Testing: terraform test, mock_provider, ...
DevOpsAWS

Testing: terraform test, mock_provider, and Terratest

Test Terraform code before it stands up real infrastructure. terraform test (GA since 1.6) with .tftest.hcl files runs run/assert to check logic, mock_provider (1.7) lets tests run without real AWS. Real demo of three passing tests and one failing test, then an introduction to Terratest for deep integration testing.

K
KaiMay 25, 2026· 52 views
Advanced Lifecycle and Providers
DevOpsAWS

Advanced Lifecycle and Providers

Features that control resource and provider lifecycle: create_before_destroy, prevent_destroy, ignore_changes, replace_triggered_by; provider alias to run multi-region in one configuration; terraform_data replacing null_resource; provisioners as a last resort; and the check block that only warns. Each feature comes with a real demo.

K
KaiMay 25, 2026· 53 views
Reading Another State and Refactoring: r...
DevOpsAWS

Reading Another State and Refactoring: remote_state, moved, removed

When you split infrastructure across multiple states, terraform_remote_state lets one config read the output of another. And when reorganizing code, the moved block renames a resource without destroy-recreate, the removed block drops a resource from state without destroying it — both declared right in the configuration instead of the manual state mv/rm commands from Article 7.

K
KaiMay 25, 2026· 52 views
Multiple Environments: Workspaces and Di...
DevOpsAWS

Multiple Environments: Workspaces and Directory Layout

Dev, staging, prod need separate state. There are two ways: workspaces keep multiple states in the same backend, and directory layout splits each environment into its own directory with its own backend. This article demos both, and shows clearly why workspaces are NOT a good fit for strong separation between prod and dev — exactly the docs' warning.

K
KaiMay 25, 2026· 49 views
Writing Your First Module
DevOpsAWS

Writing Your First Module

A module packages a group of resources behind a clean input/output interface, to reuse in many places without copying code. This article writes a 'secure-bucket' module that wraps an S3 bucket along with versioning, encryption and public-access blocking into a single concept, then calls it twice from the root with different inputs.

K
KaiMay 25, 2026· 54 views
count and for_each: The Index Trap, Cond...
DevOpsAWS

count and for_each: The Index Trap, Conditionals, templatefile

Two ways to create multiple resources: count by index and for_each by key. This article shows the real-world trap of using count with a list — dropping a middle element shifts the indexes and wrongly destroys-and-recreates a whole row of resources — with a live demo, then shows how for_each avoids it. Plus conditional resource creation and templatefile.

K
KaiMay 25, 2026· 44 views
Data Sources, Functions, for Expressions...
DevOpsAWS

Data Sources, Functions, for Expressions and Dynamic Blocks

Read existing information on AWS with data sources (latest AMI, available zones, current account), transform and filter data with for expressions, then generate repeated nested blocks with dynamic blocks. A security group with ingress rules auto-generated from a list of ports serves as the running example.

K
KaiMay 25, 2026· 65 views