← Back to Paths
[PLACEHOLDER hero banner]
Terraform & Infrastructure as Code
Write production-grade Terraform that teams can trust, review, and ship without fear.
CREATED BY
S
Sahil J. [PLACEHOLDER] ★ 5.0
SDE II at TaskFlow | 6+ years of experience
About this Path
For DevOps, Cloud, and Platform engineers who know Terraform basics and want to operate it professionally across teams and environments. This roadmap covers module design, state management, testing, CI/CD integration, and the patterns that appear in senior DevOps and Platform engineering interviews. Covers Terraform 1.x and OpenTofu.
Path Overview
Intermediate LevelCertificate of CompletionAbout 40 hours to completeEnglish language16+ curated videosLearn online at your own pace5 modules with resourcesGamified & interactive
Path Curriculum
HCL deep-dive: types, expressions, functions, and for_each vs count
Dynamic blocks, conditional expressions, local values, and avoiding count anti-patterns.
Project layout: environments, modules, and monorepo vs poly-repo
Root module vs child module split, environment-per-directory, and workspace trade-offs.
Provider version pinning and dependency lock file management
Semver constraints, .terraform.lock.hcl in source control, and provider mirror configuration.
Module interface design: variables, outputs, and validation rules
Custom validation blocks, sensitive output flagging, and consumer-friendly variable defaults.
Versioning modules in a private registry or Git tags
Terraform Registry protocol, GitHub release-based versioning, and automated changelog.
Composition patterns: wrapper modules, mixins, and feature flags
Thin wrapper approach, optional resource creation with count/for_each, and feature-flag variables.
Data sources and dependency inversion between stacks
terraform_remote_state vs data source pattern, reducing coupling across independent root modules.
Remote backends: S3 + DynamoDB, Terraform Cloud, and GCS
Backend configuration, state encryption, locking mechanics, and cross-account assume-role.
State surgery: mv, rm, import blocks, and moved blocks
Safely renaming resources, importing unmanaged infrastructure, and the 1.5+ import block.
Workspace strategy: feature branches vs environment promotion
When workspaces help and when separate state files are cleaner for prod/staging split.
Handling drift: terraform refresh, targeted plans, and drift detection CI
Scheduled plan pipelines, drift alerts, and deciding when to overwrite vs reconcile.
Native Terraform testing: check blocks, preconditions, and postconditions
Lifecycle preconditions for invariant enforcement and check blocks for integration assertions.
Terratest: writing Go-based integration tests for AWS/GCP modules
Test structure, parallelism, retry helpers, and cleaning up real resources after tests.
OPA and Conftest for plan-time policy enforcement
Writing Rego policies for mandatory tags, allowed instance types, and public exposure checks.
Atlantis: PR-based workflow, repo config, and per-workspace locking
atlantis.yaml project structure, plan/apply comments, and access control via GitHub CODEOWNERS.
GitHub Actions pipeline: plan on PR, apply on merge, with OIDC auth
Keyless AWS authentication with OIDC, matrix jobs per environment, and plan artifact storage.
Secrets management: Vault provider, AWS SSM, and ephemeral resources
Dynamic credentials with Vault, SSM Parameter Store data sources, and Terraform 1.10 ephemeral values.
Scaling Terraform in large orgs: Terragrunt and component architecture
DRY root modules with Terragrunt, run-all, and dependency block orchestration across stacks.
What you'll learn
- ✓Design reusable, versioned Terraform modules with clear input validation and documented interfaces.
- ✓Manage remote state securely using S3 and DynamoDB backends with state locking and workspace strategy.
- ✓Implement a complete Terraform CI/CD pipeline using GitHub Actions, Atlantis, or Spacelift.
- ✓Test infrastructure code with Terratest and native Terraform check blocks before it reaches production.
- ✓Refactor legacy Terraform safely using state mv, import blocks, and blue-green workspace strategies.
- ✓Apply policy-as-code using Sentinel or OPA to enforce cost, security, and naming guardrails automatically.