Learning Resources
This module is docs-first. The primary authority on Terraform is the HashiCorp developer documentation -- not books, not blog posts, not videos. Local book chunks in library/raw/semester-09-cloud-devops/books/ cover Git and the Linux CLI and are peripheral here; we use them only when PR and review culture needs grounding.
Source Stack
| Source | Role | How to use it in this module |
|---|---|---|
| HashiCorp Terraform Developer Docs | Primary | Default authority for every Terraform concept: language, CLI, backends, modules, providers, lifecycle |
| Terraform Best Practices (terraform-best-practices.com) | Secondary | Community-maintained conventions for modules, naming, environments, CI |
| Open Policy Agent docs | Primary (Cluster 5) | Rego language, testing, CI integration |
| HashiCorp Sentinel docs | Secondary (Cluster 5) | Sentinel policy language reference |
| tfsec (migrating to Trivy) | Secondary (Cluster 5) | Static scanner for Terraform; rules catalog |
| Ansible Documentation | Secondary (Cluster 5) | Config-management reference; modules and inventory |
| AWS CDK v2 Developer Guide | Secondary (Cluster 5) | CDK constructs, synth, deploy |
| Pulumi documentation | Secondary (Cluster 5) | Pulumi concepts, programming-model vs Terraform |
| Pro Git, The Linux Command Line, Git from the bottom up (local chunks) | Peripheral | PR-review mechanics only; useful for Cluster 4 |
Resource Map by Cluster
Cluster 1: The IaC Mindset
| Need | Best external source | Why |
|---|---|---|
| What IaC is, why it exists | Terraform: What is Infrastructure as Code? | Vendor-neutral framing of the problem |
| Declarative vs imperative | Terraform Intro | Explicit contrast with scripts |
| State model | Terraform: State | Canonical explanation of state |
| State locking | Terraform: State and backends -- locking | Locking semantics |
| Idempotency and the apply loop | Terraform Intro + Resource lifecycle | Together: why the same apply is safe twice |
Cluster 2: Terraform Core
| Need | Best external source | Why |
|---|---|---|
| Providers | Terraform Language: Providers | Provider block, required_providers, versions |
| Resources | Terraform Language: Resources | Syntax, meta-arguments, lifecycle |
| Data sources | Terraform Language: Data sources | Read-only queries |
| Variables | Terraform Language: Input Variables | Types, validation, sensitivity |
| Local values | Terraform Language: Local Values | Purpose and pitfalls |
| Outputs | Terraform Language: Output Values | How modules expose state |
| Plan | Command: terraform plan | Plan symbols, saved plans |
| Apply | Command: terraform apply | Apply-from-plan |
Cluster 3: Modularity and Reuse
| Need | Best external source | Why |
|---|---|---|
| Writing a module | Tutorial: Create a Terraform module | End-to-end module creation |
| Module conventions | Terraform Best Practices: module structure | Opinionated community guidance |
| Workspaces | Terraform Language: Workspaces | Purpose and limits of CLI workspaces |
| Backend block | Terraform Language: Backends | Backend configuration |
| Remote state | Terraform Language: Remote State | Cross-team state access |
| Environments | Terraform Best Practices: environment separation | Dir-per-env and repo-per-env patterns |
Cluster 4: Managing Change
| Need | Best external source | Why |
|---|---|---|
| Plan review discipline | Command: terraform plan + Best Practices: PR flow | Plan as the unit of review |
moved blocks | Terraform Language: Refactoring with moved | Canonical docs |
import blocks | Terraform Language: Importing infrastructure | Modern import block workflow |
terraform state CLI | Command: terraform state | Last-resort state surgery |
| Lifecycle meta-arguments | Terraform Language: lifecycle | prevent_destroy, create_before_destroy, ignore_changes |
| PR review mechanics | Pro Git: Distributed Workflows (local chunks) | Git-side of the review loop |
Cluster 5: IaC Beyond Terraform
| Need | Best external source | Why |
|---|---|---|
| Ansible | Ansible: Getting started | Inventory, playbooks, idempotency |
| CDK | AWS CDK v2: Developer Guide | Constructs, App/Stack model |
| Pulumi | Pulumi: Concepts | Programming-model IaC |
| OPA / Rego | OPA: Documentation | Policy engine home |
| Sentinel | Sentinel: Documentation | HCP Terraform policy engine |
| tfsec / Trivy | tfsec docs (migrating to Trivy) | Static Terraform scanning |
Concept-to-Source Map (Primary Concepts)
| Primary concept | Best external source | Why this source |
|---|---|---|
| Declarative vs imperative | Terraform Intro | Vendor-neutral contrast |
| State and its hazards | Terraform: State | Authoritative on the model |
| Idempotency and convergence | Terraform Intro + Resource lifecycle | Model + mechanism |
| Providers / resources / data sources | Terraform Language: Providers | Authoritative |
| Variables / outputs / locals | Input Variables | Primary reference |
| Plan / apply / drift | Command: terraform plan | Authoritative on lifecycle commands |
| Reusable modules | Tutorial: Create a module | End-to-end worked example |
| Workspaces, envs, monorepo/polyrepo | Workspaces + Best Practices | Official + community |
| Remote state and locking | Backends | Authoritative |
| Plan review as PR culture | terraform plan | Saved-plan semantics |
Refactoring: moved, import, state | Refactoring with moved + Importing infrastructure | The two canonical docs |
| Blast radius and safe defaults | lifecycle meta-arguments | Authoritative |
| Policy as code | OPA docs + Sentinel docs | Two canonical policy engines |
External Resources (Validated)
All URLs below were checked against official or canonical sources during curriculum curation. Use them in preference to third-party blog posts unless you are already fluent and want a second exposition.
- Terraform Intro
- Terraform Language home
- Terraform Tutorials
- Terraform State
- Terraform State Locking
- Terraform Backends
- Terraform Remote State
- Terraform Workspaces
- Terraform Providers
- Terraform Resources
- Terraform Data Sources
- Terraform Input Variables
- Terraform Local Values
- Terraform Output Values
- Terraform
lifecycle - Terraform Command
plan - Terraform Command
apply - Terraform Command
state - Terraform Import (language)
- Terraform Refactoring with
moved - Terraform Tutorial: Create a module
- Terraform Best Practices
- Open Policy Agent docs
- HashiCorp Sentinel docs
- tfsec (migrating to Trivy)
- Ansible: Getting started
- AWS CDK v2: Developer Guide
- Pulumi: Concepts
Use Rules -- Docs-First Discipline
- Go to
developer.hashicorp.com/terraform/languagefirst, for every Terraform language question. The docs are the source of truth; blog posts are often out of date, especially since Terraform 1.1's addition ofmovedand 1.5'simportblock. - When stuck on a provider's resource attributes, go to the provider's page in the Terraform Registry. Do not trust examples from blog posts written before 2023.
- For backends and state: read the backend-specific page (S3, GCS, HCP Terraform) before you configure one. Subtle differences (server-side encryption, KMS keys, IAM) live only in those pages.
- For refactors, read the
movedandimportpages before the PR. Every month saved guessing is a PR that does not destroy production. - For policy, read the OPA tutorial and write your first policy the same day. Policy skills are muscle; they do not accumulate from reading alone.
- Book chunks (Pro Git, Linux Command Line, Git from the bottom up) are here for Cluster 4's PR-review context and for general shell fluency. They are not IaC sources -- do not escalate to them for Terraform questions.