Explain the core Terraform workflow: write, init, plan, apply, destroy.

4 minbeginnerterraformworkflowcli

Quick Answer

**Write** HCL configuration describing resources. `terraform init` downloads providers/modules and sets up the backend. `terraform plan` compares configuration against state and the real infrastructure to compute an execution plan (create/update/destroy) without changing anything. `terraform apply` executes that plan (prompting for confirmation) and updates the state file. `terraform destroy` tears down every resource Terraform manages in that configuration. This write → plan → apply loop is the backbone of everyday Terraform usage.

Detailed Answer

Terraform's day-to-day usage boils down to a five-step loop. Understanding what each step actually does (not just its name) is essential.

1. Write

You author .tf files describing resources, variables, and outputs:

resource "aws_s3_bucket" "assets" {
  bucket = "my-app-assets"
}

2. terraform init

Prepares the working directory:

  • Downloads the providers declared in required_providers (and records their exact versions/checksums in .terraform.lock.hcl).
  • Downloads any modules referenced by source.
  • Configures the backend (where state will be stored — local file, S3, Terraform Cloud, etc.).

You re-run init whenever you add a provider, add a module, or change the backend config.

3. terraform plan

  • Refreshes Terraform's view of real infrastructure (unless disabled).
  • Diffs the current state against your configuration.
  • Produces an execution plan: which resources will be created, updated in place, or destroyed and recreated — without making any changes.
Plan: 2 to add, 1 to change, 0 to destroy.

This is the "code review" step — plan output is what gets read/approved before anything happens.

4. terraform apply

  • Re-runs (or reuses, if given a saved plan file) the plan.
  • Prompts for confirmation (yes), unless run non-interactively with -auto-approve (typically only in CI after a review gate).
  • Executes the necessary provider API calls in dependency order.
  • Writes the results back into the state file.

5. terraform destroy

  • Computes a plan that destroys every resource the current configuration manages.
  • Used to tear down throwaway environments (feature branches, temporary test infra) — rarely run against production directly.

The loop in practice

In real projects this isn't a strict five-step waterfall — you cycle write → plan → apply continuously as you iterate, with init re-run only when dependencies change, and destroy reserved for cleanup. The discipline of always running plan before apply (and reading its output) is what makes Terraform changes safe and predictable.

Related Resources