Terraform From Basics to Real-World Practice
Learn Terraform from zero to standing up multi-environment AWS infrastructure through CI/CD. The series covers HCL, providers and resources, state and remote state on S3, variables and expressions, modules, multiple environments, lifecycle, testing and pipelines — closing with a complete capstone project. Every command runs for real on AWS, code lives at github.com/nghiadaulau/terraform-series. Grounded in HashiCorp's official docs, Terraform 1.15 and AWS provider v6.
Composing Modules, the Terraform Registry, and Pinning Versions
Wire modules together by feeding one module's output into another's input, pull shared modules from the Terraform Registry with a properly pinned source and version, and understand why locking module versions matters for stability. Live demo: one Registry module wired together with two local modules.
A Real Network Module: VPC, Subnet, and EC2
Assemble everything from Part IV into a useful foundational infrastructure module: a VPC with public subnets across multiple zones, an internet gateway and route table, generating CIDRs with cidrsubnet and subnets with for_each. Then place an EC2 on the Internet inside that network. This is the kind of foundational module nearly every project needs.
Multiple Environments: Workspaces and Directory Layout
Dev, staging, prod need separate state. There are two ways: workspaces keep multiple states in the same backend, and directory layout splits each environment into its own directory with its own backend. This article demos both, and shows clearly why workspaces are NOT a good fit for strong separation between prod and dev — exactly the docs' warning.
Reading Another State and Refactoring: remote_state, moved, removed
When you split infrastructure across multiple states, terraform_remote_state lets one config read the output of another. And when reorganizing code, the moved block renames a resource without destroy-recreate, the removed block drops a resource from state without destroying it — both declared right in the configuration instead of the manual state mv/rm commands from Article 7.
Advanced Lifecycle and Providers
Features that control resource and provider lifecycle: create_before_destroy, prevent_destroy, ignore_changes, replace_triggered_by; provider alias to run multi-region in one configuration; terraform_data replacing null_resource; provisioners as a last resort; and the check block that only warns. Each feature comes with a real demo.
CI/CD for Terraform: GitHub Actions, OIDC, and Quality Scanning
Put Terraform into a pipeline: automatic plan on pull requests, apply on merge, AWS authentication via OIDC with no stored access key. Bolt the quality scanners fmt, validate, tflint, Trivy and Checkov into the pipeline — with real output showing what holes they catch.
Testing: terraform test, mock_provider, and Terratest
Test Terraform code before it stands up real infrastructure. terraform test (GA since 1.6) with .tftest.hcl files runs run/assert to check logic, mock_provider (1.7) lets tests run without real AWS. Real demo of three passing tests and one failing test, then an introduction to Terratest for deep integration testing.
Capstone: A Complete Multi-Tier Web Infrastructure
The final article assembles everything in the series into a complete web infrastructure: VPC, ALB, an Auto Scaling Group running nginx, RDS PostgreSQL and S3 — organized into three connected modules. Apply for real, access the application through the ALB, verify the DB password never leaks into state, then a clean teardown. Closes with a roadmap for what to learn next.