Difference between revisions of "Terraform best practices"

• https://www.terraform.io/cloud-docs/guides/recommended-practices

Best practices from Google Cloud team

https://cloud.google.com/docs/terraform/best-practices-for-terraform

• Protect stateful resources: lifecycle { prevent_destroy = true }
• Expose outputs: outputs.tf
• Use data sources.
• Adopt a naming convention.
• Use variables carefully: variables.tf
• Limit the use of custom scripts
• Follow a standard module structure
• Include helper scripts in a separate directory: helpers/
• Put static files in a separate directory: files/
• Use built-in formatting: terraform fmt
• Limit the complexity of expressions.
• Use count for conditional values.
• Use for_each for iterated resources.
• Publish modules to a registry.

Operations

• Don't modify Terraform state manually.
• Always plan first, terraform plan
• Implement an automated pipeline.
• Use service account credentials for CI.
• Avoid importing existing resources.
• Regularly review version pins.
• Use application default credentials when running locally.
• Set aliases to Terraform.

Related

• Best practices
• main
• prevent_destroy

See also

• Terraform, OpenTofu, Terrakube.org, Installation, Terraform AWS, Terraform GCP, Terraform commands, Terraform Cloud, Terraform Enterprise (TFE), HCL, HIL, meta-arguments, providers, modules, resource, provisioners, data sources, backends: remote backends, examples, configuration files, state files, variables, types, Terraform Registry, conditionals: depends_on, functions, Blocks, dynamic blocks, errors, Terragrunt, Terraformer, Terratest, Terraform certifications, Terraform map type, Terraform Associate, Terraform: list type, TF_VAR_, TF_LOG, Terraform provider versioning, Terraform Style Conventions, Required version, Terraform plugin, Terraform Named Values, tags, Changelog, tfsec, tflint, Operators, Expressions: for, splat, Debugging, Namespaces, Terraform Landing Zones, CDKTF, Atmos