What is Terraform?

With Terraform, users can create, update and destroy infrastructure components by writing human-readable configuration files. These configuration files use a declarative language rather than a procedural language. Users describe the desired end state for infrastructure resources, and Terraform handles the rest. It automatically creates an execution plan, identifies dependencies between resources and provisions components in the correct order.

For example, if a virtual machine (VM) depends on a virtual private cloud (VPC), Terraform ensures that the VPC is created before provisioning the VM.

In contrast, with a procedural language, developers must write step-by-step instructions to provision infrastructure.

Terraform configuration files can be versioned, reused and shared. Terraform manages low-level components, such as compute and storage resources and S3 buckets, and high-level components, such as Domain Name System (DNS) entries and software as a service (SaaS) features.

In February 2025, IBM acquired HashiCorp and its offerings, including Terraform. 

Terraform works with virtually any platform or service with an accessible application programming interface (API), including Amazon Web Services (AWS), Microsoft Azure, Google Cloud, GitHub, IBM Cloud and Docker.

The core Terraform workflow consists of three stages:

1. Write
2. Plan 
3. Apply

A developer writes a human-readable configuration file to define the resource configurations for their desired infrastructure. The file is declarative. The developer describes the infrastructure that they want but not how to provision it. 

For example, say that a developer wants to provision infrastructure for deploying a cloud-hosted app. They might specify that they need virtual machines in a virtual private cloud, with associated security groups and a load balancer.

A single configuration file can manage resources located across multiple cloud providers and services.

Terraform analyzes both the written configuration provided by the developer and the current state of the organization’s infrastructure. It then creates an execution plan describing how it will reach the desired state from the current state.

The plan itself takes the form of a list of infrastructure that Terraform will create, update or destroy to bring the real world in line with the developer’s described configurations.

Consider the previous example of a developer deploying an application on virtual machines in a virtual private cloud. Terraform’s plan might include actions such as:

• Provisioning new virtual machines to host the app. 
  
  
• Modifying an existing security group to allow traffic to the new virtual machines. 
  
  
• Provisioning a load balancer to distribute traffic between the virtual machines.

Developers can review, modify and validate the plan before Terraform executes it.

When the plan is approved, Terraform performs the proposed operations in the correct order, respecting any resource dependencies. That is, if resource A depends on resource B, Terraform ensures that resource B is created before resource A.

For example, say that a developer updates the properties of a VPC and changes the number of virtual machines in that VPC. Terraform re-creates the VPC with updated properties before scaling the virtual machines .

The primary components of Terraform include:

• Configuration files
• Modules
• State files
• Providers
• Registries
• Terraform CLI

Organizations use Terraform to provision and manage infrastructure throughout its lifecycle. Common use cases include:

• Managing hybrid and multicloud environments
• Application infrastructure management
• Developer self-service 
• Policy and compliance management
• Team collaboration

Hybrid and multicloud environments can be complex because each cloud provider has its own interfaces, tools and workflows.  In these kinds of setups, critical cloud resources might be distributed across public clouds, private clouds and multiple data centers.

Organizations can use Terraform to simplify the management and orchestration of complex, large-scale cloud infrastructures. Specifically, Terraform enables organizations to use the same configuration language to provision and manage resources across public clouds, private clouds and on-premises environments in one unified workflow.

To help manage infrastructure at scale, Terraform Stacks help users automate and optimize the coordination, deployment and lifecycle management of interdependent Terraform configurations, reducing the time and overhead of managing infrastructure. 

Stacks replace Terraform’s traditional root module structure with a new component-based architecture built on top of Terraform modules. By using Stacks, users can provision and coordinate infrastructure lifecycle at scale, offering an organized and reusable approach that expands upon infrastructure as code.

Terraform can deploy and manage infrastructure for multitier applications, enabling organizations to manage resources for each tier in a unified workflow while respecting dependencies.

For example, a multitier application might consist of a pool of web servers, a database tier, an API layer, caching servers and a routing tier. Terraform would provision the database tier before provisioning the web servers that depend on it.

Developer self-service is evolving beyond simple infrastructure provisioning to encompass the full application lifecycle, from environment setup to deployment and ongoing operations.

Terraform provides the foundation for this modern self-service model. It integrates with developer portals such as Backstage, Port and Cortex; ITSM systems such as ServiceNow and Jira; and CI/CD pipeline platforms such as GitHub Actions and Jenkins.

For teams that prefer to stay within Terraform workflows, Waypoint serves as the Terraform-native developer self-service portal, enabling consistent, policy-driven application deployment experiences. 

Across AWS, Azure and GCP, Terraform acts as the integration and control layer that unifies these entry points, empowering developers to move faster while maintaining governance and operational consistency.

Terraform can help organizations enforce security and compliance policies on the types of resources teams can provision and use.

Sentinel, HashiCorp’s policy-as-code framework for enforcing fine-grained, logic-based governance across infrastructure, provides a library of prewritten policies that offer out-of-the-box controls (for example, mappings to NIST SP-80053). These policies help teams enforce common compliance constraints without having to author all policies from scratch.

For example, organizations can use Terraform modules to codify standards for deploying and managing resources across the organization. When other teams use these approved modules, they can be sure that they are deploying resources in compliance with organizational practices.

Organizations can store Terraform code and configuration files in a version control system (VCS), such as a Git repository. This arrangement enables DevOps teams to collaborate on code, review definitions, track infrastructure changes and roll back to previous infrastructure versions if necessary.

Terraform and Ansible are often used together to extend automation beyond infrastructure provisioning. Terraform excels at provisioning infrastructure, preparing and provisioning complex resources for cloud and hybrid environments. Ansible is a powerful tool for configuration management, modifying and maintaining existing infrastructure consistently. 

Ansible playbooks, written in YAML, allow for fine-grained control over tasks such as installing software and updating system settings.

The two tools address different but connected stages of the infrastructure lifecycle, making them a natural fit for organizations seeking consistency across environments.

Integrations between Terraform and Ansible help close the gap between resource creation and configuration management. For example, Terraform actions can dispatch an event that activates the Ansible Automation Platform’s (AAP) event-driven automation capability to trigger dynamic automation workflows from Ansible, all with just one Terraform apply. 

This interconnectivity can help unify infrastructure toolsets and reduce friction across Day 2 operations such as patching, scaling and decommissioning. Together, Terraform and Ansible help ensure that infrastructure and applications remain consistent and reliable across every stage of their lifecycle.

Kubernetes and Terraform are common components of cloud environments, and they both help automate infrastructure-related tasks. However, the core difference between the two is that Kubernetes focuses on containerized workloads, while Terraform manages all kinds of infrastructure components, including Kubernetes clusters themselves.

Kubernetes is an open-source container orchestration platform for scheduling and automating the deployment, management and scaling of containerized applications. Terraform is an infrastructure as code tool that automates the provisioning and managing of infrastructure.

While these tools are distinct and have different functions, they often work together in cloud backends. For example, Terraform can automate the provisioning of Kubernetes clusters on cloud platforms, while Kubernetes manages the deployment of applications within these clusters.