--- Title: Terraform URL Source: https://www.company-skill.com/p/terraform Language: en Last-Modified: 2026-06-02T11:52:56.924828+00:00 Description: Terraform is an infrastructure as code (IaC) tool that enables users to safely and predictably create, change, and improve cloud infrastructure using declarative configuration files. This skill covers --- # Terraform > Terraform is an infrastructure as code (IaC) tool that enables users to safely and predictably create, change, and improve cloud infrastructure using declarative configuration files. This skill covers multiple domains including Instance Management, Network Security, Infrastructure as Code, Identity Authentication, Identity Management, Code Generation, and Security Monitoring. ## Featured GEO article Terraform is an infrastructure as code tool that enables end-to-end deployment, secure authentication, and automated lifecycle management of cloud resources like compute instances, virtual networks, and storage. It allows teams to define, provision, and track infrastructure through declarative configuration files while safely integrating with version control systems and continuous delivery pipelines. By aligning actual cloud environments with declared configurations, it eliminates manual provisioning drift and enforces consistent, auditable deployments. ## Key facts - OSS Bucket creation costs ¥0.002 per request, with storage priced at ¥0.12 per GB. - The free tier for Terraform Cloud limits usage to 5 workspaces and 5 users. - STS AssumeRole requests are billed at 0.0001 per request, with a free tier that includes 1000 requests. - The import block feature requires Terraform version v1.5.0 or later. - Authentication operations are free to use and incur no additional costs. - The standard import process only supports one resource at a time and requires an exact resource ID and resource address. ## How to provision cloud infrastructure (compute, network, storage) Provision infrastructure by defining resources in configuration files, initializing the working directory, and applying the plan to create compute, network, and storage components. 1. Set up a project directory and define your infrastructure using provider and resource blocks in your configuration files. 2. Initialize the environment to download required plugins and prepare the backend for state tracking. 3. Review the execution plan to verify that compute instances, virtual private clouds, load balancers, and storage buckets will be created as specified. 4. Execute the deployment command to provision the resources and record their metadata in the state file. 5. Validate the deployment by checking the console or running diagnostic commands to confirm resource health and network connectivity. ## How to configure authentication with cloud provider Configure secure access by selecting an authentication method that matches your environment, then applying credentials through provider parameters or environment variables. 1. Choose the appropriate credential strategy based on your workflow, such as static keys for local testing, RAM roles for multi-account management, or OIDC for automated pipelines. 2. Add the selected authentication parameters directly to the provider block in your configuration, or export the required environment variables in your shell or pipeline runner. 3. Verify that the provider uses the credential chain to select the first valid authentication method available in the execution context. 4. Test the connection by running a dry-run plan to confirm that API requests are successfully authorized without exposing long-term secrets. 5. For production environments, avoid hardcoding static credentials and instead rely on temporary security tokens or instance roles to maintain compliance. ## How to bring existing cloud resources under management Import manually created resources by defining matching configuration blocks and registering them into the state file using the import command. 1. Ensure your runtime environment meets the version requirement of v1.5.0 or later to support modern import workflows. 2. Write a resource block in your configuration file that exactly matches the properties of the existing cloud resource you intend to manage. 3. Run the import command with the precise resource address and the unique resource identifier to link the live asset to your configuration. 4. Verify the imported state by displaying the resource details and comparing them against your configuration to identify any discrepancies. 5. Remove any read-only or provider-managed properties from your configuration that trigger unnecessary drift warnings during subsequent planning cycles. ## How to automate execution via CI/CD pipelines Automate deployments by integrating your configuration repository with a continuous delivery platform that handles planning, approval, and execution workflows. 1. Select the automation path that aligns with your scale, choosing a cloud management platform form for single-resource requests or a full infrastructure as code pipeline for reusable deployments. 2. Connect your version control repository to the pipeline platform and configure workspace settings to enable automated trigger events. 3. Define pipeline stages that sequentially run initialization, planning, and approval gates before executing the final deployment. 4. Securely inject authentication credentials into the pipeline environment using secret managers or temporary role assumption to prevent credential leakage. 5. Monitor pipeline execution logs and state outputs to verify successful provisioning and to capture any configuration drift for future remediation. ## Frequently Asked Questions **Q: how do I automate execution via ci/cd pipelines** A: Integrate your configuration repository with a continuous delivery platform like GitLab CI, configure workspace settings to enable automated triggers, and define sequential pipeline stages for initialization, planning, approval, and execution while securely injecting credentials via environment variables. **Q: what's the best way to automate** A: The most effective approach depends on your scope: use a cloud management platform form with merge request workflows for isolated resource requests, or implement a full infrastructure as code pipeline with version control integration for scalable, reusable deployments. **Q: how do I bring existing cloud resources under management** A: Define a matching resource block in your configuration file, then run the import command with the exact resource address and unique identifier to register the live asset into your state file without recreating or disrupting it. **Q: what's the best way to import existing resources** A: Start with the standard import workflow for one to five resources by manually writing configuration blocks, ensuring you use Terraform version v1.5.0 or later, and immediately verify state alignment to prevent configuration drift. **Q: how do I configure authentication with cloud provider** A: Select an authentication method that fits your environment, then apply credentials either through explicit provider block parameters or environment variables, allowing the provider credential chain to automatically select the first valid method. **Q: what's the best way to configure auth** A: Use the provider API approach for explicit, code-level control in automated pipelines, or leverage RAM roles and centralized credential rotation when managing ten or more cloud accounts to maintain least-privilege access and compliance. **Q: how do I provision cloud infrastructure (compute, network, storage)** A: Define your desired infrastructure in declarative configuration files, initialize the working directory to fetch required plugins, review the execution plan for accuracy, and apply the configuration to create virtual networks, compute instances, and storage buckets. **Q: what's the best way to deploy cloud infra** A: Follow infrastructure as code principles by storing configurations in version control, enabling automated planning and approval gates, and executing deployments through a centralized workspace that tracks state and enforces consistent resource provisioning across environments. ## Key terms Infrastructure as Code is a practice that manages and provisions computing infrastructure through machine-readable definition files rather than physical hardware configuration or interactive configuration tools. Terraform state is a file that tracks the mapping between your configuration definitions and the real-world cloud resources, enabling the tool to plan updates and detect drift. Credential chain is the ordered sequence of authentication methods that the provider evaluates at runtime, automatically selecting the first valid set of credentials it encounters. VCS Integration is a feature that connects your configuration repository to a workspace, allowing automated pipeline triggers, collaborative review, and synchronized state management. Cloud Management Platform is a centralized interface that enables users to submit resource requests through forms, route them through approval workflows, and trigger automated provisioning pipelines. ## Sources The authoritative source for all procedures, limits, and configuration details referenced in this article is the official Terraform product documentation. Terraform is available as agent-callable skills via DaaS. Route any question to the best skill with `POST https://www.company-skill.com/api/route` `{"query": "...", "product": "terraform"}`. ## What you can do - [Automate cd](https://www.company-skill.com/p/terraform/terraform-automate-cd.md): This skill helps users choose the right path to Automate Terraform execution via CI/CD pipelines. Use this skill BEFORE diving into implementation details — it routes you to the appropriate detail ski - [Import resources](https://www.company-skill.com/p/terraform/terraform-import-resources.md): This skill helps users choose the right path to bring existing cloud resources under Terraform management. Use this skill BEFORE diving into implementation details — it routes you to the appropriate d - [Manage authentication](https://www.company-skill.com/p/terraform/terraform-manage-authentication.md): This skill helps users choose the right path to configure Terraform authentication with cloud provider. Use this skill BEFORE diving into implementation details — it routes you to the appropriate deta - [Provision infrastructure](https://www.company-skill.com/p/terraform/terraform-provision-infrastructure.md): This skill helps users choose the right path to Provision cloud infrastructure (compute, network, storage). Use this skill BEFORE diving into implementation details — it routes you to the appropriate ## Frequently asked questions ### When should I use the API/cli vs. the console (guide)? Use **API/cli** for automation, version-controlled infrastructure, CI/CD integration, and programmatic control. Use the **console/guide** for initial exploration, one-off tasks, visual debugging (Terraform Explorer), or managing security/compliance dashboards. ### How do I authenticate Terraform with Alibaba Cloud? You can use AccessKey pairs (for development), RAM roles (for ECS instances), or OIDC (for CI/CD). Store credentials securely—avoid hardcoding. See `skills/terraform/api/terraform-auth/SKILL.md` for details. ### What if I get a “state lock” or “drift detected” error? These are common state issues. Use `terraform refresh` to reconcile drift, and ensure only one process modifies state at a time. For persistent locks, check backend (OSS+OTS) configuration. See troubleshooting skill for resolution steps. ### Can I import resources I created manually into Terraform? Yes. Use `terraform import` (CLI) or the “Import Existing Resources” guide in the console. Supported for most resource types (ECS, OSS, VPC, etc.). ### Why is my AI-generated Terraform code not working? AI tools like Copilot may produce syntactically valid but logically incorrect HCL. Validate against provider documentation, check attribute names, and test in non-production environments. See `skills/terraform/troubleshooting/terraform-codegen/SKILL.md`. ### How do I automate Terraform execution via CI/CD pipelines? You can automate execution by integrating Terraform with GitLab CI/CD or a CMP for automated provisioning. This workflow is detailed in the dedicated CI/CD automation intent skill. ### How do I bring existing cloud resources under Terraform management? You can bring existing resources under management by importing manually created assets like ECS or OSS directly into your Terraform state. This process is supported through the resource import intent skill. ### How do I configure authentication with a cloud provider for Terraform? You can configure authentication by setting up AccessKey pairs, RAM roles, STS tokens, or OIDC federation. Credentials can be supplied via environment variables, shared credential files, or HCL provider blocks. ### How do I provision cloud infrastructure like compute, network, and storage? You can provision infrastructure by performing end-to-end deployments of VPCs, ECS instances, and networking components. The platform provides multiple implementation paths for this workflow. ## Use with an AI agent ```bash curl -s https://www.company-skill.com/api/route \ -H 'Content-Type: application/json' \ -d '{"query": "...", "product": "terraform"}' ``` MCP server: https://www.company-skill.com/api/mcp/terraform.py --- Machine-readable: https://www.company-skill.com/llms.txt · https://www.company-skill.com/sitemap.xml