$ man terraform | less
This isn't a reference of resource fields, it's a map of the CLI commands. Each card: the command, what it does, a link to KB. Grouped by what you usually do in sequence.
It prints. Ctrl/Cmd + P gives a single-page layout with no navigation.
The main loop. Without these three there's no life in Terraform.
terraform initDownload providers and modules, create .terraform.lock.hcl.
kb · tf-initterraform init -upgradeRe-read modules and providers from scratch; needed when version/source changes.
kb · tf-init-modulesterraform init -backend-config=...Feed backend parameters without editing HCL (CI, multi-env).
kb · tf-remote-backend-s3terraform planThe diff between HCL and state. Changes nothing. Run it as often as you like.
kb · tf-planterraform plan -out=plan.tfplanSave the plan as an artifact; apply from the file guarantees the same outcome.
kb · tf-plan-apply-citerraform plan -detailed-exitcodeExit 0 means no changes, 2 means changes, 1 means error. For drift detection and CI.
kb · tf-drift-detectionterraform apply -auto-approveApply the plan without confirmation. In CI, always from plan.tfplan.
kb · tf-applyterraform apply plan.tfplanApply a saved plan without re-planning, an exact copy.
kb · tf-plan-apply-citerraform destroyTear down everything in state. Almost never in production; constantly while learning.
kb · tf-destroyState is Terraform's memory. Move it carefully, keep a backup.
terraform show -json | jqPrint state as JSON. The basic tool for verify and debugging.
kb · tf-stateterraform state listThe addresses of every resource in state. A module.X prefix means a module resource.
kb · tf-stateterraform state show ADDRThe full contents of one resource in state, including sensitive fields.
kb · tf-state-manipulationterraform state mv A BRename in state without destroy. Alternative: the moved block.
kb · tf-moved-blockterraform state rm ADDRRemove from state without touching the cloud. Alternative: the removed block.
kb · tf-removed-blockterraform import ADDR IDPull an existing cloud resource into state.
kb · tf-state-importimport { to = ADDR id = "..." }Declarative import (TF 1.5+). The plan shows it before apply, unlike the CLI.
kb · tf-state-importmoved { from = A to = B }Rename without destroy when you refactor code.
kb · tf-moved-blockremoved { from = A lifecycle { destroy = false } }TF 1.7+: drop a resource from state, keep it in the cloud.
kb · tf-removed-blockHCL hygiene. The good commands have no consequences, the bad ones do.
terraform fmt -recursiveCanonical formatting. -check for CI.
kb · tf-fmtterraform validateSyntax and type checks with no cloud calls.
kb · tf-validateterraform consoleA REPL for expressions, type(), and quick state reads.
kb · tf-consoleterraform graph | dot -Tsvg > graph.svgThe dependency graph. A cycle? -draw-cycles.
kb · tf-graphterraform apply -replace=ADDRForce-recreate a resource. It cascades to dependencies.
kb · tf-replace-targetterraform apply -target=ADDRThe emergency 'roll out only this'. Not a normal workflow.
kb · tf-replace-targetterraform output -raw NAMERead an output without quotes. For scripts and pipes.
kb · tf-outputterraform workspace select devSwitch to a named workspace. Not for multi-env in production.
kb · tf-workspaceWhen the plan is unclear or apply fails: the order of moves.
TF_LOG=DEBUG terraform planLevels: TRACE, DEBUG, INFO, WARN, ERROR. TRACE shows the provider's HTTP calls.
kb · tf-log-debugTF_LOG_PATH=tf.log TF_LOG=DEBUG terraform applyLogs to a file, not stderr. For incident analysis and tickets.
kb · tf-log-debugterraform plan -no-color | grep -E "^( [+~-]|Plan:)"Filter the diff: only change lines and the summary.
kb · tf-plan-diffterraform show plan.tfplanRead a binary plan as a human. -json suits machines.
kb · tf-plan-diffterraform refreshRefresh state from the cloud without changing HCL. Useful on drift.
kb · tf-drift-detectionterraform force-unlock LOCK_IDRelease a stuck state lock. Only if you're sure no one is working.
kb · tf-common-errorsterraform graph -draw-cycles | dot -TsvgHighlight cycles in the dependency graph. The Cycle Error comes from here.
kb · tf-common-errorsNative tests, mock providers, terratest. What and when.
terraform testRun .tftest.hcl from the config root and from tests/ (the default test directory). TF 1.6+.
kb · tf-test-frameworkterraform test -filter=tests/plan.tftest.hclOne file only. Handy when debugging an assert.
kb · tf-test-frameworkmock_provider "aws" { ... }No cloud. Any resources become fakes, and asserts still work.
kb · tf-test-mocksgo test -timeout 30m ./...Terratest. Brings up real infra, runs checks, tears it down.
kb · terratest-basicsterraform-compliance -p plan.json -f features/BDD policy through Gherkin. An alternative to OPA for non-technical reviewers.
kb · terraform-compliancefmt → validate → tflint → checkov → trivy → OPA. In order of strictness.
tflint --recursiveStyle and logic rules over HCL. The AWS ruleset ships separately.
kb · tf-fmt-validate-cicheckov -d .A static security scanner for HCL and plan.json. Suppression goes in comments.
kb · tf-checkovtrivy config .A tfsec replacement; on HCL and plan.json. CIS checks in one tool.
kb · tf-trivy-tfsecconftest test --policy policies/ plan.jsonOPA/Rego: deny rules over plan.json. For the policy gate in CI.
kb · tf-policy-as-codepre-commit installfmt/validate/tflint/checkov hooks on git commit. No more 'forgot to run it'.
kb · tf-fmt-validate-citerraform output -json | jq '. | walk(...)'Sensitive is redacted in output but visible in state. Don't put secrets here.
kb · tf-sensitiveTerragrunt, CDKTF, Infracost, OpenTofu. When the basics aren't enough.
terragrunt run-all planPlan across all stack modules. dependency blocks sort out the order.
kb · tf-terragruntcdktf init --template typescriptA starter CDKTF project. Then cdktf synth → plain HCL.
kb · tf-cdktfinfracost breakdown --path .Cost estimate for the plan. In CI it diffs PR against main.
kb · tf-cost-infracosttofu init && tofu applyOpenTofu. The CLI is identical, state is compatible. Same provider.
kb · tf-opentofu-parityrover -tfPath terraform -workingDir .A web visualizer for the graph and plan. Handy for review presentations.
kb · tf-rover-visualization