What Terraform Is
Terraform is HashiCorp's tool for provisioning infrastructure across any cloud or service through one declarative language and a plugin system of providers. You write what you want in HCL, run terraform apply, and Terraform calls the underlying APIs to make reality match — recording everything it created in a state file so it knows what to change next time.
The whole system is three parts: the configuration you write, the providers that know how to talk to each platform's API, and the state that remembers what exists. Hold those three in your head and most of Terraform stops being mysterious. The rest of this course is, in a sense, those three parts examined one at a time.
The Terraform Model
A Terraform setup is configuration plus providers plus state. The configuration is your .tf files: the declarative description of resources. The providers are plugins Terraform downloads — aws, google, kubernetes — that translate a resource like aws_instance into the actual API calls. The state is a file mapping each resource in your config to the real object it created, so Terraform can compute a precise diff instead of recreating everything.
The minimal configuration below names a provider and declares one resource. Reading it top to bottom: require the AWS provider, configure it for a region, and declare that a VPC with this CIDR should exist. That is the entire shape of every Terraform file you will ever write — a provider and some resources — scaled up.
terraform { required_providers { aws = { source = "hashicorp/aws" version = "~> 6.0" } } } provider "aws" { region = "us-east-1" } resource "aws_vpc" "main" { cidr_block = "10.0.0.0/16" }
Provider-Agnostic by Design
Terraform itself knows nothing about AWS. The engine understands resources, dependencies, and state; everything cloud-specific lives in a provider. That separation is the source of Terraform's reach: the same language and the same plan/apply workflow manage AWS, Google Cloud, Kubernetes, GitHub, Cloudflare, Datadog, and hundreds of other platforms, instead of a different tool for each.
The practical consequence is that what you learn here transfers. The AWS provider is the cloud-specific part of this course, but the language, the state model, modules, and the workflow are universal. Switch to Google Cloud and you change the provider and the resource names, not how you think.
The HashiCorp Ecosystem
Three things share the Terraform name and are worth keeping distinct. Terraform CLI is the open binary you run locally — the subject of this course. The Registry (registry.terraform.io) hosts providers and reusable modules with versioned documentation. HCP Terraform (formerly Terraform Cloud) is the paid managed service that runs Terraform for you with remote state, run approvals, and policy. You do not need the paid service to use Terraform; the CLI plus an S3 backend gets a team a long way.
The License Change and OpenTofu
In August 2023 HashiCorp relicensed Terraform from the open-source Mozilla Public License to the Business Source License, which restricts using Terraform to build a competing commercial product. In response, the community forked the last MPL-licensed version as OpenTofu, now governed by the Linux Foundation and fully open-source. For ordinary use — running Terraform to manage your own infrastructure — the BSL changes nothing; the restriction targets vendors building rival products.
Terraform and OpenTofu remain almost entirely compatible: the HCL language, the providers, and the CLI commands are the same, and configurations are portable between them today. They have begun to diverge on newer features — OpenTofu shipped client-side state encryption, Terraform shipped Stacks (and ephemeral resources first, since adopted by OpenTofu) — and the course flags those divergences where they matter. Pick one at the organization level based on your license policy, then standardize so everyone runs the same binary.
What This Course Uses
This course teaches HashiCorp Terraform 1.x and uses the AWS provider for every example. Where OpenTofu behaves differently, you will see a note. Because providers evolve quickly, the Registry documentation for your pinned provider version is always the final word on which arguments a resource accepts — treat it as the source of truth over any tutorial, including this one.
Terraform — HashiCorp's tool under the BSL. The mainstream choice, with the largest ecosystem and first access to HashiCorp's newer features (Stacks, ephemeral resources). Choose it unless an open-source license is a hard requirement.
OpenTofu — the Linux Foundation fork under the MPL, open-source and community-governed. Nearly drop-in compatible; shipped some features first (state encryption). Choose it when an OSI-approved license is a non-negotiable, accepting a smaller-but-active ecosystem.
- Assuming Terraform is AWS-specific because every tutorial uses AWS — the AWS provider is one of hundreds, and the engine itself knows nothing about AWS.
- Believing OpenTofu and Terraform configs are incompatible and that switching means a rewrite — for the vast majority of configs, migration is changing the binary, not the code.
- Conflating the open Terraform CLI with the paid HCP Terraform and assuming you must pay to use Terraform at all.
- Pinning to a years-old Terraform version to dodge the license question without understanding the BSL only restricts building a competing product, not normal use.
- Treating a tutorial as authoritative over the Registry docs for your provider version, then using arguments that do not exist in the version you pinned.
- Treat the provider as the cloud-specific part and the Terraform language as transferable knowledge that carries across every platform.
- Decide the Terraform-versus-OpenTofu question at the organization level on license grounds, then standardize so everyone runs the same binary.
- Pin the Terraform version per project with a
required_versionconstraint so the whole team and CI run identical behavior. - Read the Registry documentation for your exact provider version as the source of truth on resource arguments.
- Keep the three parts of the model — configuration, providers, state — clearly separated in your mental model; most confusion is a mix-up of which is which.
Knowledge Check
What are the three parts that make up a Terraform setup?
- The configuration you write, the providers that call APIs, and the state that records what exists
- The CLI, the AWS console, and a CI pipeline
- The plan file that previews changes, the dependency lock file, and the remote backend that stores everything
- HCL, YAML, and JSON
Why can Terraform manage AWS, Google Cloud, and GitHub with the same language and workflow?
- The engine knows nothing platform-specific; all cloud knowledge lives in interchangeable providers
- It translates every configuration into AWS CloudFormation under the hood and submits that template to each cloud
- Each cloud ships a Terraform-compatible fork of the binary
- It only supports the features all clouds have in common
What does the BSL license change actually restrict?
- Using Terraform to build a product that competes commercially with HashiCorp's offerings
- Running Terraform internally to manage your own company's production and staging infrastructure
- Using Terraform with any cloud other than AWS
- Downloading providers from the public Registry
A teammate says you must pay for "Terraform Cloud" to use Terraform. What is the correction?
- The Terraform CLI is free; HCP Terraform is a separate paid managed service you do not need
- Correct — the CLI cannot run without an HCP Terraform subscription
- Only the AWS provider requires a paid license, while every other provider in the Registry is free to use
- You must pay only when using remote state
You got correct