kb/workflow

Terraform workflow: plan-apply-destroy, taint, replace

The Terraform workflow is the daily cycle: plan, review, apply, state, repeat. What to do when a resource gets stuck (taint, -replace), how to tear things down safely (destroy with -target), how to read 'No changes' and why it is the main invariant of terraform.

tf-replace-target-replace and -target: targeted operations on a single resource
The `-replace=<address>` and `-target=<address>` flags restrict apply to a single resource. `-replace` recreates the resource and replaces the deprecated `terraform taint`. `-target` applies only to the specified resource; it is an emergency tool, not an everyday one.
tf-consoleterraform console: REPL for HCL expressions
`terraform console` is an interactive REPL: you type an HCL expression and get the evaluated value back. You can test functions (`upper("foo")`), inspect types (`type(var.x)`), and read state (`aws_s3_bucket.demo.arn`). It changes nothing and only reads.
tf-fmtterraform fmt: canonical HCL formatting
`terraform fmt` rewrites HCL to a canonical style: consistent indentation, aligned `=` signs, no extra blank lines. It runs on the current directory by default, or recursively with `-recursive`. In CI, use `-check -diff` to fail the build on unformatted files.
tf-graphterraform graph: resource dependency graph
`terraform graph` prints the resource dependency directed acyclic graph (DAG) in Graphviz dot format. It shows what depends on what and why Terraform applies resources in a particular order. Use it when debugging cycle errors or understanding large projects.
tf-validateterraform validate: checking HCL without the cloud
`terraform validate` checks HCL for syntax errors and basic logic issues: unknown arguments, wrong types, and references to resources that do not exist. It does not contact the cloud and does not touch state, so it runs fast. In CI, run it after `init -backend=false` and before `plan`.

kb/workflow

Terraform workflow: plan-apply-destroy, taint, replace

tf-replace-target-replace and -target: targeted operations on a single resource
The `-replace=<address>` and `-target=<address>` flags restrict apply to a single resource. `-replace` recreates the resource and replaces the deprecated `terraform taint`. `-target` applies only to the specified resource; it is an emergency tool, not an everyday one.
tf-consoleterraform console: REPL for HCL expressions
`terraform console` is an interactive REPL: you type an HCL expression and get the evaluated value back. You can test functions (`upper("foo")`), inspect types (`type(var.x)`), and read state (`aws_s3_bucket.demo.arn`). It changes nothing and only reads.
tf-fmtterraform fmt: canonical HCL formatting
`terraform fmt` rewrites HCL to a canonical style: consistent indentation, aligned `=` signs, no extra blank lines. It runs on the current directory by default, or recursively with `-recursive`. In CI, use `-check -diff` to fail the build on unformatted files.
tf-graphterraform graph: resource dependency graph
`terraform graph` prints the resource dependency directed acyclic graph (DAG) in Graphviz dot format. It shows what depends on what and why Terraform applies resources in a particular order. Use it when debugging cycle errors or understanding large projects.
tf-validateterraform validate: checking HCL without the cloud
`terraform validate` checks HCL for syntax errors and basic logic issues: unknown arguments, wrong types, and references to resources that do not exist. It does not contact the cloud and does not touch state, so it runs fast. In CI, run it after `init -backend=false` and before `plan`.