What is HashiCorp Terraform?

5 minute read Published: 2023-09-22

In this blog I will explain what is Terraform and some of its common terms. I will also list some good to follow standards when you start using Terraform.

Table of Contents

What is it?

What it is not?

It is not a configuration management tool that focuses on single application configuration but Terraform focuses on higher-level abstraction like managing the entire environment.

Terraform Editions

Open Source

A free to download tool that you interact with CLI.

Terraform Cloud

Terraform Enterprise

Self-hosted distribution of Terraform Cloud. It offers enterprises a private instance of the Terraform Cloud application, with no resource limits and with additional enterprise-grade architectural features like audit logging and SAML single sign-on.

Terraform Jargons



A backend defines where Terraform stores its state data files.

terraform {
  cloud {
    organization = "sampleorg"

    workspaces {
      name = "dev-workspace"



The Terraform Registry is an interactive resource for discovering a wide selection of integrations (providers), configuration packages (modules), and security rules (policies) for use with Terraform.


HCL(HashiCorp Configuration Language) is a declarative and domain-specific language.


How Terraform works?


Defining resources


An execution plan that describes the infra terraform will create/update/destroy based on existing infra and your configurations.


Performing the operations in the correct order by respecting resource dependencies. Can be automatic or manual.

Configuration Language

Terraform supports HCL, JSON, CRDS and CDK. CDK allows you to use familiar programming languages to define and provision infrastructure. It also lets you leverage the power of your existing toolchain for testing, dependency management, etc. In this blog we will focus on HCL and how to configure Providers, Resources and Modules.



Terraform Cloud and Terraform Enterprise install providers as part of every run.

Provider configuration

Provider configurations belong in the root module of a Terraform configuration. Child modules receive their provider configurations from the root module.

provider "aws" {
  alias  = "us_east_1"
  region = "us-east-1"

Provider Requirements

Each Terraform module must declare which providers it requires, so that Terraform can install and use them.

terraform {
  required_providers {
    mycloud = {
      source  = "mycorp/mycloud"
      version = "~> 1.0"

Variables, Outputs, and Locals

In comparison with traditional programming languages,

variable "image_id" {
  type = string

output "instance_ip_addr" {
  value = aws_instance.server.private_ip

locals {
  common_tags = {
    Stack       = local.stack
    Environment = local.environment


Each resource block describes one or more infrastructure objects, such as virtual networks, compute instances, or higher-level components such as DNS records.

resource "aws_athena_workgroup" "default" {
  name = "default"
  tags = locals.common_tags

  configuration {
    enforce_workgroup_configuration    = true
    publish_cloudwatch_metrics_enabled = true

    result_configuration {
      output_location = "s3://some-bucket/path"

      encryption_configuration {
        encryption_option = "SSE_S3"

Data Sources

Data sources allow Terraform to use information defined outside of Terraform.

data "aws_vpc" "default" {
  id = "vpc-0aexzk638sp5h9u7v"


Containers for multiple resources that are used together.

Root Module

Every Terraform configuration has at least one module, known as its root module, which consists of the resources defined in the .tf files in the main working directory.

Child Modules

A module that has been called by another module is often referred to as a child module.

Published Modules

In addition to modules from the local filesystem, Terraform can load modules from a public or private registry. You can find some of my AWS Terraform modules here.

module "example_glue_job" {
  source            = "github.com/komminarlabs/terraform-aws-glue-job?ref=v0.1.0"
  name              = "example-glue-job"
  max_retries       = 1
  number_of_workers = 2
  schedule          = "cron(0 12 * * ? *)"
  script_location   = "S3://example-bucket/location/script.py"
  trigger_type      = "SCHEDULED"
  worker_type       = "Standard"

  default_arguments = {
    "--VAR1" = "some value"

  tags = {
    Environment = "development"
    Stack       = "glue"


resource "aws_sagemaker_domain" "default" {
  domain_name             = var.name
  app_network_access_type = var.app_network_access_type
  auth_mode               = "IAM"
  subnet_ids              = var.subnet_ids
  vpc_id                  = var.vpc_id
  tags                    = var.tags

  default_user_settings {
    execution_role  = var.role_arn != null ? var.role_arn : aws_iam_role.default[0].arn
    security_groups = var.security_groups

    jupyter_server_app_settings {
      lifecycle_config_arns = [aws_sagemaker_studio_lifecycle_config.jupyter.arn]

      default_resource_spec {
        instance_type        = "system"
        lifecycle_config_arn = aws_sagemaker_studio_lifecycle_config.jupyter.arn

    kernel_gateway_app_settings {
      lifecycle_config_arns = [aws_sagemaker_studio_lifecycle_config.kernel.arn]

      default_resource_spec {
        instance_type        = "system"
        lifecycle_config_arn = aws_sagemaker_studio_lifecycle_config.kernel.arn