Copyright (c) 2026 MindMesh Academy. All rights reserved. This content is proprietary and may not be reproduced or distributed without permission.

10. Glossary

Terms are cross-referenced to the subsection where they're explained.

  • Apply — The command that enacts a plan, changing real infrastructure and updating state. Prompts for approval unless -auto-approve or a saved plan is used. (3.3.2)
  • Backend — Configuration determining where state is stored and how operations run; defaults to the local backend. (6.1.1, 6.1.2)
  • Check block — A top-level assertion that reports problems as warnings without blocking the run. (4.5.1)
  • cloud block — Connects the CLI to an HCP Terraform organization and workspace. (8.1.2)
  • Complex types — Collection (list, set, map) and structural (object, tuple) types used to constrain values. (4.4.1)
  • Data source — A read-only lookup of existing information; never creates or destroys. (4.1.2)
  • Declarative — Describing desired end state rather than steps; enables idempotency and drift detection. (1.1.2)
  • Dependency lock file.terraform.lock.hcl; records exact provider versions and hashes; commit it. (2.1.3)
  • depends_on — Explicit dependency for relationships a reference can't express; used sparingly. (4.2.2)
  • Destroy — Removes managed resources in reverse-dependency order; scoped to state. (3.3.3)
  • Drift — Divergence of real infrastructure from recorded state, caused by out-of-band changes. (6.3.1)
  • Ephemeral values — Values that exist only during one operation and are never persisted to state. (4.5.2)
  • for_each / count — Meta-arguments to create multiple resource instances (set/map vs. number/list). (4.4.1)
  • fmt — Rewrites configuration to canonical style; changes layout only. (3.2.1)
  • Health assessments — HCP Terraform's automatic drift detection and continuous validation. (8.2.2)
  • HCP Terraform — Managed platform running the Terraform workflow remotely with state, locking, collaboration, and governance. (8.1.1)
  • Idempotency — Running the same configuration repeatedly yields the same result. (1.1.2)
  • Implicit dependency — Ordering Terraform infers automatically from attribute references. (4.2.2)
  • Import — Bringing an existing resource under management; classic import is state-only, import blocks are declarative and can generate config. (7.1.1, 7.1.2)
  • init — Initializes backend, downloads providers, installs modules, writes the lock file. (3.1.2)
  • Local backend — Default backend storing terraform.tfstate on local disk; no collaboration/remote locking. (6.1.1)
  • Local value — A named expression computed within a module; cannot be set externally. (4.3.3)
  • Module — A directory of Terraform configuration; the root module calls child modules. (5.1.1)
  • moved block — Declarative, state-only rename/relocation of a resource address (no destroy/recreate). (6.3.2)
  • OPA — Open Policy Agent (Rego language); an alternative policy engine to Sentinel in HCP Terraform. (8.2.1)
  • Output value — A module's return value; the only data a child exposes to its caller. (4.3.2)
  • Plan — Read-only preview of create/update/destroy actions; refreshes state; can be saved with -out. (3.3.1)
  • Policy as code — Governance rules (Sentinel/OPA) enforced between plan and apply in HCP/Enterprise. (8.2.1)
  • Precondition / postconditionlifecycle assertions that block on failure, checked before/after an object's action. (4.5.1)
  • Project — HCP Terraform container grouping workspaces for access control and variable scoping. (8.3.1)
  • Provider — A plugin translating Terraform CRUD into a platform's API calls; downloaded at init. (2.1.1)
  • Refresh-only mode — Updates state to match reality without changing infrastructure. (6.3.1)
  • removed block — Declarative removal from state; with destroy = false, leaves the real resource intact. (6.3.2)
  • required_providers — Block declaring provider source addresses and version constraints. (2.2.2)
  • Resource — A managed infrastructure object Terraform creates, updates, and destroys. (4.1.1)
  • Run trigger — Connects HCP Terraform workspaces so one apply queues another's run. (8.3.2)
  • sensitive — Flag suppressing a value in CLI output; does not remove it from state. (4.5.2)
  • Sentinel — HashiCorp's policy-as-code language for governance in HCP/Enterprise. (8.2.1)
  • State — The record mapping configuration to real resources, plus metadata and cached attributes. (2.3.1)
  • State locking — Backend-provided mechanism preventing concurrent state writes; recover with force-unlock. (6.2.1)
  • Validate — Checks syntax and internal consistency offline; no credentials; no deploy guarantee. (3.2.2)
  • Variable (input) — A module's parameter; values follow a defined precedence (command line wins). (4.3.1)
  • Variable set — Reusable collection of variables applied across HCP Terraform workspaces/projects. (8.3.2)
  • Version constraint — Operators (=, >=, ~>, …) controlling acceptable provider/module versions. (2.1.2, 5.3.2)
  • Workspace (HCP) — A managed unit of one state, its variables, and run history. (8.1.1)
  • Write-only arguments — Resource arguments sent to the provider but not stored in state. (4.5.2)
Start with 40 free practice questions
Alvin Varughese
Written byAlvin Varughese
Founder18 professional certifications