HCP Terraform (formerly Terraform Cloud) provides a managed environment for executing Terraform operations, with runs and applies being core concepts for infrastructure management.
**Terraform Runs**
A run in HCP Terraform represents the complete lifecycle of executing Terraform code. Each run co…HCP Terraform (formerly Terraform Cloud) provides a managed environment for executing Terraform operations, with runs and applies being core concepts for infrastructure management.
**Terraform Runs**
A run in HCP Terraform represents the complete lifecycle of executing Terraform code. Each run consists of multiple phases:
1. **Plan Phase**: Terraform analyzes your configuration files, compares them against the current state, and generates an execution plan showing proposed changes. This phase helps teams review what modifications will occur before any infrastructure changes happen.
2. **Cost Estimation**: HCP Terraform can estimate the cost impact of proposed changes for supported cloud providers.
3. **Policy Check**: If Sentinel or OPA policies are configured, they evaluate the planned changes against organizational rules.
4. **Apply Phase**: The actual execution of infrastructure changes based on the approved plan.
**Apply Operations**
The apply phase executes the changes outlined in the plan. HCP Terraform supports different apply methods:
- **Manual Apply**: Requires explicit confirmation from a user before proceeding. This is ideal for production environments where human review is essential.
- **Auto Apply**: Automatically proceeds with the apply phase after a successful plan, useful for development environments or automated pipelines.
**Run Triggers**
Runs can be initiated through various methods:
- VCS webhooks when code is pushed
- API calls for CI/CD integration
- Manual triggers from the UI
- Run triggers from dependent workspaces
**State Management**
During applies, HCP Terraform securely manages state files, providing locking mechanisms to prevent concurrent modifications and maintaining version history for rollback capabilities.
**Run Environment**
HCP Terraform executes runs in isolated, ephemeral environments, ensuring consistency and security. Teams can configure variables, credentials, and provider settings at the workspace level for streamlined operations across multiple environments.
HCP Terraform Runs and Applies: Complete Guide
Why HCP Terraform Runs and Applies Are Important
Understanding how HCP Terraform executes infrastructure changes is fundamental to managing cloud resources effectively. Runs and applies are the core mechanisms through which Terraform transforms your configuration code into actual infrastructure. For the Terraform Associate exam, this topic tests your knowledge of operational workflows and how HCP Terraform orchestrates infrastructure deployments in a collaborative environment.
What Are HCP Terraform Runs?
A run in HCP Terraform represents a unit of work that processes your Terraform configuration. Each run consists of multiple phases that execute sequentially to safely manage infrastructure changes. Runs can be triggered through various methods including VCS commits, API calls, CLI commands, or manual actions in the UI.
The Run Workflow Phases
1. Pending - The run is queued and waiting to be processed 2. Plan - Terraform generates an execution plan showing proposed changes 3. Cost Estimation (if enabled) - Calculates estimated costs of proposed resources 4. Policy Check (if configured) - Sentinel or OPA policies evaluate the plan 5. Apply - Terraform executes the approved changes to infrastructure
What Is an Apply?
The apply phase is when Terraform actually creates, modifies, or destroys infrastructure resources according to the approved plan. This is the phase where real changes occur in your cloud environment. In HCP Terraform, applies require explicit confirmation unless auto-apply is enabled.
How Runs and Applies Work in HCP Terraform
Run Triggers: - VCS-driven: Commits to connected repositories automatically trigger runs - API-driven: External systems can initiate runs via the API - CLI-driven: Using terraform plan and terraform apply commands with remote backend - Manual: Users can start runs through the HCP Terraform UI
Speculative Plans: These are plan-only runs triggered by pull requests. They show what changes would occur if the PR were merged but never apply changes. This enables code review with infrastructure impact visibility.
Run Queue Management: HCP Terraform processes runs sequentially within a workspace to prevent conflicts. Only one run can be actively applying at a time, though multiple plans can execute concurrently.
Auto-Apply Configuration: Workspaces can be configured to automatically apply successful plans that pass all policy checks. This is useful for automated pipelines but should be used cautiously in production environments.
Key Concepts for the Exam
- State Locking: HCP Terraform automatically locks state during runs to prevent concurrent modifications - Run States: Understand the progression from pending through applied or errored - Discarded Runs: Runs can be discarded before apply if changes are no longer needed - Canceled Runs: Active runs can be canceled, which may leave infrastructure in an incomplete state - Refresh-Only Runs: Update state to match real infrastructure without making changes
Exam Tips: Answering Questions on HCP Terraform Runs and Applies
Tip 1: Remember that runs are processed sequentially per workspace. If asked about concurrent operations, the answer involves queuing, not parallel execution within a single workspace.
Tip 2: Speculative plans are read-only and associated with pull requests. They help teams review infrastructure changes before merging code.
Tip 3: Know the difference between canceling a run (stops execution, may leave partial changes) and discarding a run (removes from queue before execution begins).
Tip 4: Auto-apply skips manual confirmation but still respects policy checks. Policies must pass before auto-apply proceeds.
Tip 5: When questions mention VCS integration, remember that pushes to the default branch trigger runs, while pull requests trigger speculative plans.
Tip 6: State locking is automatic in HCP Terraform. You do not need to configure it manually as you might with other backends.
Tip 7: Understand that cost estimation and policy checks occur between plan and apply phases. They act as gates before infrastructure changes are made.
Tip 8: For questions about run failures, know that a failed plan stops the run, while a failed apply may leave infrastructure in a partially modified state requiring manual intervention.