Explain the core Terraform workflow: write, init, plan, apply, destroy.
Quick Answer
**Write** HCL configuration describing resources. `terraform init` downloads providers/modules and sets up the backend. `terraform plan` compares configuration against state and the real infrastructure to compute an execution plan (create/update/destroy) without changing anything. `terraform apply` executes that plan (prompting for confirmation) and updates the state file. `terraform destroy` tears down every resource Terraform manages in that configuration. This write → plan → apply loop is the backbone of everyday Terraform usage.
Detailed Answer
Terraform's day-to-day usage boils down to a five-step loop. Understanding what each step actually does (not just its name) is essential.
1. Write
You author .tf files describing resources, variables, and outputs:
resource "aws_s3_bucket" "assets" {
bucket = "my-app-assets"
}
2. terraform init
Prepares the working directory:
- Downloads the providers declared in
required_providers(and records their exact versions/checksums in.terraform.lock.hcl). - Downloads any modules referenced by
source. - Configures the backend (where state will be stored — local file, S3, Terraform Cloud, etc.).
You re-run init whenever you add a provider, add a module, or change the backend config.
3. terraform plan
- Refreshes Terraform's view of real infrastructure (unless disabled).
- Diffs the current state against your configuration.
- Produces an execution plan: which resources will be created, updated in place, or destroyed and recreated — without making any changes.
Plan: 2 to add, 1 to change, 0 to destroy.
This is the "code review" step — plan output is what gets read/approved before anything happens.
4. terraform apply
- Re-runs (or reuses, if given a saved plan file) the plan.
- Prompts for confirmation (
yes), unless run non-interactively with-auto-approve(typically only in CI after a review gate). - Executes the necessary provider API calls in dependency order.
- Writes the results back into the state file.
5. terraform destroy
- Computes a plan that destroys every resource the current configuration manages.
- Used to tear down throwaway environments (feature branches, temporary test infra) — rarely run against production directly.
The loop in practice
In real projects this isn't a strict five-step waterfall — you cycle write → plan → apply continuously as you iterate, with init re-run only when dependencies change, and destroy reserved for cleanup. The discipline of always running plan before apply (and reading its output) is what makes Terraform changes safe and predictable.