devops

Day 06: Understanding a Clean Terraform Project Structure

Published: (December 8, 2025 at 07:49 AM EST)
2 min read
Source: Dev.to

Source: Dev.to

Common Terraform Project Structure

Terraform automatically loads all *.tf files in a directory, so splitting files does not affect execution. A typical, well‑organized layout looks like this:

terraform-project/
├── main.tf          # Core resource definitions (e.g., EC2, S3, VPC)
├── provider.tf      # Provider configuration
├── backend.tf       # Remote state storage configuration
├── variables.tf     # Input variable declarations
├── terraform.tfvars # Concrete variable values
├── outputs.tf       # Output definitions
└── .gitignore       # Ignored files (see below)

File responsibilities

  • main.tf – Contains the primary resource blocks.
  • provider.tf – Sets up the provider (AWS, Azure, GCP, etc.).
  • backend.tf – Configures remote state (S3 bucket, Terraform Cloud, etc.).
  • variables.tf – Declares all input variables with types and defaults.
  • terraform.tfvars – Supplies actual values for the variables.
  • outputs.tf – Defines values to be displayed after terraform apply.

Sensitive Files to Exclude

Some Terraform artifacts should never be committed to version control because they may contain secrets or generated data.

# Terraform state files (may contain secrets)
*.tfstate
*.tfstate.backup

# Local Terraform directory
.terraform/

# Variable files with sensitive values
terraform.tfvars

Why This Matters

  • State files can expose credentials and infrastructure details.
  • Provider binaries are auto‑generated and not needed in the repo.
  • Variable files often hold sensitive values (passwords, API keys).

Ignoring these files protects both your infrastructure and credentials.

Key Learnings from Day 06

  • Terraform reads every *.tf file in the working directory automatically.
  • Splitting configuration into logical files improves readability and debugging.
  • A clean project structure prevents mistakes, especially in larger codebases.
  • Proper .gitignore rules safeguard sensitive data.
  • Organized code reflects professional Terraform practices.

A good Terraform project isn’t just about the resources you provision—it’s also about how you organize those resources. Structuring files properly makes the code easier to understand, safer to manage, and ready for real‑world use. Day 06 reinforced that clean Infrastructure as Code starts with a clean structure.

Back to Blog

Related posts

Read more »

Day-13: Data sources in Terraform

What are Data Sources? You can use data sources to fetch information about existing VPCs, subnets, AMIs, security groups, etc. hcl data 'data_source_type' 'dat...

Day 13: Terraform Data Sources

Data Source Think of a data source like a phone directory with a username and phone number as key‑value pairs accessed via an API. Instead of hard‑coding value...

Day-12: AWS Terraform Functions

Advanced Functions in Terraform Building upon the foundational functions covered in Day 11, today we explore more specialized functions that enhance Terraform'...