Quick Links & Suggestions
Press Enter to search site, Esc to exit
↑↓ Navigate

How do you implement Terraform in a CI/CD pipeline safely?

Hard Topic: Terraform May 24, 2026

Running Terraform in CI/CD requires careful guardrails:

  1. PR triggers plan: On every pull request, run terraform plan and post the output as a PR comment (using tools like Atlantis or terraform-pr-commenter).
  2. Merge triggers apply: Only apply after PR is merged to main. Require manual approval for production.
  3. State locking: Ensure DynamoDB locking is configured to prevent concurrent applies.
  4. OIDC credentials: Use OIDC to get short-lived tokens from AWS instead of storing long-lived access keys.
  5. Plan artifacts: Save the plan file and apply that exact file — never re-plan at apply time.
← Previous How do you handle sensitive values like passwords... Next → What is the purpose of terraform.tfvars files?

Practice Similar Questions

Explain the Terraform resource lifecycle and meta-arguments like create_before_destroy.
Medium
What are Terraform providers and how do you handle provider...
Hard
What is the purpose of terraform.tfvars files?
Easy
Back to Terraform Topics