• Overview
    • Enforce Policy as Code
    • Infrastructure as Code
    • Inject Secrets into Terraform
    • Integrate with Existing Workflows
    • Manage Kubernetes
    • Manage Virtual Machine Images
    • Multi-Cloud Deployment
    • Network Infrastructure Automation
    • Terraform CLI
    • Terraform Cloud
    • Terraform Enterprise
  • Registry
  • Tutorials
    • About the Docs
    • Intro to Terraform
    • Configuration Language
    • Terraform CLI
    • Terraform Cloud
    • Terraform Enterprise
    • Provider Use
    • Plugin Development
    • Registry Publishing
    • Integration Program
    • Terraform Tools
    • CDK for Terraform
    • Glossary
  • Community
GitHubTerraform Cloud
Download

    Terraform Cloud and Enterprise

  • Overview
  • Plans and Features
  • Getting Started
    • API Docs template
    • Overview
    • Account
    • Agent Pools
    • Agent Tokens
    • Applies
    • Audit Trails
    • Comments
    • Configuration Versions
    • Cost Estimates
    • Feature Sets
    • Invoices
    • IP Ranges
    • Notification Configurations
    • OAuth Clients
    • OAuth Tokens
    • Organizations
    • Organization Memberships
    • Organization Tags
    • Organization Tokens
    • Plan Exports
    • Plans
    • Policies
    • Policy Checks
    • Policy Sets
    • Policy Set Parameters
      • Modules
      • Providers
      • Private Provider Versions and Platforms
      • GPG Keys
    • Runs
      • Run Tasks
      • Stages and Results
      • Custom Integration
    • Run Triggers
    • SSH Keys
    • State Versions
    • State Version Outputs
    • Subscriptions
    • Team Access
    • Team Membership
    • Team Tokens
    • Teams
    • User Tokens
    • Users
    • Variables
    • VCS Events
    • Workspaces
    • Workspace-Specific Variables
    • Workspace Resources
    • Variable Sets
      • Overview
      • Module Sharing
      • Organizations
      • Runs
      • Settings
      • Terraform Versions
      • Users
      • Workspaces
    • Changelog
    • Stability Policy
    • Overview
    • Creating Workspaces
    • Naming
    • Terraform Configurations
      • Overview
      • Managing Variables
      • Overview
      • VCS Connections
      • Access
      • Drift Detection
      • Notifications
      • SSH Keys for Modules
      • Run Triggers
      • Run Tasks
    • Terraform State
    • JSON Filtering
    • Remote Operations
    • Viewing and Managing Runs
    • Run States and Stages
    • Run Modes and Options
    • UI/VCS-driven Runs
    • API-driven Runs
    • CLI-driven Runs
    • The Run Environment
    • Installing Software
    • Users
    • Teams
    • Organizations
    • Permissions
    • Two-factor Authentication
    • API Tokens
      • Overview
      • Microsoft Azure AD
      • Okta
      • SAML
      • Linking a User Account
      • Testing
    • Overview
    • GitHub.com
    • GitHub.com (OAuth)
    • GitHub Enterprise
    • GitLab.com
    • GitLab EE and CE
    • Bitbucket Cloud
    • Bitbucket Server and Data Center
    • Azure DevOps Services
    • Azure DevOps Server
    • Troubleshooting
    • Overview
    • Adding Public Providers and Modules
    • Publishing Private Providers
    • Publishing Private Modules
    • Using Providers and Modules
    • Configuration Designer
  • Migrating to Terraform Cloud
    • Overview
    • Using Sentinel with Terraform 0.12
    • Manage Policies
    • Enforce and Override Policies
    • Mocking Terraform Sentinel Data
    • Working With JSON Result Data
      • Overview
      • tfconfig
      • tfconfig/v2
      • tfplan
      • tfplan/v2
      • tfstate
      • tfstate/v2
      • tfrun
    • Example Policies
    • Overview
    • AWS
    • GCP
    • Azure
      • Overview
      • Service Catalog
      • Admin Guide
      • Developer Reference
      • Example Customizations
      • V1 Setup Instructions
    • Splunk Integration
    • Kubernetes Integration
    • Run Tasks Integration
    • Overview
    • IP Ranges
    • Data Security
    • Security Model
    • Overview
    • Part 1: Overview of Our Recommended Workflow
    • Part 2: Evaluating Your Current Provisioning Practices
    • Part 3: How to Evolve Your Provisioning Practices
    • Part 3.1: From Manual Changes to Semi-Automation
    • Part 3.2: From Semi-Automation to Infrastructure as Code
    • Part 3.3: From Infrastructure as Code to Collaborative Infrastructure as Code
    • Part 3.4: Advanced Workflow Improvements

  • Terraform Cloud Agents

  • Terraform Enterprise Admin

  • Other Docs

  • Intro to Terraform
  • Configuration Language
  • Terraform CLI
  • Terraform Cloud
  • Terraform Enterprise
  • Provider Use
  • Plugin Development
  • Registry Publishing
  • Integration Program
  • Terraform Tools
  • CDK for Terraform
  • Glossary
Type '/' to Search

»Run Modes and Options

Terraform Cloud runs support many of the same modes and options available in the Terraform CLI.

»Destroy Mode

Destroy mode instructs Terraform to create a plan which destroys all objects, regardless of configuration changes.

  • CLI: Use terraform plan -destroy or terraform destroy
  • API: Use the is-destroy option.
  • UI: Use a workspace's Destruction and Deletion settings page.

»Refresh-Only Mode

Hands-on: Try the Use Refresh-Only Mode to Sync Terraform State tutorial on HashiCorp Learn.

Version note: Refresh-only support is available in Terraform Enterprise v202106-1 or later and requires a workspace using at least Terraform CLI v0.15.4.

Refresh-only mode instructs Terraform to create a plan which updates the Terraform state to match changes made to remote objects outside of Terraform.

  • CLI: Use terraform plan -refresh-only or terraform apply -refresh-only.
  • API: Use the refresh-only option.
  • UI: Use the "Start new plan" action from a workspace's "Actions" menu, then choose the "Refresh-only" plan type in the new plan dialog.

»Skipping Automatic State Refresh

Version note: The ability to skip automatic state refresh is available in Terraform Enterprise v202106-1 or later.

The -refresh=false option is used in normal planning mode to skip the default behavior of refreshing Terraform state before checking for configuration changes.

  • CLI: Use terraform plan -refresh=false or terraform apply -refresh=false.
  • API: Use the refresh option.

»Replacing Selected Resources

Version note: Replace support is available in Terraform Enterprise v202106-1 or later and requires a workspace using at least Terraform CLI v0.15.2.

The replace option instructs Terraform to replace the object with the given resource address.

  • CLI: Use terraform plan -replace=ADDRESS or terraform apply -replace=ADDRESS.
  • API: Use the replace-addrs option.

»Allow Empty Apply

A no-operation (empty) apply enables Terraform Cloud to apply a run from a plan that contains no infrastructure changes. During apply, Terraform can upgrade the state version if required. You can use this option to upgrade the state in your Terraform Cloud workspace to a new Terraform version.

Warning: Terraform Cloud cannot guarantee that a plan in this mode will produce no changes. We recommend checking the plan for drift before proceeding to the apply stage.

  • API: Set the allow-empty-apply field to true.
  • UI: Open the workspace's Actions menu, select Start new plan, and then choose Allow empty apply as the run type.

»Plan Only/Speculative Plan

This option creates a speculative plan. The speculative plan shows a set of possible changes and checks them against Sentinel policies, but Terraform cannot apply it. You can create speculative plans with a Terraform version that is different from the one currently selected for the workspace. This lets you check whether your configuration is compatible with a newer Terraform version without changing the workspace settings.

  • API: Set the plan-only field to true and specify an available terraform version using the terraform-version field.
  • UI: Open the workspace's Actions menu, select Start new plan, and then choose Plan only as the run type.

»Targeted Plan and Apply

Version note: Targeting support is available in Terraform Enterprise v202006-1 or later.

Resource Targeting is intended for exceptional circumstances only and should not be used routinely.

  • CLI: Use terraform plan -target=ADDRESS or terraform apply -target=ADDRESS.
  • API: Use the target-addrs option.

The usual caveats for targeting in local operations imply some additional limitations on Terraform Cloud features for remote plans created with targeting:

  • Sentinel policy checks for targeted plans will see only the selected subset of resource instances planned for changes in the tfplan import and the tfplan/v2 import, which may cause an unintended failure for any policy that requires a planned change to a particular resource instance selected by its address.

  • Cost Estimation is disabled for any run created with -target set, to prevent producing a misleading underestimate of cost due to resource instances being excluded from the plan.

You can disable or constrain use of targeting in a particular workspace using a Sentinel policy based on the tfrun.target_addrs value.

github logoEdit this page
  • Overview
  • Docs
  • Extend
  • Privacy
  • Security
  • Press Kit
  • Consent Manager