Terraform Plan -out: Powerful Tool for Debugging & Testing
I always seem to forget the Terraform Plan out command!
Did you know you can save your plan to a file that your favorite text editor can read? If you try the default command in the man pages, the formatting is all over the place because of Terraform’s colors.
Outputting your planning file is useful for writing large Terraform files. I find it particularly useful to ensure all my naming conventions look good before applying the code.
Before we start, ensure you have run terraform init before you run terraform plan.
terraform plan > myplan.txtThe formatting is all messed up
See below.
Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
[32m+[0m create
[36m<=[0m read (data resources)
[0m
Terraform will perform the following actions:
[1m # module.mymodule.data.aws_iam_policy_document.nodes[0m will be read during apply[0m
# (config refers to values not yet known)[0m
[0m [36m<=[0m[0m data "aws_iam_policy_document" "nodes" {
[32m+[0m [0m[1m[0mid[0m[0m = (known after apply)
[32m+[0m [0m[1m[0mjson[0m[0m = (known after apply)
[32m+[0m [0mstatement {
[32m+[0m [0m[1m[0mactions[0m[0m = [
[32m+[0m [0m"autoscaling:DescribeScalingPlanResources",
[32m+[0m [0m"autoscaling:DescribeScalingPlans",
[32m+[0m [0m"ec2:AttachNetworkInterface",
[32m+[0m [0m"ec2:AttachVolume",
[32m+[0m [0m"ec2:CreateNetworkInterface",
[32m+[0m [0m"ec2:CreateSnapshot",
[32m+[0m [0m"ec2:CreateTags",
[32m+[0m [0m"ec2:DeleteTags",
[32m+[0m [0m"ec2:DescribeInstances",
[32m+[0m [0m"ec2:DescribeNetworkInterfaces",
[32m+[0m [0m"ec2:DescribeSecurityGroups",A quick workaround is to use the –no-colour option.
terraform plan -no-color > myplan.txt This fixes the formatting issue and makes everything easier to read.
Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
+ create
<= read (data resources)
Terraform will perform the following actions:
# module.mymodule.data.aws_iam_policy_document.nodes will be read during apply
# (config refers to values not yet known)
<= data "aws_iam_policy_document" "nodes" {
+ id = (known after apply)
+ json = (known after apply)
+ statement {
+ actions = [
+ "autoscaling:DescribeScalingPlanResources",
+ "autoscaling:DescribeScalingPlans",
+ "ec2:AttachNetworkInterface",
+ "ec2:AttachVolume",
+ "ec2:CreateNetworkInterface",
+ "ec2:CreateSnapshot",
+ "ec2:CreateTags",
+ "ec2:DeleteTags",
+ "ec2:DescribeInstances",
+ "ec2:DescribeNetworkInterfaces",
+ "ec2:DescribeSecurityGroups",Storing the plan in a file has several advantages. First, it ensures consistency between the plan and apply phases, eliminating any discrepancies that might arise due to changes in the configuration or the state of the remote resources between the two steps. Second, it facilitates collaboration among team members. You can share the plan file for peer review or for approval processes in a CI/CD pipeline.
What Else Can You Do With Terraform Plan Output?
Relative Path for Output:
terraform plan -out=./plans/terraform_planSpecifies a relative path to save the plan in the ‘plans’ directory.
Full Path for Output:
terraform plan -out=/path/to/terraform/plans/my_plan
Saves the Terraform plan to an absolute path.
Output in JSON Format:
terraform plan -out=tfplan.json -input=false -lock=false -no-color -detailed-exitcodeGenerates the plan in JSON format without user input, locking, or color and with a detailed exit code.
Generate a Plan Without Applying, and get a detailed exit code
terraform plan -detailed-exitcodePerforms a dry run of the Terraform plan without applying changes, providing a detailed exit code.
Plan with Specific Variable Values:
terraform plan -out=tfplan -var="region=us-east-1" -var="instance_type=t2.micro"Creates a plan with specific variable values, in this case, setting the region to us-east-1 and instance type to t2.micro.
Terraform Plan Common Q&A
Q1: What is the primary function of the terraform plan command?
A: The terraform plan command is used to generate an execution plan, showing what changes will be made to the infrastructure without actually applying them. It serves as a dry run to visualize the impact of your Terraform configurations.
Q2: How does the -out flag enhances the terraform plan command?
A: The -out flag allows you to save the execution plan to a file. This guarantees that the plan generated precisely matches what will be applied later, eliminating any discrepancies that could arise from alterations in configuration or remote resources.
Q3: What is the format of the file generated by terraform plan -out=<filename>?
A: The file is stored in a binary format, which is not human-readable but is designed to be used by Terraform itself in the terraform apply phase.
Q4: Why is saving the plan to a file beneficial for team collaboration?
A: Saving the plan to a file enables sharing among team members for peer review or approval processes, and it can also be seamlessly integrated into CI/CD pipelines, ensuring that only changes that have been reviewed and approved are applied to the infrastructure.
Q5: Can you modify the plan file generated by terraform plan -out?
A: No, the plan file is in a binary format and is not meant to be manually edited. It is designed to be directly used by the terraform apply command.
Thanks for taking the time to read this article. if you have any questions or feedback, please write in the comment section below.
Great! Very helpful, thanks!
Thank You, this is really helpful