Terraform Validate vs Plan: Understanding the Key Differences

Estimated reading time: 6 minutes

Last updated on October 25th, 2024 at 02:58 pm

Terraform is a powerful Infrastructure as Code ( IaC ) platform to manage and provision your entire infrastructure as code with a simple configuration file. Once you have your infrastructure configuration file main.tf, It’s crucial to know what will happen and whether the configuration file has the correct syntaxes

Terraform provides the two main commands to check the configuration correctness and output of what will happen: terraform validate and terraform plan.

Both commands provide reliable and predictable infrastructure but it’s important to understand the key difference between “Terraform Validate vs Plan”

Fast-Track Your DevOps Career 🚀

Stay ahead of the curve with the latest industry insights. Get weekly tips & propel your skills to the next level.

Subscribe Now!

What is Terraform Validate?

Using the Terraform in your CI/CD pipeline makes it easy to set and provision the infrastructure but writing the simple main.tf file and keep it validated for syntax and other issues is important for the DevOps pipeline.

Terraform validates the configuration file locally without touching external resources or state files enabling it to cache the basic error easily in the development process.

Syntax Validation:

Terrafrom Validate is the first step in the pipeline that focuses on verifying the syntax and the structure of your Terraform configuration file main.tf

Terraform Validate checks the syntax for any errors or mistakes in typos or spelling that can create the issue while creating the infrastructure resource.

Failed Validation:

HCL

# Basic Terraform configuration with a typo (missing closing quote)
resource "aws_instance" "my_server" {
  ami           = "ami-0123456789abcdef0"
  instance_type = "t2.micro
  tags = {
    Name = "Nginx Web Server"
  }
}

# Running terraform validate
terraform validate

# Output:
Error: Unterminated quoted string beginning at line 10, column 14

Success Validation:

HCL

# Basic Terraform configuration with a typo (missing closing quote)
resource "aws_instance" "my_server" {
  ami           = "ami-0123456789abcdef0"
  instance_type = "t2.micro"
  tags = {
    Name = "Nginx Web Server"
  }
}

# Running terraform validate
terraform validate

# Output:
Success! The configuration is valid.

Dependency Check:

It’s crucial to identify any potential loops in resource dependencies. Terrafrom Validate also runs the resource dependencies to check that all the mentioned resources are defined, configured, and linked.

Integration with IDEs & CI/CD:

As a Developer, you can integrate the Terraform Validate into the integrated development environments (IDEs) that provide the real-time syntax check for the configuration.

You can use the official HashiCorp Terraform VSCode Extension

What is Terraform Plan?

Once you’ve verified there’s no syntax error with terraform validate, next step is to verify the infrastructure change with terraform plan.

In the direct comparison of Terraform Validate vs Plan, Validate checks the syntax while the Plan checks the configuration changes.

Simulate Infrastructure Changes

A Terraform Plan is useful for generating the execution plan using the terraform plan command:

Bash

terraform plan

Running the command will simulate the actual changes in the infrastructure change you mentioned in your configuration file. terraform plan is important to verify the actions it will take when you finally apply the changes.

By analyzing the execution plan, you can verify the changes in the configuration file and the modification it will do to the infrastructure resources. Carefully review the terraform plan before applying to avoid unnecessary changes to your infrastructure.

Plan Output Analysis

The output of terraform plan gives a summary of planned actions and highlights potential risks and conflicts that need attention before applying changes.

HCL

# Define provider and resources
provider "aws" {
  region = "us-west-2"
}

# Define Resource
resource "aws_instance" "my_server" {
  ami           = "ami-0123456789abcdef0"
  instance_type = "t2.micro"
  tags = {
    Name = "Nginx Web Server"
  }
}

Running the terraform plan

Bash

terraform plan

Terraform will perform the following actions:
 # aws_instance.example will be created
  + resource "aws_instance" "my_server" {
      + ami                          = "ami-0123456789abcdef0"
      + arn                          = (known after apply)
      + associate_public_ip_address  = (known after apply)
      + availability_zone            = (known after apply)
      + cpu_core_count               = (known after apply)
      ...
      ...
      
Plan: 1 to add, 0 to change, 0 to destroy.

Terraform Validate vs Plan: Key Differences

Let’s understand the Terraform Validate vs Plan: key differences with 3 major aspects with detailed comparison:

Purpose and Place in Workflow:

Both commands are important for the Terraform workflow, they have different purposes and operate at stages in the pipeline.

terraform validate: Runs every time you make changes and before the plan.
terraform plan: Manually run when you want to simulate the changes.

Output Format:

The output format for the terraform validate is consist of error messages and warnings about the syntax checks and configuration issues, whereas terraform plan generate a detailed output of the execution plan for the infrastructure modification.

Impact on Infrastrucure:

terraform validate does not change or depend on anything external and runs locally to ensure the configuration files are correct and logical.

terraform plan provide the preview of the modification change according to the current state.

For a more detailed comparison of Terraform Validate vs Plan:

Terraform Validate vs Plan: Best Practices

1. Integrate into CI/CD Pipelines:

Terraform Validate vs Plan, the best practice is to integrate the Terraform Plan and Validate into your continuous integration and continuous delivery (CI/CD) pipelines.

Whenever the new code changes are pushed to the repository, it will run the automated validation and planning of the infrastructure changes.

Additionally, you can create the Git Hook that will run the terraform validate on each commit before pushing to verify the Terraform file has the correct syntax.

2. Carefully Check Plan Output

Terraform Validate vs Plan, the best practice is to take the time to review the output of the terraform validate and identify the errors and fix them. While syntax errors are mandatory carefully review the execution plan of terraform plan command before applying anything on the Production.

I have seen the entire production infrastructure being destroyed due to ignoring the review process of the terraform plan. Don’t be over-confident and always double-check the execution plan.

Conclusion

In conclusion, Terraform Plan and Terraform Validate are essential commands you interact with most of the time, both have a different purpose but are safeguarded against your Infrastructure.

Understand the difference between Terraform Validate vs Plan and follow the best practices for improving your CI/CD workflow to make your entire infrastructure reliable and predictable.