Reference and Selective Reading
You do not need to read the Terraform documentation front-to-back. Use the concept pages first, then the practice pages. Open these external references only when you need alternate exposition, a precise attribute name, or a deeper exercise lane.
This module is deliberately docs-first: the HashiCorp developer documentation is the source of truth. Local book chunks are peripheral and appear only where they help Cluster 4's PR-review mechanics.
Source Roles
| Source | Role | Why it is here |
|---|---|---|
| HashiCorp Terraform Developer Docs | Primary | Authoritative on language, CLI, state, modules, and providers |
| Terraform Best Practices (terraform-best-practices.com) | Secondary | Community-maintained conventions; opinionated but practical |
| Open Policy Agent docs | Primary (Cluster 5) | Rego language and policy engine |
| HashiCorp Sentinel docs | Secondary (Cluster 5) | HCP Terraform's policy engine |
| tfsec (migrating to Trivy) | Secondary (Cluster 5) | Static Terraform scanner |
| Ansible docs | Secondary (Cluster 5) | Canonical config-management reference |
| AWS CDK v2 Developer Guide | Secondary (Cluster 5) | IaC in general-purpose languages (CDK) |
| Pulumi documentation | Secondary (Cluster 5) | IaC in general-purpose languages (Pulumi) |
| Pro Git / The Linux Command Line / Git from the bottom up (local chunks) | Peripheral | PR review mechanics and shell fluency only |
Open Only If Stuck
Cluster 1: The IaC Mindset
- Terraform Intro: What is Infrastructure as Code?
- Terraform Language: State
- Terraform Language: State locking
- Terraform Language: Resource syntax (lifecycle overview)
Cluster 2: Terraform Core
- Terraform Language: Providers
- Terraform Language: Resources
- Terraform Language: Data Sources
- Terraform Language: Input Variables
- Terraform Language: Local Values
- Terraform Language: Output Values
- Command:
terraform plan - Command:
terraform apply
Cluster 3: Modularity and Reuse
- Tutorial: Create a Terraform module
- Terraform Language: Backends
- Terraform Language: Remote state
- Terraform Language: Workspaces
- Terraform Best Practices: Code Structure
- Terraform Best Practices: Key Concepts
Cluster 4: Managing Change
- Terraform Language: Refactoring with
moved - Terraform Language: Importing infrastructure
- Command:
terraform state - Terraform Language:
lifecyclemeta-argument - Terraform Best Practices: Running Terraform in automation
Cluster 5: IaC Beyond Terraform
- Ansible: Getting started
- AWS CDK v2: Developer Guide
- Pulumi: Concepts
- Open Policy Agent: Documentation
- OPA: Policy language
- HashiCorp Sentinel: Documentation
- tfsec (migrating to Trivy)
Optional Deep Dive
- Terraform Tutorials home -- full tutorial catalog; use for scenario-based practice
- Terraform Language home -- entry point for the complete language reference
- HCP Terraform (Terraform Cloud) Workspaces Settings -- managed workspaces beyond CLI workspaces
- Terraform Registry -- source of truth for provider and module attributes
- Trivy: Misconfiguration scanning -- Terraform -- the modern home of tfsec's rules
Concept-to-Source Map
| Primary concept | Best source if stuck | Why this source |
|---|---|---|
| Declarative vs imperative infrastructure | Terraform Intro | Direct contrast with scripting |
| State: ground truth and its hazards | Terraform: State | Authoritative on the state model |
| Idempotency and convergence | Terraform Intro + Resource syntax | Model + mechanism |
| Providers, resources, data sources | Terraform Language: Providers | Authoritative |
| Variables, outputs, locals | Input Variables | Primary reference |
| Plan/apply lifecycle, drift | Command: terraform plan | Authoritative on lifecycle commands |
| Reusable Terraform modules | Tutorial: Create a module | End-to-end worked example |
| Workspaces / envs / mono-poly | Workspaces + Best Practices | Official + community |
| Remote state and locking | Backends | Authoritative |
| Plan review as PR culture | terraform plan | Saved-plan semantics |
Refactoring with moved / import | Refactoring + Import | Two canonical docs |
| Blast radius and safe defaults | lifecycle meta-argument | Authoritative |
| Ansible boundary | Ansible: Getting started | Canonical |
| CDK / Pulumi | AWS CDK v2 guide + Pulumi concepts | Vendor sources |
| Policy as code | OPA docs | Primary engine |
External Community References
- Terraform Best Practices (terraform-best-practices.com)
- Terraform Registry
- Trivy: IaC Terraform scanning
- Pro Git (local chunks) -- for PR-review mechanics
- Git from the bottom up (local chunks) -- mental model of commits and branches
- The Linux Command Line (local chunks) -- shell fluency for CI/CD integration
Use Rules
- For any Terraform language question, open the relevant
developer.hashicorp.com/terraform/language/...page before reading blog posts. Blog posts written before themovedblock (Terraform 1.1) and theimportblock (Terraform 1.5) are actively misleading on refactoring. - For provider-specific attributes, open the Terraform Registry page for that provider.
- For backends, read the specific backend page (
/language/backend/s3,/language/backend/gcs, etc.) -- generic advice does not substitute for the backend's concrete attribute list. - For policy as code, read the OPA
policy-languagepage and write a policy the same day. Reading alone does not build the muscle. - Book chunks stay peripheral here. If you find yourself reaching for Pro Git to answer a Terraform question, you have drifted from the source.