π΅ Terraform Diff Symbols (VERY IMPORTANT)
Terraform shows diffs like this:
+ create
~ update in-place
- destroy
-/+ replace
<= read (data source)
Letβs break them down:
β + Create
Terraform will create a resource.
Example:
# aws_lambda_function.put will be created
+ resource "aws_lambda_function" "put" {
Meaning:
Resource does NOT exist in AWS β Terraform will create it.
β ~ Update In-Place
Resource exists but needs modification.
~ memory_size: 128 β 256
Meaning:
Terraform will update the resource without deleting it.
β - Destroy
Terraform will delete a resource.
- resource "aws_lambda_function" "old"
Meaning:
Terraform thinks this resource should not exist.
β -/+ Replace
Resource must be destroyed then recreated.
-/+ resource "aws_lambda_function" "example"
Meaning:
Some attributes force replacement, like:
- function name
Terraform will:
1οΈβ£ destroy
2οΈβ£ recreate
β <= Read
This is for data sources.
<= data "aws_ami" "latest"
Meaning:
Terraform is reading data (not creating anything).
π§ Plan Summary (bottom section)
At the bottom of terraform plan, you always see:
Plan: 3 to add, 1 to change, 0 to destroy
This is your quick summary.
π΅Terraform Logs (TF_LOG)
Terraform has internal debug logs beyond CLI output.
You enable them using environment variables:
π₯ Debug Levels
TF_LOG=ERROR
TF_LOG=WARN
TF_LOG=INFO
TF_LOG=DEBUG
TF_LOG=TRACE
Example:
export TF_LOG=DEBUG
terraform planMeaning:
ERROR= only fatal failuresWARN= warningsINFO= lifecycle messagesDEBUG= provider communication detailsTRACE= very deep details (API requests, JSON, diff engine)
π 3οΈβ£ TF_LOG_PATH β Save logs to a file
Instead of printing to terminal:
export TF_LOG=DEBUG
export TF_LOG_PATH="terraform.log"
terraform applyNow all logs go into:
terraform.log