Terraform skips the confirmation prompt • Plan files are binary format - if asked about reading them, use terraform show • Plan files contain sensitive information and should be treated as such • A saved plan guarantees that the exact reviewed changes will be applied • If the state changes between plan and apply, the saved plan may fail or behave unexpectedly • The syntax is terraform apply planfile not terraform apply -plan=planfile • Plan files are tied to the specific Terraform version that created them • Questions may test whether you understand that saved plans provide consistency between review and application • Be aware that terraform show tfplan displays the contents of a saved plan in human-readable format