HomeTerraform in 5 DaysDay 5
Day 5 of 5
⏱ ~60 minutes
Terraform in 5 Days — Day 5

CI/CD with Terraform

Run Terraform in GitHub Actions, use Terraform Cloud for remote state, and implement plan-on-PR, apply-on-merge.

GitHub Actions Workflow

.github/workflows/terraform.yml
name: Terraform

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]

jobs:
  terraform:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4

    - uses: hashicorp/setup-terraform@v3
      with:
        terraform_version: 1.7.0
        cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}

    - name: Terraform Init
      run: terraform init

    - name: Terraform Plan
      run: terraform plan -no-color
      # On PRs, plan output is posted as a comment

    - name: Terraform Apply
      if: github.ref == 'refs/heads/main' && github.event_name == 'push'
      run: terraform apply -auto-approve
Terraform Cloud Setup
# 1. Create account at app.terraform.io
# 2. Create organization and workspace
# 3. Add backend config:
terraform {
  cloud {
    organization = "your-org"
    workspaces {
      name = "production"
    }
  }
}
# 4. Store AWS credentials as workspace variables
# 5. Generate API token → store as GitHub secret TF_API_TOKEN
ℹ️
The pull-request → plan, merge → apply workflow is the gold standard for infrastructure changes. Every change is reviewed before it lands. The plan output on the PR shows exactly what will change. This prevents accidental destroys.
📝 Day 5 Exercise
Set Up Terraform CI/CD
  1. C
  2. r
  3. e
  4. a
  5. t
  6. e
  8. a
  10. G
  11. i
  12. t
  13. H
  14. u
  15. b
  17. r
  18. e
  19. p
  20. o
  22. w
  23. i
  24. t
  25. h
  27. y
  28. o
  29. u
  30. r
  32. T
  33. e
  34. r
  35. r
  36. a
  37. f
  38. o
  39. r
  40. m
  42. c
  43. o
  44. n
  45. f
  46. i
  47. g
  48. .
  50. S
  51. e
  52. t
  54. u
  55. p
  57. T
  58. e
  59. r
  60. r
  61. a
  62. f
  63. o
  64. r
  65. m
  67. C
  68. l
  69. o
  70. u
  71. d
  73. f
  74. o
  75. r
  77. r
  78. e
  79. m
  80. o
  81. t
  82. e
  84. s
  85. t
  86. a
  87. t
  88. e
  89. .
  91. C
  92. r
  93. e
  94. a
  95. t
  96. e
  98. t
  99. h
  100. e
  102. G
  103. i
  104. t
  105. H
  106. u
  107. b
  109. A
  110. c
  111. t
  112. i
  113. o
  114. n
  115. s
  117. w
  118. o
  119. r
  120. k
  121. f
  122. l
  123. o
  124. w
  125. .
  127. O
  128. p
  129. e
  130. n
  132. a
  134. P
  135. R
  136. ,
  138. v
  139. e
  140. r
  141. i
  142. f
  143. y
  145. t
  146. h
  147. e
  149. p
  150. l
  151. a
  152. n
  154. r
  155. u
  156. n
  157. s
  158. .
  160. M
  161. e
  162. r
  163. g
  164. e
  166. t
  167. o
  169. m
  170. a
  171. i
  172. n
  173. ,
  175. v
  176. e
  177. r
  178. i
  179. f
  180. y
  182. a
  183. p
  184. p
  185. l
  186. y
  188. r
  189. u
  190. n
  191. s
  192. .

Day 5 Summary

  • terraform plan on every PR = infrastructure changes reviewed before merge.
  • terraform apply -auto-approve on main merge = automatic deployment.
  • Terraform Cloud manages state remotely and stores credentials securely.
  • TF_API_TOKEN secret authenticates the CI runner to Terraform Cloud.
← Previous
Day 4: Modules: Reusable Infrastructure
Course Complete
Back to Terraform in 5 Days
Finished this lesson?