# Managing Terraform infra in Cortex

Cortex Workflows can trigger Terraform execution to manage your cloud infrastructure, such as provisioning new services, databases, buckets, or networking primitives.

[Terraform](https://developer.hashicorp.com/terraform/intro) is an infrastructure-as-code tool that lets you provision, manage, and update infrastructure. Terraform can help you manage databases, s3 buckets, clusters, and every other component that comprises your infra. Terraform’s ability to manage resources comes from **providers**, which are plugins that enable interaction with cloud providers, SaaS providers, and other APIs. Providers allow you to define as code what a resource looks like.

The instructions on this page apply to [Terraform Cloud](https://developer.hashicorp.com/terraform/tutorials/cloud-get-started/cloud-sign-up), the web-based interface for Terraform.

{% hint style="info" %}
Cortex integrates with Terraform in two different ways, depending on whether you want to manage Cortex resources using Terraform or use Cortex to drive Terraform runs for your infrastructure.

To learn about managing Cortex resources using Terraform, see [Manage entities using Cortex Terraform Provider](/ingesting-data-into-cortex/entities-overview/entities/terraform/terraform-provider.md).
{% endhint %}

## How to manage Terraform infrastructure in Cortex

{% hint style="success" %}
See end-to-end examples for [using a Workflow to provision an EC2 instance with Terraform](https://github.com/cortexapps/hippocampus/blob/master/ingesting-data-into-cortex/entities/broken-reference/README.md), [using a Workflow to update the EC2 instance](https://github.com/cortexapps/hippocampus/blob/master/ingesting-data-into-cortex/entities/broken-reference/README.md), and [using a Workflow to destroy a resource](https://github.com/cortexapps/hippocampus/blob/master/ingesting-data-into-cortex/entities/broken-reference/README.md).
{% endhint %}

### Prerequisite

Expand the tile below for instructions on provisioning a new instance.

<details>

<summary>Provision a new instance and update the instance name</summary>

* Provision a new instance
  * Terraform will automatically provide you with a starter workspace when you begin — our example workspace is named **"tfc-guide-example"**.

<div align="left"><img src="/files/AejgHmD0hDWvaVHLkq2k" alt="Our example workspace is named &#x22;tfc-guide-example&#x22;" width="563"></div>

* Update the instance name in the Terraform `variables.tf` file.
  * All Terraform modules come with a file called `variables.tf`. As part of the Terraform script, we can enter variables for a given set, like region or instance type. In the example screen shot below, the variable name is "My Other Great Instance".

<div align="left"><img src="/files/ZzSxOI2nhsImuwyb8Bbj" alt="The variable instance name is &#x22;My other great instance.&#x22;" width="375"></div>

* Note: Terraform modules also come with a `main.tf` file, which contains instructions and information about the action. In our example, the `main.tf` file describes the instance that we’re going to create through Terraform.

![Example of the main.tf file](/files/SwpnYlI1U7NuusK2N33q)

{% hint style="info" %}
Terraform stores a “state” about your infrastructure and configuration when it’s deployed. State maps resources to this configuration, and will update any time variables or properties are changed.
{% endhint %}

</details>

### Step 1: Confirm your instance name update in Terraform

In Terraform Cloud, navigate to the **Run** page. Verify that the changes you made to the instance name in `variables.tf` have applied.

<div align="left"><img src="/files/vlr2ud7RS3Aen8dWGo4Y" alt="In Terraform, verify that your changes have applied." width="563"></div>

In Terraform, there are two primary commands: `plan` and `apply`.

* The `plan` command creates a plan and preview of the changes that will be made to your infrastructure. During the plan stage, Terraform assesses the `main.tf` file with variables and compares it against the state. If there are differences, Terraform prompts you to approve and apply the change.
* When you navigate to the run that was triggered by updating `variables.tf`, you can see that the plan was automatically conducted. In this case, the plan was to create an instance with the name provided earlier. Verify that the run displays a "Plan finished" message.

<div align="left"><img src="/files/lvqVS2Y1m6xSKgPTAYR2" alt="Terraform displays a &#x22;Plan finished&#x22; message." width="563"></div>

In AWS, you can confirm that the instance exists and that the Terraform action was successful:

![AWS shows that the instance exists.](/files/tnBnVbv1bpFW2tOA7ORw)

{% hint style="info" %}
In this example, we made direct modifications to the main branch, but typically, you will edit a separate branch and create a pull request. This approach will run a plan in Terraform, but will not automatically apply changes.
{% endhint %}

### Step 2: Add the Terraform template in Cortex

Cortex not only integrates with Terraform, but can enhance your use of it. Once the integration is set up, you’ll use a [Scaffolder step in a Workflow](/streamline/workflows.md#scaffolder) to interact with Terraform.

You must have the `Configure Scaffolder templates` permission.

{% hint style="info" %}
When using the Scaffolder, it's best to edit a secondary branch and create a pull request — the Scaffolder will actually create the pull request for you, which someone else can approve to apply the changes.
{% endhint %}

1. Create a [Cookiecutter](https://www.cookiecutter.io/) JSON file that is equivalent to your Terraform module.
   * In this file, we defined the region and instance name. You’ll then update the fields in the `variables.tf` file so it knows to pull information from the Cookiecutter JSON.\
     ![](/files/yq0nCQXZqRi44UCLroZT)
2. [Register your template](/streamline/workflows/scaffolder.md#step-2-add-the-template-to-cortex) in Cortex.
3. After you have added the template to Cortex, you can [create a Workflow](/streamline/workflows.md) that includes a [Scaffolder](/streamline/workflows.md#scaffolder) block using the template.
4. Run the Workflow. When you run it, Cortex will automatically open a pull request against the selected repository.

#### Verify that the process worked

<details>

<summary>Verify the process</summary>

To verify that the process worked, open Terraform Cloud and navigate to **Runs**.

Any runs that originate from Cortex will have `[Cortex Scaffolder]` at the start of their name. Click into one of these runs to see its status and how many changes were proposed.

<div align="left"><img src="/files/Lf9dAXnx0JrE6JaT6gr6" alt="A Cortex Scaffolder run shows as planned and finished in Terraform." width="563"></div>

</details>

## Execute a run via a Workflow

Terraform Cloud also has an API that can be used to make updates without following the pull request workflow. You can use a [Workflow](/streamline/workflows.md) in Cortex to execute a run through the API. If a run is set to automatically apply, then Cortex will handle the rest of the process.

1. [Create a Workflow](/streamline/workflows.md) in Cortex.
2. Add a [user input](/streamline/workflows.md#user-input) block.
   1. Define inputs for `Instance name`, `Region`, and `Instance type`.
3. Add an [HTTP request](/streamline/workflows.md#http-request) block. Configure the following fields:
   1. **HTTP method**: Select `POST`.
   2. **URL**: Enter the URL for the Terraform API you want to call.
   3. **Headers**: Add `Authorization: Bearer {{token}}` and `Content-type: application/(name)`.
   4. **Payload**: Build the payload by referencing the outputs of the "User input" block, e.g., `{{actions.input.outputs.instance-name}}`
4. Save the Workflow. After saving, click **Run** at the top of the Workflow to run it.

When the Workflow is run in Cortex, it will override data in the `variables.tf` file with information that was entered in the fields.

#### Verify the run

<details>

<summary>Verify that the action was successful</summary>

In Terraform Cloud, you can verify that the action was successful and the run was queued. Runs triggered by actions are named "Triggered via API."

<div align="left"><img src="/files/y9nEFfB1mPitCsrkXltj" alt="The run in Terraform is labeled &#x22;Triggered via API.&#x22;" width="563"></div>

Once the run has been applied, you can also verify it in AWS. In the example screen shot below, the instance name has been changed:

![The instance is listed in AWS.](/files/V2UO1vlYEs0cvITqFe2j)

</details>

## Terraform Workflow examples

See guides on creating the following Workflows: [Provision EC2 instance with Terraform](/guides/production-readiness/terraform/provision.md), [Update EC2 instance](/guides/production-readiness/terraform/update.md), and [Terraform destroy](/guides/production-readiness/terraform/destroy.md).


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.cortex.io/ingesting-data-into-cortex/entities-overview/entities/terraform.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.