• Overview
    • Enforce Policy as Code
    • Infrastructure as Code
    • Inject Secrets into Terraform
    • Integrate with Existing Workflows
    • Manage Kubernetes
    • Manage Virtual Machine Images
    • Multi-Cloud Deployment
    • Network Infrastructure Automation
    • Terraform CLI
    • Terraform Cloud
    • Terraform Enterprise
  • Registry
  • Tutorials
    • About the Docs
    • Intro to Terraform
    • Configuration Language
    • Terraform CLI
    • Terraform Cloud
    • Terraform Enterprise
    • Provider Use
    • Plugin Development
    • Registry Publishing
    • Integration Program
    • Terraform Tools
    • CDK for Terraform
    • Glossary
  • Community
GitHubTerraform Cloud
Download

    Terraform Language

  • Overview
  • Attributes as Blocks - Configuration Language
  • Terraform v1.0 Compatibility Promises
    • Overview
    • Override Files
    • Dependency Lock File
    • Overview
    • Configuration Syntax
    • JSON Configuration Syntax
    • Style Conventions
    • Overview
    • Resource Blocks
    • Resource Behavior
      • depends_on
      • count
      • for_each
      • provider
      • lifecycle
      • Declaring Provisioners
      • Provisioner Connections
      • Provisioners Without a Resource
      • file
      • local-exec
      • remote-exec

      • chef
      • habitat
      • puppet
      • salt-masterless
  • Data Sources
    • count
    • depends_on
    • for_each
    • lifecycle
    • providers
    • provider
    • Overview
    • Provider Configuration
    • Provider Requirements
    • Dependency Lock File
    • Overview
    • Input Variables
    • Output Values
    • Local Values
    • Overview
    • Module Blocks
    • Module Sources
      • providers
      • depends_on
      • count
      • for_each
      • Overview
      • Standard Module Structure
      • Providers Within Modules
      • Best Practices: Module Composition
      • Publishing Modules
      • Refactoring Modules
    • Module Testing Experiment
    • Overview
    • Types and Values
    • Strings and Templates
    • References to Values
    • Operators
    • Function Calls
    • Conditional Expressions
    • For Expressions
    • Splat Expressions
    • Dynamic Blocks
    • Custom Condition Checks
    • Type Constraints
    • Version Constraints
    • Overview
      • abs
      • ceil
      • floor
      • log
      • max
      • min
      • parseint
      • pow
      • signum
      • chomp
      • format
      • formatlist
      • indent
      • join
      • lower
      • regex
      • regexall
      • replace
      • split
      • strrev
      • substr
      • title
      • trim
      • trimprefix
      • trimsuffix
      • trimspace
      • upper
      • alltrue
      • anytrue
      • chunklist
      • coalesce
      • coalescelist
      • compact
      • concat
      • contains
      • distinct
      • element
      • flatten
      • index
      • keys
      • length
      • list
      • lookup
      • map
      • matchkeys
      • merge
      • one
      • range
      • reverse
      • setintersection
      • setproduct
      • setsubtract
      • setunion
      • slice
      • sort
      • sum
      • transpose
      • values
      • zipmap
      • base64decode
      • base64encode
      • base64gzip
      • csvdecode
      • jsondecode
      • jsonencode
      • textdecodebase64
      • textencodebase64
      • urlencode
      • yamldecode
      • yamlencode
      • abspath
      • dirname
      • pathexpand
      • basename
      • file
      • fileexists
      • fileset
      • filebase64
      • templatefile
      • formatdate
      • timeadd
      • timestamp
      • base64sha256
      • base64sha512
      • bcrypt
      • filebase64sha256
      • filebase64sha512
      • filemd5
      • filesha1
      • filesha256
      • filesha512
      • md5
      • rsadecrypt
      • sha1
      • sha256
      • sha512
      • uuid
      • uuidv5
      • cidrhost
      • cidrnetmask
      • cidrsubnet
      • cidrsubnets
      • can
      • defaults
      • nonsensitive
      • sensitive
      • tobool
      • tolist
      • tomap
      • tonumber
      • toset
      • tostring
      • try
      • type
    • abs
    • abspath
    • alltrue
    • anytrue
    • base64decode
    • base64encode
    • base64gzip
    • base64sha256
    • base64sha512
    • basename
    • bcrypt
    • can
    • ceil
    • chomp
    • chunklist
    • cidrhost
    • cidrnetmask
    • cidrsubnet
    • cidrsubnets
    • coalesce
    • coalescelist
    • compact
    • concat
    • contains
    • csvdecode
    • defaults
    • dirname
    • distinct
    • element
    • file
    • filebase64
    • filebase64sha256
    • filebase64sha512
    • fileexists
    • filemd5
    • fileset
    • filesha1
    • filesha256
    • filesha512
    • flatten
    • floor
    • format
    • formatdate
    • formatlist
    • indent
    • index
    • join
    • jsondecode
    • jsonencode
    • keys
    • length
    • list
    • log
    • lookup
    • lower
    • map
    • matchkeys
    • max
    • md5
    • merge
    • min
    • nonsensitive
    • one
    • parseint
    • pathexpand
    • pow
    • range
    • regex
    • regexall
    • replace
    • reverse
    • rsadecrypt
    • sensitive
    • setintersection
    • setproduct
    • setsubtract
    • setunion
    • sha1
    • sha256
    • sha512
    • signum
    • slice
    • sort
    • split
    • strrev
    • substr
    • sum
    • templatefile
    • textdecodebase64
    • textencodebase64
    • timeadd
    • timestamp
    • title
    • tobool
    • tolist
    • tomap
    • tonumber
    • toset
    • tostring
    • transpose
    • trim
    • trimprefix
    • trimspace
    • trimsuffix
    • try
    • type
    • upper
    • urlencode
    • uuid
    • uuidv5
    • values
    • yamldecode
    • yamlencode
    • zipmap
    • Overview
    • Terraform Cloud
      • Backend Configuration
        • local
        • remote
        • artifactory
        • azurerm
        • consul
        • cos
        • etcd
        • etcdv3
        • gcs
        • http
        • Kubernetes
        • manta
        • oss
        • pg
        • s3
        • swift
      • local
      • remote
      • artifactory
      • azurerm
      • consul
      • cos
      • etcd
      • etcdv3
      • gcs
      • http
      • Kubernetes
      • manta
      • oss
      • pg
      • s3
      • swift
    • Overview
    • Purpose
    • The terraform_remote_state Data Source
    • Backends: State Storage and Locking
    • Import Existing Resources
    • Locking
    • Workspaces
    • Remote State
    • Sensitive Data
    • Overview
    • Upgrading to Terraform v1.2
    • Upgrading to Terraform v1.1
    • Upgrading to Terraform v1.0
    • v1.0 Compatibility Promises
    • Upgrading to Terraform v0.15
    • Upgrading to Terraform v0.14
    • Upgrading to Terraform v0.13
    • Upgrading to Terraform v0.12
    • Upgrading to Terraform v0.11
    • Upgrading to Terraform v0.10
    • Upgrading to Terraform v0.9
    • Upgrading to Terraform v0.8
    • Upgrading to Terraform v0.7
    • Overview
    • Load Order and Semantics
    • Configuration Syntax
    • Interpolation Syntax
    • Overrides
    • Resources
    • Data Sources
    • Providers
    • Variables
    • Outputs
    • Local Values
    • Modules
    • Terraform
    • Provisioners
    • Providers
    • Terraform Push (deprecated)
    • Environment Variables

  • Terraform Internals

  • Other Docs

  • Intro to Terraform
  • Configuration Language
  • Terraform CLI
  • Terraform Cloud
  • Terraform Enterprise
  • Provider Use
  • Plugin Development
  • Registry Publishing
  • Integration Program
  • Terraform Tools
  • CDK for Terraform
  • Glossary
Type '/' to Search

»Upgrading to Terraform v0.10

Terraform v0.10 is a major release and thus includes some changes that you'll need to consider when upgrading. This guide is intended to help with that process.

The goal of this guide is to cover the most common upgrade concerns and issues that would benefit from more explanation and background. The exhaustive list of changes will always be the Terraform Changelog. After reviewing this guide, we recommend reviewing the Changelog to check on specific notes about the resources and providers you use.

This guide focuses on changes from v0.9 to v0.10. Each previous major release has its own upgrade guide, so please consult the other guides (available in the navigation) if you are upgrading directly from an earlier version.

»Separated Provider Plugins

As of v0.10, provider plugins are no longer included in the main Terraform distribution. Instead, they are distributed separately and installed automatically by the terraform init command.

In the long run, this new approach should be beneficial to anyone who wishes to upgrade a specific provider to get new functionality without also upgrading another provider that may have introduced incompatible changes. In the short term, it just means a smaller distribution package and thus avoiding the need to download tens of providers that may never be used.

Provider plugins are now also versioned separately from Terraform itself. Version constraints can be specified in configuration to ensure that new major releases (which may have breaking changes) are not automatically installed.

Action: After upgrading, run terraform init in each Terraform configuration working directory to install the necessary provider plugins. If running Terraform in automation, this command should be run as the first step after a Terraform configuration is cloned from version control, and will also install any necessary modules and configure any remote backend.

Action: For "production" configurations, consider adding provider version constraints, as suggested by the terraform init output, to prevent new major versions of plugins from being automatically installed in future.

»Third-party Provider Plugins

This initial release of separated provider plugins applies only to the providers that are packaged and released by Hashicorp. The goal is to eventually support a similar approach for third-party plugins, but we wish to ensure the robustness of the installation and versioning mechanisms before generalizing this feature.

Note: As of Terraform 0.13, Terraform can automatically install third-party providers released on the Terraform Registry.

In the mean time, third-party providers can be installed by placing them in the user plugins directory:

Operating systemUser plugins directory
Windows%APPDATA%\terraform.d\plugins
All other systems~/.terraform.d/plugins

Maintainers of third-party providers may optionally make use of the new versioning mechanism by naming provider binaries using the scheme terraform-provider-NAME_v0.0.1, where "0.0.1" is an example version. Terraform expects providers to follow the semantic versioning methodology.

Although third-party providers with versions cannot currently be automatically installed, Terraform 0.10 will verify that the installed version matches the constraints in configuration and produce an error if an acceptable version is unavailable.

Action: No immediate action required, but third-party plugin maintainers may optionally begin using version numbers in their binary distributions to help users deal with changes over time.

»Recursive Module Targeting with -target

It is possible to target all of the resources in a particular module by passing a module address to the -target argument:

$ terraform plan -out=tfplan -target=module.example
$ terraform plan -out=tfplan -target=module.example

Prior to 0.10, this command would target only the resources directly in the given module. As of 0.10, this behavior has changed such that the above command also targets resources in descendent modules.

For example, if module.example contains a module itself, called module.examplechild, the above command will target resources in both module.example and module.example.module.examplechild.

This also applies to other Terraform features that use resource addressing syntax. This includes some of the subcommands of terraform state.

Action: If running Terraform with -target in automation, review usage to ensure that selecting additional resources in child modules will not have ill effects. Be sure to review plan output when -target is used to verify that only the desired resources have been targeted for operations. Please note that it is not recommended to routinely use -target; it is provided for exceptional uses and manual intervention.

»Interactive Approval in terraform apply

Starting with Terraform 0.10 terraform apply has a new mode where it will present the plan, pause for interactive confirmation, and then apply the plan only if confirmed. This is intended to get similar benefits to separately running terraform plan, but to streamline the workflow for interactive command-line use.

For 0.10 this feature is disabled by default, to avoid breaking any wrapper scripts that are expecting the old behavior. To opt-in to this behavior, pass -auto-approve=false when running terraform apply without an explicit plan file.

It is planned that a future version of Terraform will make this behavior the default. Although no immediate action is required, we strongly recommend adjusting any Terraform automation or wrapper scripts to prepare for this upcoming change in behavior, in the following ways:

  • Non-interative automation around production systems should always separately run terraform plan -out=tfplan and then (after approval) terraform apply tfplan, to ensure operators have a chance to review the plan before applying it.

  • If running terraform apply without a plan file in automation for a non-production system, add -auto-approve=true to the command line soon, to preserve the current 0.10 behavior once auto-approval is no longer enabled by default.

We are using a staged deprecation for this change because we are aware that many teams use Terraform in wrapper scripts and automation, and we wish to ensure that such teams have an opportunity to update those tools in preparation for the future change in behavior.

Action: 0.10 preserves the previous behavior as the default, so no immediate action is required. However, maintainers of tools that wrap Terraform, either in automation or in alternative command-line UI, should consider which behavior is appropriate for their use-case and explicitly set the -auto-approve=... flag to ensure that behavior in future versions.

github logoEdit this page
  • Overview
  • Docs
  • Extend
  • Privacy
  • Security
  • Press Kit
  • Consent Manager