What is Terraform in one sentence?

Terraform is an open-source tool that lets you describe cloud infrastructure in declarative configuration files and then create, change, or destroy it across many providers with a predictable plan-then-apply workflow.

What is Terraform state?

State is a file Terraform keeps that maps your configuration to the real resources it created. It is how Terraform knows what already exists so it can compute the smallest change needed. Teams store it remotely with locking.

What is the difference between Terraform and Ansible?

Terraform provisions infrastructure — it creates the servers, networks, and databases. Ansible is primarily configuration management — it installs and configures software on machines that already exist. Many teams use both together.

OpenTofu is an open-source fork of Terraform created after HashiCorp changed Terraform's license to the Business Source License in 2023. It is governed by the Linux Foundation and stays compatible with Terraform configurations.

The Terraform CLI is free to use under the Business Source License for most cases, and the OpenTofu fork is fully open source. HashiCorp also sells a paid platform, HCP Terraform, for teams that want managed state, runs, and policy enforcement.

Glossary · Infrastructure

What is Terraform?

Terraform is an open-source infrastructure-as-code tool from HashiCorp that lets you describe cloud resources — networks, databases, servers, DNS records — in declarative configuration files, then provision them across hundreds of providers with a workflow that always shows you a plan of what will change before it changes anything.

Where it came from

HashiCorp released Terraform in 2014 to solve a specific problem: teams were managing cloud infrastructure through a mix of console clicks and brittle shell scripts, with no reliable way to know what existed or to rebuild it. Terraform introduced a declarative language — HCL, the HashiCorp Configuration Language — where you describe the end state you want and the tool figures out how to get there. It quickly became the de facto standard for cloud-agnostic provisioning, the most common concrete answer to the broader idea of infrastructure as code.

Providers and the plugin model

Terraform itself does not know what an S3 bucket or a Cloudflare DNS record is. That knowledge lives in providers — plugins that translate Terraform's generic resource model into the specific API calls of AWS, Azure, Google Cloud, Kubernetes, GitHub, Datadog, and thousands of others. This plugin architecture is why Terraform is "cloud-agnostic": the same workflow manages a multi-cloud estate, and a single configuration can stitch together resources from several providers at once — a database in AWS, monitoring in Datadog, DNS in Cloudflare.

State — the part that surprises people

Terraform keeps a state file that maps your configuration to the real resources it created and their current attributes. This is how it knows that the database in your code is the database with a specific ID in the cloud, so it can compute the smallest change instead of recreating everything. State is also the most common source of pain: stored locally it cannot be shared, and two people applying at once can corrupt it. The standard fix is a remote backend — S3 with DynamoDB locking, Terraform Cloud, or equivalents — so state is centralized and locked during runs. State can also contain secrets, so it must be treated as sensitive.

The plan-then-apply workflow

The core loop is three commands. terraform init downloads providers and configures the backend. terraform plan compares your configuration to state and shows a precise diff: what will be created, changed, or destroyed. terraform apply executes that plan after you approve it. The plan step is the reason teams trust Terraform in production — you see exactly what is about to happen, you can require it as a review artifact in a pull request, and a destructive change is visible before it runs rather than after.

The license change and OpenTofu

In 2023 HashiCorp moved Terraform from an open-source license to the Business Source License, which restricts certain competing uses. A coalition of users and vendors responded by forking the last open-source version into OpenTofu, now governed by the Linux Foundation. OpenTofu aims to stay drop-in compatible with Terraform configurations, so teams that need a fully open-source tool have a path. For most organizations the practical impact is small, but it is worth knowing both exist when you choose a standard.

At QUANT LAB

Terraform (or OpenTofu) is our usual tool for provisioning the environments we build under cloud infrastructure and cloud migration. We set up remote state with locking from day one, gate every change behind a reviewed plan, and structure modules so a client can stand up a new region or a fresh environment without us. It also pays off on the security side: when a VPC, a security group, and an IAM role are all declared in code, a misconfiguration shows up in a diff and a review rather than surfacing later in a penetration test.

Long-form deep-dives that use this term

All posts

Related terms

Standing up cloud infrastructure?

We provision cloud environments with Terraform so you own reproducible, reviewable infrastructure from day one. Book a 30-minute call.

Cloud infrastructure