How do you test Terraform code?
Answer
Terraform testing approaches: terraform validate: syntax and basic configuration checks (fast, no API calls). tflint: linter that checks for provider-specific errors (invalid instance types, deprecated attributes), enforces naming conventions. terraform plan: integration test against the actual provider API — shows what would change. Run in CI on PRs. Terratest (Go library by Gruntwork): deploy real infrastructure, run assertions against it, then destroy. The gold standard but expensive to run. Built-in testing framework (Terraform 1.6+): write .tftest.hcl files with run blocks that call modules and assert against plan or apply output. checkov: static analysis for security misconfigurations (open security groups, unencrypted S3 buckets). OPA/Conftest: policy-as-code tests for governance checks. A complete testing pipeline: validate → tflint → checkov → plan review → Terratest (on merge).
Previous
What is the terraform_remote_state data source?
Next
What is Terraform drift and how do you handle it?
More Terraform / IaC Questions
View all →- Intermediate What is the Terraform state locking mechanism?
- Intermediate How do you handle sensitive values in Terraform?
- Intermediate What are Terraform Provisioners and when should you avoid them?
- Intermediate What is Terraform import?
- Intermediate How do you structure Terraform code for large teams?