1. In CI/CD, terraform plan in pipeline helps…
- Skip all tests
- Review infra changes before apply
- Delete remote state
- Remove IAM
Terraform in CI/CD
Source: doonops-curriculum/iac-devops--pipeline-overview.md
Doonops lesson
Goal
Run terraform plan in GitHub/CodeBuild before human approves apply.
Simple explanation
Every Git push → robot runs plan → human reads → approve apply.
Technical view
Every Git push → robot runs plan → human reads → approve apply.
Think of it like
Every Git push → robot runs plan → human reads → approve apply.
Steps
- Read simple section
- Read analogy + diagram
- Copy project files
- Do local lab
Deep explanation
Layman words first, then technical detail — read slowly
Never long-lived AWS keys in repo — OIDC/IR role preferred in real companies.
Example (Doonops)
Modern HCL — names are examples, not from any third-party course
Example HCL
# see project files
Terraform runs on your computer — copy this HCL into a folder, then follow the local lab steps below.
Quick check
- Explain topic to a friend in 2 sentences
- Did local lab steps
Project files for this lab
Full implementation folder — copy all files, then run terraform commands
Lab project files (full folder)
Copy every file below into one folder — same as a real repo module. Then run the local lab steps.
Suggested folder: Suggested path: ~/doonops-terraform/23-cicd/
buildspec.ymlSee file purpose in the code belowversion: 0.2
phases:
install:
commands:
- terraform version
pre_build:
commands:
- terraform init -input=false
build:
commands:
- terraform validate
- terraform plan -input=false -out=tfplan
post_build:
commands:
- echo "Apply only from approved pipeline stage"
artifacts:
files:
- tfplan
Module check — did you get it?
2–3 quick questions before the next module
CI/CD — quick check
Quick check — did this module stick?