Guides
Terraform Cost Optimization for AWS - Reduce Your Cloud Bill
Practical Terraform patterns to reduce AWS costs: right-sizing, spot instances, scheduling, and reserved capacity. Step-by-step guide with code examples and ...
2 min read
Guides
Terraform CI/CD Pipeline - GitHub Actions, GitLab CI, and Jenkins Guide
How to set up Terraform CI/CD pipelines with GitHub Actions, GitLab CI, and Jenkins with best practices. Step-by-step guide with code examples and best pract...
LLuca Berton1 min read
Why CI/CD for Terraform?
#Automating Terraform with CI/CD ensures consistent deployments, code review for infrastructure changes, and audit trails for compliance.
GitHub Actions Pipeline
#name: Terraform
on:
push:
branches: [main]
pull_request:
branches: [main]
jobs:
terraform:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: hashicorp/setup-terraform@v3
with:
terraform_version: 1.7.0
- name: Terraform Init
run: terraform init
- name: Terraform Format Check
run: terraform fmt -check
- name: Terraform Validate
run: terraform validate
- name: Terraform Plan
run: terraform plan -out=tfplan
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
- name: Terraform Apply
if: github.ref == 'refs/heads/main'
run: terraform apply -auto-approve tfplanGitLab CI Pipeline
#stages:
- validate
- plan
- apply
variables:
TF_ROOT: ${CI_PROJECT_DIR}
validate:
stage: validate
script:
- terraform init -backend=false
- terraform fmt -check
- terraform validate
plan:
stage: plan
script:
- terraform init
- terraform plan -out=tfplan
artifacts:
paths: [tfplan]
apply:
stage: apply
script:
- terraform init
- terraform apply -auto-approve tfplan
when: manual
only: [main]Best Practices
#- Plan on PR, apply on merge — never auto-apply without review
- Use OIDC instead of static credentials when possible
- Save plan output as artifact — apply the exact reviewed plan
- Add cost estimation with Infracost or Terraform Cloud
- Run security scanning with tfsec, checkov, or Snyk
- Use branch protection — require approval before merge to main
- Lock state — only CI/CD should run apply in production
Learn More
#- Terraform for Beginners Course — hands-on CI/CD labs
- Terraform By Example Book — real-world patterns
- Terraform Cheat Sheet — quick command reference
#cicd#github-actions#gitlab-ci#automation
Related articles
Guides
Terraform Zero-Downtime Deployments - Blue-Green and Rolling Updates
How to achieve zero-downtime deployments with Terraform using blue-green, rolling updates, and create_before_destroy. Step-by-step guide with code examples a...
2 min read
Guides
How to Test Terraform Code - Unit, Integration, and E2E Testing
Complete guide to testing Terraform configurations with terraform test, Terratest, and validation rules. Step-by-step guide with code examples and best pract...
2 min read
Guides
Terraform Data Sources - How to Query Existing Infrastructure
Complete guide to Terraform data sources: querying existing infrastructure, filtering, and common patterns. Step-by-step guide with code examples and best pr...
2 min read