Terraform
How to Use Terraform Modules - Build Reusable Infrastructure
Create and use Terraform modules for reusable infrastructure code. Covers module structure, inputs, outputs, versioning, and the Terraform Registry.
2 min read
Terraform
Terraform Plan Output Explained - Reading and Understanding Plan Results
Learn to read Terraform plan output like a pro. Understand create, update, destroy symbols, moved blocks, and how to catch issues before applying changes.
LLuca Berton1 min read
Introduction
#The terraform plan command is your safety net before making infrastructure changes. Understanding its output is critical for preventing costly mistakes. This guide teaches you to read plan output efficiently.
Running Terraform Plan
#terraform plan
terraform plan -out=tfplan # Save plan to file
terraform plan -target=aws_instance.web # Plan specific resource
terraform plan -var="env=prod" # With variablesUnderstanding Plan Symbols
#Terraform uses symbols to indicate what will happen:
| Symbol | Meaning | Color |
|---|---|---|
+ | Create | Green |
- | Destroy | Red |
~ | Update in-place | Yellow |
-/+ | Destroy and recreate | Red/Green |
<= | Read (data source) | Cyan |
Example Plan Output
#Terraform will perform the following actions:
# aws_instance.web will be updated in-place
~ resource "aws_instance" "web" {
id = "i-0abc123"
~ instance_type = "t3.micro" -> "t3.small"
tags = {
"Name" = "web-server"
}
}
# aws_security_group.allow_http will be created
+ resource "aws_security_group" "allow_http" {
+ arn = (known after apply)
+ id = (known after apply)
+ name = "allow-http"
+ vpc_id = "vpc-12345"
+ ingress {
+ cidr_blocks = ["0.0.0.0/0"]
+ from_port = 80
+ protocol = "tcp"
+ to_port = 80
}
}
Plan: 1 to add, 1 to change, 0 to destroy.Reading the Summary Line
#Plan: 2 to add, 1 to change, 3 to destroy.This tells you:
- 2 to add: New resources being created
- 1 to change: Existing resources being modified
- 3 to destroy: Resources being removed
Dangerous Signs to Watch For
#Unexpected Destroys
# # aws_db_instance.main will be destroyed
- resource "aws_db_instance" "main" {Why it happens: Changed an attribute that forces replacement (like engine_version).
Force Replacement
# # aws_instance.web must be replaced
-/+ resource "aws_instance" "web" {
~ ami = "ami-old" -> "ami-new" # forces replacementThe # forces replacement comment is critical — it means the resource will be destroyed and recreated.
Known After Apply
# + id = (known after apply)This is normal for computed attributes. But watch for:
~ security_groups = (known after apply)If a value you set changes to "known after apply", something may be wrong.
Saving and Applying Plans
## Save plan
terraform plan -out=tfplan
# Review saved plan
terraform show tfplan
# Apply saved plan (no confirmation needed)
terraform apply tfplan
# JSON output for automation
terraform plan -json -out=tfplan
terraform show -json tfplanHands-On Courses
#- Terraform for Beginners — Plan output covered in detail
- Terraform Beginners on CopyPasteLearn
Conclusion
#Reading terraform plan output is a skill that prevents infrastructure disasters. Always review the plan summary, watch for unexpected destroys and force replacements, and save plans before applying in production.
#Terraform#DevOps#Best Practices
Related articles
Terraform
How to Structure a Terraform Project - Best Practices for 2026
Learn the best way to organize Terraform projects. Covers file structure, modules, environments, and naming conventions for scalable infrastructure code.
2 min read
Terraform
Terraform Lifecycle Rules Explained - Prevent Accidental Destruction
Master Terraform lifecycle meta-arguments. Covers prevent_destroy, create_before_destroy, ignore_changes, and replace_triggered_by with examples.
1 min read
Terraform
Terraform Dynamic Blocks - Simplify Repetitive Configuration
Use Terraform dynamic blocks to eliminate repetitive nested blocks. Covers security group rules, IAM policies, and tag generation patterns.
2 min read