Don’t Touch Terraform Before Avoiding These 5 Rookie Mistakes

Source: Dev.to

🌟 Introduction

Welcome back, Devs!

A few weeks ago, I shared 5 Best Security Practices for Terraform. That guide was aimed at folks who already work with Terraform day in and day out — managing infra at scale, reviewing modules, and pushing changes through CI/CD pipelines.

But what about the beginners?

The ones who have just wrapped up the basics of DevOps — Linux, Networking, Docker, Git — and are now stepping into the cloud world. For them, Infrastructure as Code can feel intimidating at first. Terraform looks simple from the outside, but when you start writing configurations, the learning curve hits hard. IaC is a tough nut to crack initially.

So to make your journey smoother and confusion‑free, let’s break down the Top 5 Mistakes Beginners Make While Learning Terraform — and how you can avoid them.

Without further ado… let’s get started!

🌟 Before We Dive In… Do This First

Make sure you’ve got Terraform installed on your system. Nothing makes sense unless you can run terraform init and terraform apply.

Since I’m an AWS Community Builder, I usually stick to AWS for demos. To follow along, you’ll need to connect Terraform to your AWS account. You can do that in two ways:

1. Export AWS credentials directly in your terminal

   export AWS_ACCESS_KEY_ID=YOUR_KEY_ID
   export AWS_SECRET_ACCESS_KEY=YOUR_SECRET_KEY

   Works fine, but not the best option for long‑term use.

2. Install the AWS CLI (recommended) – cleaner, more secure, and lets you manage multiple profiles easily.

   aws configure

   Create an IAM user with the appropriate permissions and run the command above.

Once your CLI and AWS credentials are set, you’re ready to explore the mistakes beginners make and how to avoid them.

❌ Mistake 1: Treating Terraform Like a Scripting Tool

Most newcomers have already touched a programming language—Python, Go, Bash, etc.—and assume Terraform will behave the same way:

“I wrote line 1 first, so Terraform will execute that first… right?”

No. Terraform is declarative, not imperative. It does not run your code line‑by‑line and it doesn’t care about the order you wrote resources.

Terraform reads all resources, builds a dependency graph, and determines the execution order based on actual dependencies, not line numbers.

Moral: With Terraform you declare what you want (e.g., an EC2 instance, a VPC, a security group) and let Terraform figure out how to create it.

❌ Mistake 2: Hardcoding Everything Instead of Using Variables

The official Terraform docs often show examples with hardcoded values (region, AMI ID, instance type, etc.). That’s fine for a quick test, but once you move beyond a toy project, hardcoding becomes a liability.

Why Hardcoding Is a Problem

• Replicating environments requires manual edits to every resource.
• Small changes become time‑consuming and error‑prone.

The Fix: Use Variables

Store configurable values in a variables.tf file and reference them throughout your code.

variable "instance_type" {
  description = "EC2 instance type"
  type        = string
  default     = "t2.micro"
}

Now you can change the instance type in one place, and Terraform will propagate the change everywhere it’s used.

❌ Mistake 3: Mixing Manual Changes Through the AWS Console

Terraform maintains a state file (terraform.tfstate) that represents the current reality of your infrastructure. Making manual changes in the AWS Console creates drift—a mismatch between what exists and what Terraform thinks exists.

Consequences of Drift

• Terraform may try to recreate or delete resources unexpectedly.
• Debugging becomes significantly harder, especially for beginners.

Best Practice

If you provision resources with Terraform, always update or delete them with Terraform.

Treat Terraform as the single source of truth; avoid “ClickOps” shortcuts.

❌ Mistake 4: Ignoring Terraform Resource Dependencies

Terraform automatically builds a dependency graph, but it can’t infer relationships when resources lack explicit references. Common scenarios where Terraform may get the order wrong:

• Applying an S3 bucket policy before the bucket exists.
• Attaching an IAM role before the role itself is created.
• Creating a Lambda permission before the Lambda function is ready.

The Fix: Use depends_on

When implicit dependencies aren’t enough, use the depends_on meta‑argument to enforce ordering.

resource "aws_s3_bucket_policy" "example" {
  bucket = aws_s3_bucket.example.id
  policy = data.aws_iam_policy_document.example.json

  depends_on = [aws_s3_bucket.example]
}

Explicitly declaring dependencies ensures Terraform creates resources in the correct order.

❌ Mistake 5: Not Using Modules for Reusability

(If you have a fifth mistake in the original article, include it here; otherwise, omit this section.)

---

By keeping these five pitfalls in mind—and applying the fixes above—you’ll avoid the most common roadblocks that trip up Terraform beginners. Happy provisioning!