IaC Introduced in L7

Terraform

The de facto IaC tool. Multi-cloud. HCL config language. Plan, apply, state — the discipline of declarative infrastructure.

Mindmap

hover · click to navigate
this tech depends on / used by alternative Shipyard anchor
What it is

The plain-English version

Terraform is HashiCorp's infrastructure-as-code tool. You declare desired state in HCL (HashiCorp Configuration Language) — "this S3 bucket, this VPC, this RDS instance" — and terraform apply makes it true. Multi-cloud through providers; the same workflow whether you're on AWS, GCP, Azure, or Cloudflare.

Why it exists

The problem it solves

Console-clicking infrastructure is unauditable, unrepeatable, and forgetful. Terraform turns infrastructure into reviewable code in git. Plan output is gold — read it before apply, every time. The state file is the source of truth Terraform uses to know what's deployed.

What it competes with

Alternatives

AlternativeTypeWhen it wins
Ansibleconfig mgmtThe agentless configuration management tool. YAML playbooks over SSH. The default in this category today.
Where it shows up in Shipyard

Deep links

Vocabulary

The words you'll hear

Plan / Apply
Show what would change / actually change it.
State
Terraform's record of what's deployed. Stored remotely (S3, Terraform Cloud) for team use.
Provider
A plugin that knows how to talk to a service (AWS, GCP, Cloudflare, GitHub, etc.).
Module
Reusable bundle of HCL code. Like a function for infrastructure.
Drift
Real infrastructure diverging from the code. Detect and reconcile.
Workspace
Separate state for the same code (dev/staging/prod).
Backend
Where state is stored. S3+DynamoDB lock pattern is common.
Prompting

Bad vs. good prompt for Terraform

✕ Bad prompt
write me some terraform
✓ Good prompt
Write Terraform for an AWS S3 bucket for user uploads: versioning enabled, server-side encryption with the default KMS key, public access blocked, lifecycle rule moving non-current versions to Glacier after 30 days. Tag with Project=Tasklane, Env=prod. Use a remote state backend on S3 (assume bucket terraform-state-tasklane exists).

Why it works: Names every property explicitly. The default S3 bucket Terraform makes is none of these things; the realistic configuration is what's described. Short enough to ship in one sitting.

Pitfalls

What bites real teams

⚠ Drift accumulates

One console click and reality differs from the code. Discipline: every change goes through Terraform.

⚠ Lost state file

If you lose the state file, Terraform forgets what it built. Use remote state with locking from day one.

⚠ Apply on PR

Some teams run apply automatically on PR merge. Without manual approval, a bad PR can wreck production. Always pause for human review on plan output.

References

Official docs only