So far, we’ve run Terraform manually: init, plan, and apply. That works fine for learning or small projects, but in real-world teams you need automation:
- Infrastructure changes go through version control
- Every change is reviewed before deployment
- Terraform runs automatically in CI/CD pipelines
This is where Terraform and CI/CD fit together perfectly.
Why CI/CD for Terraform?
- Consistency → Every change follows the same workflow
- Collaboration → Code reviews catch mistakes before they reach production
- Automation → No more manual
terraform applyon laptops - Security → Restrict who can approve and apply changes
Typical Terraform Workflow in CI/CD
- Developer pushes code → Terraform configs to GitHub/GitLab
- CI pipeline runs →
terraform fmt,validate, andplan - Reviewers approve → Pull Request reviewed and merged
- CD pipeline runs →
terraform applyin staging/production
Example: GitHub Actions Workflow
A simple CI/CD pipeline using GitHub Actions:
name: Terraform CI/CD
on:
pull_request:
branches: [ "main" ]
push:
branches: [ "main" ]
jobs:
terraform:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Setup Terraform
uses: hashicorp/setup-terraform@v2
- name: Terraform Format
run: terraform fmt -check
- name: Terraform Init
run: terraform init
- name: Terraform Validate
run: terraform validate
- name: Terraform Plan
run: terraform plan
Here’s the flow:
- On pull requests, Terraform runs checks and
plan - On main branch push, you can extend this to run
apply
Example: GitLab CI/CD
stages:
- validate
- plan
- apply
validate:
stage: validate
script:
- terraform init
- terraform validate
plan:
stage: plan
script:
- terraform plan -out=tfplan
artifacts:
paths:
- tfplan
apply:
stage: apply
script:
- terraform apply -auto-approve tfplan
when: manual
Notice that apply is manual → requires approval before execution.
Best Practices for Terraform CI/CD
- Separate stages → validate, plan, apply.
- Require approval for
terraform apply(especially in production). - Store state remotely (S3, Terraform Cloud, or Azure Storage).
- Use workspaces or separate pipelines for dev, staging, and prod.
- Scan for security → run tools like
tfsecorCheckov.
Case Study: Enterprise DevOps Team
A large enterprise adopted Terraform CI/CD:
- Every change went through pull requests
- Automated pipelines ran
planon PRs - Senior engineers approved
applyin production
Impact:
- Faster delivery cycles
- Zero manual runs on laptops
- Full audit history of infrastructure changes
Key Takeaways
- Terraform + CI/CD = safe, automated, and auditable infrastructure deployments
- Always separate
planandapplysteps - Enforce approvals for production
- Use security scanners for compliance
End of Beginner Series: Mastering Teraform 🎉
We’ve now covered:
- Basics of Terraform
- First Project
- Variables & Outputs
- Providers & Multiple Resources
- State Management
- Modules
- Workspaces & Environments
- Provisioners & Data Sources
- Best Practices & Pitfalls
- CI/CD Integration
With these 10 blogs, you can confidently go from Terraform beginner → production-ready workflows.
Bibliography
- HashiCorp. Automate Terraform with CI/CD. Available at: https://developer.hashicorp.com/terraform/tutorials/automation/ci-cd
- GitHub. GitHub Actions for Terraform. Available at: https://github.com/hashicorp/setup-terraform
- GitLab. Using Terraform with GitLab CI/CD. Available at: https://docs.gitlab.com/ee/ci/examples/terraform.html
- AWS. Infrastructure as Code and CI/CD Best Practices. Available at: https://aws.amazon.com/devops/continuous-delivery/
- Microsoft Azure. Terraform Deployment via Azure DevOps Pipelines. Available at: https://learn.microsoft.com/en-us/azure/devops/pipelines/terraform
