kb/core
The Terraform basics cycle of init, plan, and apply: HCL describes the desired state, `terraform init` installs the providers, `plan` shows the diff against state, and `apply` makes the changes. This is the foundation. Without the cycle you cannot work with any provider.
${expression} inside a string substitutes the value of that expression. ${var.env}, ${aws_s3_bucket.demo.id}. When the expression is the entire value of an argument (no surrounding string), modern HCL lets you write it without ${...}.
The lockfile pins the exact provider versions and their hashes, so you and CI always run the same build. It is created on terraform init and updated through init -upgrade. Commit it to git.
A backend is where the state file is stored. The default is local, next to your HCL. Remote backends (S3, GCS, Terraform Cloud, http) give you shared access and locking. This course uses only local; remote is covered as an overview.
The ternary operator a ? b : c is a plain if/else. try(expr, fallback) evaluates an expression or substitutes a backup. can(expr) returns true/false. coalesce(...) returns the first non-null value. They all keep your config from crashing.
HCL supports primitives (string, number, bool) and complex types: list, set, map, tuple, object. This article covers the syntax of each one and the difference between the look-alikes (list vs tuple, map vs object).
HCL has functions for list/set/map: length (size), lookup (by key with a default), merge (combine maps), concat (join lists), flatten (unnest), keys/values. The basic toolkit for transformations.
HCL string functions: format (like printf), join/split (lists to strings and back), replace (regex or text), lower/upper/title (case), trimspace and the trim* family. All pure, no side effects, handy in locals.
HCL (HashiCorp Configuration Language) is the language you use to describe the desired state of your infrastructure. It looks like JSON, but it is easier to read: you can write comments, variables, and loops.
When your HCL has a module block, terraform init downloads the module source (from a registry, git, or a local folder) into .terraform/modules/. This course does not write modules; this article is an overview of how the mechanics work.
Any value in HCL is reachable through an address: var.x, local.x, aws_s3_bucket.demo.arn, module.net.vpc_id, data.aws_region.current.name. Knowing this syntax is half of your productivity in Terraform.
apply takes the result of plan and actually calls the cloud API: it creates, changes, and deletes resources. After apply, the state is updated. This is the command that turns money into infrastructure.
You configure the Terraform CLI through the ~/.terraformrc file and the TF_* environment variables. This is where the plugin cache lives, along with TF_LOG for debugging, TF_VAR_* for variables, and TF_CLI_ARGS for global flags.
destroy removes every resource described in HCL and recorded in state. It is apply with a minus sign in front of everything. It is essential for learning tasks and ephemeral environments. In production it is a last resort.
terraform init downloads the provider plugins (AWS, GCP, and so on), creates a lockfile that pins their versions, and prepares the working directory. Without it, neither plan nor apply will run.
plan is a dry run: Terraform reads your HCL, reads the state, and shows the diff between them. It changes nothing in the cloud. This is your main tool for not breaking prod by mistake.
A workspace is a named slot for a separate state file in one directory of HCL. It is useful for very similar environments with a minimal difference between them. This course does not use it; separate folders are usually the better choice.
required_version pins which versions of terraform may run this code. required_providers.version does the same for providers. The pessimistic operator ~> 5.60 is the standard: it allows minor updates and blocks major ones.