devops

Day 06: Understanding a Clean Terraform Project Structure

Published: (December 8, 2025 at 07:49 AM EST)
2 min read
Source: Dev.to

Source: Dev.to

Common Terraform Project Structure

Terraform automatically loads all *.tf files in a directory, so splitting files does not affect execution. A typical, well‑organized layout looks like this:

terraform-project/
├── main.tf          # Core resource definitions (e.g., EC2, S3, VPC)
├── provider.tf      # Provider configuration
├── backend.tf       # Remote state storage configuration
├── variables.tf     # Input variable declarations
├── terraform.tfvars # Concrete variable values
├── outputs.tf       # Output definitions
└── .gitignore       # Ignored files (see below)

File responsibilities

  • main.tf – Contains the primary resource blocks.
  • provider.tf – Sets up the provider (AWS, Azure, GCP, etc.).
  • backend.tf – Configures remote state (S3 bucket, Terraform Cloud, etc.).
  • variables.tf – Declares all input variables with types and defaults.
  • terraform.tfvars – Supplies actual values for the variables.
  • outputs.tf – Defines values to be displayed after terraform apply.

Sensitive Files to Exclude

Some Terraform artifacts should never be committed to version control because they may contain secrets or generated data.

# Terraform state files (may contain secrets)
*.tfstate
*.tfstate.backup

# Local Terraform directory
.terraform/

# Variable files with sensitive values
terraform.tfvars

Why This Matters

  • State files can expose credentials and infrastructure details.
  • Provider binaries are auto‑generated and not needed in the repo.
  • Variable files often hold sensitive values (passwords, API keys).

Ignoring these files protects both your infrastructure and credentials.

Key Learnings from Day 06

  • Terraform reads every *.tf file in the working directory automatically.
  • Splitting configuration into logical files improves readability and debugging.
  • A clean project structure prevents mistakes, especially in larger codebases.
  • Proper .gitignore rules safeguard sensitive data.
  • Organized code reflects professional Terraform practices.

A good Terraform project isn’t just about the resources you provision—it’s also about how you organize those resources. Structuring files properly makes the code easier to understand, safer to manage, and ready for real‑world use. Day 06 reinforced that clean Infrastructure as Code starts with a clean structure.

Back to Blog

Related posts

Read more »

Day 8 - Terraform Meta-Arguments

Whenever we create any resource using Terraform—whether it is an S3 bucket, an EC2 instance, or a security group—we have to pass certain arguments that are spec...

Terraform Data Source (AWS)

What Are Terraform Data Sources? A data source in Terraform is a read‑only lookup to an existing resource. Instead of creating something new, Terraform queries...

Day-13: Data sources in Terraform

What are Data Sources? You can use data sources to fetch information about existing VPCs, subnets, AMIs, security groups, etc. hcl data 'data_source_type' 'dat...