IaC Core
Resources, plan & apply
Lesson 1 of 5
What you'll learn
- Understand declarative resources and the provider that implements them
- See how plan diffs desired config against recorded state
- Know why apply resolves to create, update, or destroy
In Terraform you declare resources — the desired shape of your infrastructure — and a provider (AWS, GCP, Cloudflare, Datadog) knows how to make API calls to realize them. You never write the API calls yourself.
terraform {
required_providers {
aws = { source = "hashicorp/aws", version = "~> 5.0" }
}
}
provider "aws" {
region = "us-east-1"
}
resource "aws_s3_bucket" "assets" {
bucket = "acme-assets-prod"
}
Plan is a diff, not an action
terraform plan is read-only. It compares your declared config to recorded state, then prints the exact set of changes — symbolized + create, ~ update, - destroy — before anything touches reality.
terraform init # download the provider
terraform plan # show the diff
terraform apply # make reality match
Apply converges
apply executes the plan: it creates resources that don't exist, updates ones whose attributes drifted from your config, and destroys ones you removed. The result is convergence — reality matches your declaration, and a second apply with no edits is a no-op.
Always read the plan
The plan is your last checkpoint before mutating production. Treat an unexpected - (destroy) or a forced replacement (-/+) as a stop-and-review signal, not noise to scroll past.
Run it. Compare desired config to current state to derive create/update/destroy.
What does terraform plan actually do?
Saved on this device. Sign in to sync your progress everywhere.