HashiCorp Terraform 0.9

HashiCorp Terraform 0.9

Mar 15 2017 Mitchell Hashimoto

We've released Terraform 0.9. Terraform is a tool for safely and efficiently building, combining, and launching any infrastructure.

Since our last major Terraform release, we had 8 minor releases to add and improve hundreds of resources and dozens of providers and the number of community contributors has increased from 750 to just over 900.

Terraform 0.9 adds major new functionality to Terraform. Highlights include:


provisioner "remote-exec" { command = "consul leave" when = "destroy" } }

The example above performs a consul leave on destruction of the aws_instance.consul resource. Notice that the syntax for destroy provisioners is identical to standard provisioners with the addition of the when setting.

If a destroy provisioner fails, it will cancel the destruction of the resource. Terraform can be configured to ignore errors as well. Read more about destroy provisioners in the documentation.

State Locking

Terraform will now lock the state for supported backends to prevent multiple concurrent writes. This makes Terraform safer to use in team environments by reducing the risk of one teammember overwriting the work of another.

Terraform will automatically lock your state if the backend supports it. If locking fails, Terraform will not allow you to continue without resolving the issue or disabling state locking (not recommended). If unlocking fails, Terraform will note a lock ID and metadata that can be used to force unlock if necessary.

Local state, AWS, and Consul backends support locking in Terraform 0.9. More support for advanced locking in other backends will be added in 0.9.x releases. For local state, a local file lock is held using OS-specific APIs. This prevents inadvertently running Terraform in parallel locally.

Read the documentation on state locking to learn more.

Interruptable Provisioners

Terraform now supports interrupting all long-running provisioners.

$ terraform env select default Switched to environment "default"!

$ terraform env delete mitchellh-test Deleted environment "mitchellh-test"!

You can reference the current environment using the new ${terraform.env} interpolation. This can be used to make minor changes to your configuration based on the environment:

tags { Name = "web - ${terraform.env}" }

» ... other fields


You can learn more about state environments in the documentation page.

Remote State Revamp

Remote state is a critical part of using Terraform safely. Terraform 0.9 introduces big changes and improvements to how remote state is managed, all while being backwards compatible with existing remote state.

All the changes below are backwards compatible. Your existing remote state will continue to work. Terraform will show a warning recommending you update to the new configuration format below. We'll remove support for legacy-configured remote state in a couple major releases (Terraform 0.11).

The first major improvement is state locking, covered in its own dedicated section above. Additionally, we've made numerous improvements to remote state workflow, configuration, safety, and security.

Remote state is now part of "backends", a new abstraction in Terraform to encapsulate various pluggable functionality (such as state environments).

Backend configuration is done via the Terraform configuration:

terraform { backend "consul" { address = "demo.consul.io" path = "tfdocs" } }

Initialization and setup is now centralized in a single easy-to-use command terraform init. This command should become the go-to setup command for every team member to run for every Terraform configuration. It is safe to run multiple times and ensures your backend is properly configured.

As part of initialization, Terraform now detects any changes to your backend configuration and offers to migrate your existing state. This lets you easily move from one backend type to another and have Terraform automatically manage this change.

All Terraform commands now work seamlessly with remote state from primary commands such as terraform plan to helper commands like terraform taint

timeouts { create = "10m" } }

Interrupts can now be detected and handled with custom logic in resources. Only a handful of resources currently listen for interrupts but more will be added soon. This allows long-running resources to be quickly interrupted with a Ctrl-C. As resources implement timeouts, they'll soon also support interrupts automatically.

New providers and resources: Terraform supports dozens of new providers and hundreds of new resources. There are too many to list here! Search "New provider" or "New resource" in the changelog.

Huge improvements to existing resources. For example: AWS instances can be resized without forced destruction. We have full IPv6 support for EC2. The DNSimple provider was updated to use APIv2 while only requiring a new auth token. And many more. These are improvements that come thanks to the community working to improve Terraform for everyone everyday.


It is exciting to watch Terraform mature with every release. The community is growing and so is the team here at HashiCorp.

Your browser is out-of-date!

Update your browser to view this website correctly. Update my browser now