The terraform plan command is a critical component of the Core Terraform Workflow, serving as the second step in the write-plan-apply cycle. This command creates an execution plan that allows you to preview the changes Terraform will make to your infrastructure before actually applying them.
When …The terraform plan command is a critical component of the Core Terraform Workflow, serving as the second step in the write-plan-apply cycle. This command creates an execution plan that allows you to preview the changes Terraform will make to your infrastructure before actually applying them.
When you run terraform plan, Terraform performs several important operations. First, it reads the current state of any existing remote objects to ensure the state file is up-to-date. Then, it compares the current configuration files against the stored state to identify differences. Finally, it proposes a set of changes that would align the actual infrastructure with the desired configuration.
The output of terraform plan displays three types of actions: resources to be created (marked with a plus sign), resources to be destroyed (marked with a minus sign), and resources to be modified (marked with a tilde). This detailed preview helps teams understand the impact of their changes before execution.
Key benefits of using terraform plan include risk mitigation, as you can catch potential issues before they affect production environments. It also facilitates collaboration by providing a clear summary that team members can review. The plan output serves as documentation of intended changes, which is valuable for change management processes.
You can save a plan to a file using the -out flag, such as terraform plan -out=myplan. This saved plan can later be passed to terraform apply to ensure the exact reviewed changes are implemented. This approach is particularly useful in CI/CD pipelines and automated workflows.
Additional useful flags include -var for passing variables, -var-file for specifying variable files, and -target for planning specific resources. The -refresh=false flag can skip state refresh if needed.
Running terraform plan regularly during development helps maintain awareness of infrastructure drift and ensures configurations remain accurate and intentional.
The Terraform Plan Command - Complete Guide
What is the Terraform Plan Command?
The terraform plan command is a critical component of the core Terraform workflow. It creates an execution plan that shows what actions Terraform will take to change your infrastructure from its current state to match your configuration files. This command performs a dry run of your infrastructure changes before any modifications are actually made.
Why is Terraform Plan Important?
1. Safety and Preview: It allows you to review proposed changes before applying them, preventing unintended modifications to your infrastructure.
2. Change Detection: It compares the current state with your desired configuration and identifies the differences.
3. Cost Estimation: When integrated with Terraform Cloud, it can provide cost estimates for planned changes.
4. Team Collaboration: Plan outputs can be shared with team members for review before implementation.
5. Compliance: Organizations can review and approve changes before they are applied.
How Terraform Plan Works
When you run terraform plan, Terraform performs these steps:
1. Reads Configuration: Parses all .tf files in the current directory
2. Refreshes State: Queries the real infrastructure to update the state file (unless -refresh=false is specified)
3. Compares State: Compares the current state with the desired configuration
4. Generates Plan: Creates a detailed plan showing resources to be created, modified, or destroyed
Common Terraform Plan Options
• -out=path: Saves the plan to a file for later use with terraform apply
• -var='key=value': Sets input variables on the command line
• -var-file=path: Specifies a file containing variable values
• -target=resource: Focuses the plan on specific resources
• -refresh=false: Skips refreshing the state before planning
• -destroy: Creates a plan to destroy all resources
Plan Output Symbols
• + (plus sign): Resource will be created
• - (minus sign): Resource will be destroyed
• ~ (tilde): Resource will be modified in-place
• -/+: Resource will be destroyed and recreated (replacement)
Saving and Using Plans
You can save a plan for later execution:
terraform plan -out=myplan.tfplan
Then apply it:
terraform apply myplan.tfplan
This ensures the exact planned changes are applied, which is useful for automation and approval workflows.
Exam Tips: Answering Questions on The Terraform Plan Command
1. Remember the Core Purpose: Terraform plan creates an execution plan showing what will change - it does NOT make any changes to infrastructure.
2. Know the Symbols: Be familiar with +, -, ~, and -/+ symbols and what each represents in plan output.
3. Understand the -out Flag: Know that saving a plan with -out ensures consistency between planning and applying, especially in CI/CD pipelines.
4. State Refresh Behavior: By default, terraform plan refreshes state. Know that -refresh=false can skip this step.
5. Plan vs Apply: Questions may test whether you understand that plan shows changes while apply executes them.
6. Target Flag Usage: Understand that -target limits the scope of the plan to specific resources.
7. Sensitive Data: Remember that sensitive values in plan output may be hidden or marked as sensitive.
8. Exit Codes: Terraform plan returns exit code 0 for success with no changes, 1 for errors, and 2 for success with changes (useful in automation).
9. Read Questions Carefully: Distinguish between questions asking about planning behavior versus applying behavior.
10. Workflow Order: Remember the standard workflow order: init → plan → apply. Plan always comes before apply in proper Terraform usage.