In Infrastructure as Code it is crucial to understand the proposed changes before applying them to maintain system stability and avoid unintended consequences. Terraform offers a built-in way to view these changes throughout the terraform plan command. This command is used to generate an execution plan by comparing the current infrastructure with your desired configuration defined in the .tf files.
By reviewing the plan output, teams can validate configurations, catch potential issues and ensure that changes align with the expectations before anything is finally deployed. This is how you can view Terraform plan easily using commands.
Related Article: The Complete Guide to Terraform Certification: The Ultimate Source of Information
Why Is It Crucial To View Terraform Plan
It is a really good practice to preview your Terraform plan. Without it, it is super risky to apply changes that could accidentally delete resources, introduce misconfigurations, or cause downtime in the production environment.
Here is why reviewing the plan is crucial:
- The plan clearly shows what will be added, changed, or destroyed, giving you full visibility into proposed infrastructure updates.
- By spotting misconfiguration resources or unintended changes early, you can avoid costly errors.
- Viewing plan is pretty much like a code review or CI/CD process, so it ensures that infrastructure changes are intentional and approved.
- In regulated environments, capturing and reviewing a plan supports compliance requirements and audit trails.
- Lastly, Viewing Terraform plans ensure that automation doesn’t introduce surprises.
How to Generate a Terraform Plan
Generating a Terraform plan is pretty simple. Once your configuration files are ready and your working directory is initialized, you can use the following command:
Get exclusive access to all things tech-savvy, and be the first to receive
the latest updates directly in your inbox.
terraform plan
This command will compare your current state as recorded in terraform.tfstate with your configuration code and display the proposed changes.
Optional Flags
You can modify the behavior of terraform plan with useful flags:
- -out=plan.out: Saves the plan to a file, allowing you to apply it later.
- -var=”key=value”: Overrides specific variable values.
- -var-file=”file.tfvars”: Loads variable values from a file.
- -target=resource_type.name: Limits the plan to specific resources.
Example:
terraform plan -out=prod-plan.out -var-file=”production.tfvars”
This command is often run after terraform init and terraform validate as part of a safe and standard workflow.
Understanding the Plan Output
The output of the terraform plan outlines what the Terraform would do if you would execute the terraform apply.
It uses concise symbols to indicate the type of change:
- +: Resource will be created
- -: Resource will be destroyed
- ~: Resource will be modified in-place
- -/+: Resource will be replaced (destroyed and recreated)
Each resource block in the output shows which attributes are changing, and how. For example:
~ aws_instance.example
instance_type: “t2.micro” => “t3.micro”
This means that the instance type is getting updated. Reviewing these will allow you to spot errors, confirm intentions, and plan your changes with confidence.
Saving and Reusing Terraform Plans
Terraform allows you to differentiate between the planning and applying stages of infrastructure management. This is mainly useful when you aim to:
- Perform manual reviews
- Implement automated CI/CD pipelines
- Follow the change approval processes
Instead of viewing the plan directly in your terminal, you can save it to a file using the -out flag:
How to Save a Terraform Plan
Terraform plan -out=plan.tfplan
- This command will run the plan as intended.
- The output will be stored in a binary file called the plan.tfplan.
- You will see any detailed changes in the terminal.
This saved plan captures:
- What Terraform intends to do
- Which resources need to be added, modified, or destroyed
- The exact state difference between the current infrastructure and the .tf code.
How to Reuse a Saved Plan
To apply the saved plan in its original form as it was generated initially without any re-evaluating, use:
terraform apply plan.tfplan
This ensures that:
- You’re applying only what was planned.
- Terraform won’t recalculate or pick up new changes from your .tf files.
- Any updates to .tf files or external states made after the plan was saved won’t be considered.
Example Workflow in CI/CD:
terraform plan -out=staging.tfplan
terraform show staging.tfplan
terraform apply staging.tfplan
This separation is especially important in production environments, where changes must go through multiple layers of validation before deployment.
How To View Terraform Plan Using .tfplan
When you generate a Terraform plan using the -out flag, the plan is saved to a binary file format, which is not directly readable. To view the contents of this saved plan, Terraform provides the terraform show command.
Why Use a Terraform show?
- To review the infrastructure changes stored in a plan before applying them.
- To share or audit a plan within the team or the automated pipeline.
- To convert the original plan into a human-readable version.
Syntax
terraform show plan.tfplan
This command outputs a human-readable summary of the plan file plan.tfplan, similar to the output of terraform plan.
Example
Let’s say you run:
terraform plan -out=prod.tfplan
You won’t see the actual plan in the terminal because it’s saved in binary format. To view it, you run:
terraform show prod.tfplan
The output might look like:
~ resource “aws_instance” “web” {
instance_type = “t2.micro” -> “t3.micro”
…
}
Viewing in JSON Format
You can also view Terraform plan that is saved in JSON for automation or integrations:
terraform show -json plan.tfplan
This outputs structured data, which can be parsed and used in tools like:
- Custom scripts (e.g., for validation or approvals)
- Dashboards (to visualize infrastructure changes)
- Policy tools like Sentinel or Open Policy Agent
Plan Output Examples (Add, Change, Destroy)
The Terraform plan shows the output clearly by marking the resource actions, which makes it easy to understand. Here are some of the most simple examples of each type:
- Add (+)
+ aws_s3_bucket.example bucket: “my-new-bucket”
acl: “private”
This indicates Terraform will create a new S3 bucket.
- Change (~)
~ aws_instance.web
instance_type: “t2.micro” => “t3.micro”
Terraform will update the instance type of the existing EC2 instance.Destroy (-)
– aws_security_group.old_group
Terraform plans to delete the specified security group.
- Replace (-/+)
-/+ aws_db_instance.db
allocated_storage: “20” => “50”
Some resource changes require full replacement. Terraform handles this by destroying the old resource and creating a new one.
Conclusion – View Terraform Plan
It is super important to view Terraform plan before you save or reuse them, mainly because it allows you to review the infrastructure and main changes. It is also a great strategy to maintain compliance or regulations!
