Terraform

Basics & Fundamentals

Providers & Resources

๐Ÿ“˜ Terraform Plan: Safely Previewing Infrastructure Changes

When managing infrastructure with Terraform, the last thing you want is to accidentally break production with unexpected changes. Thatโ€™s where terraform plan comes in.

The Terraform Plan command is like a dry run or blueprint of what Terraform intends to do. Instead of applying changes directly, it analyzes your .tf configuration files and shows:

  • Which resources will be created.
  • Which resources will be updated.
  • Which resources will be destroyed.

๐Ÿ‘‰ Think of it as a flight simulator for infrastructure. You can test your changes safely before actually deploying them.

โš™๏ธ What Does Terraform Plan Do?

When you run:

Terminal window
terraform plan

Terraform:

  1. Loads Current State

    • Reads the state file (terraform.tfstate or remote backend).

  2. Compares State vs Config

    • Compares your current infrastructure with .tf configuration files.

  3. Generates Execution Plan

    • Outputs a list of actions (add, change, destroy).

  4. Prepares Apply

    • Stores the plan so that it can be passed to terraform apply.

๐Ÿ‘‰ Nothing is actually deployed or destroyed. Itโ€™s a read-only preview.

๐Ÿ›  Terraform Plan Syntax & Options

Basic usage:

Terminal window
terraform plan

Useful options:

  • -out=plan.out โ†’ Save plan for later execution.
  • -input=false โ†’ Disable interactive input.
  • -destroy โ†’ Show what will be destroyed.
  • -refresh=false โ†’ Skip refreshing state.
  • -var or -var-file โ†’ Pass variables into the plan.

๐Ÿ›  3 Unique Real-World Examples of Terraform Plan

โœ… Example 1: Previewing AWS S3 Bucket Creation

Step 1: main.tf

provider "aws" {
  region = "us-east-1"
}


resource "aws_s3_bucket" "example" {
  bucket = "terraform-plan-example-bucket"
  acl    = "private"
}

Step 2: Run Terraform Plan

Terminal window
terraform init
terraform plan

Output Example:

+ aws_s3_bucket.example
      bucket: "terraform-plan-example-bucket"
      acl:    "private"

๐Ÿ‘‰ + means Terraform will create this resource.

โœ… Example 2: Detecting Updates in Resources

Step 1: Update ACL in main.tf

resource "aws_s3_bucket" "example" {
  bucket = "terraform-plan-example-bucket"
  acl    = "public-read"
}

Step 2: Run Plan

Terminal window
terraform plan

Output Example:

~ aws_s3_bucket.example
      acl: "private" โ†’ "public-read"

๐Ÿ‘‰ ~ means Terraform will update the existing resource.

โœ… Example 3: Planning Destruction of Resources

Step 1: Remove S3 Bucket Resource

# (Removed aws_s3_bucket block from main.tf)

Step 2: Run Plan

Terminal window
terraform plan

Output Example:

- aws_s3_bucket.example
      bucket: "terraform-plan-example-bucket"

๐Ÿ‘‰ - means Terraform will destroy this resource.

๐ŸŽฏ Why is Terraform Plan Important?

  1. Prevents Mistakes

    • Avoids accidentally deleting production resources.

  2. Improves Collaboration

    • Teams can review plan outputs before applying.

  3. Compliance & Approvals

    • Execution plans can be audited and approved.

  4. Safer CI/CD Pipelines

    • Ensures infrastructure deployments are predictable.

  5. Debugging Tool

    • Helps identify why Terraform thinks something should change.

๐Ÿง  How to Remember Terraform Plan (Exam & Interview)

Mnemonic: P.C.D.A

  • P โ†’ Preview changes
  • C โ†’ Compare current vs desired state
  • D โ†’ Detect create/update/destroy actions
  • A โ†’ Approve before apply

๐Ÿ‘‰ Interview Answer: โ€œTerraform plan generates an execution plan showing what resources will be created, modified, or destroyed without making actual changes. Itโ€™s a dry run that helps ensure safe deployments.โ€

๐Ÿ“š Best Practices for Terraform Plan

  • Always run terraform plan before every apply.
  • Use terraform plan -out=plan.out in CI/CD pipelines.
  • Commit plan outputs for audit purposes.
  • Review plan carefully when working with production resources.
  • Use variables and workspaces to test multiple environments.

๐Ÿ”ฎ Future Enhancements of Terraform Plan

  • AI-assisted plan review โ†’ Detect risky changes.
  • Visual execution plans โ†’ Graphical previews of create/update/destroy.
  • Policy-driven approvals โ†’ Auto-block unsafe plans.
  • Drift detection โ†’ Highlight infrastructure drift more clearly.

๐Ÿ“ Summary

  • terraform plan shows what Terraform will do without actually doing it.

  • It compares the desired configuration with the current state.

  • Symbols:

    • + โ†’ Create
    • ~ โ†’ Update
    • - โ†’ Destroy

  • Essential for preventing mistakes in production.

  • Best remembered with P.C.D.A โ†’ Preview, Compare, Detect, Approve.

โœ… Final Takeaway

The Terraform Plan command is your safety net. Without it, applying changes would be like deploying blindfolded. By running terraform plan, you:

  • See exactly what will change.
  • Share plans with teammates.
  • Avoid unexpected outages.

๐Ÿ‘‰ Mastering terraform plan builds confidence in your Terraform workflow and makes you a more reliable DevOps engineer.