Terraform Quickstart: Part 10 – Terraform Testing Guide

How to Write and Run Terraform Tests to Avoid Downtime and Bugs

Jul 01, 2025

∙ Paid

Introduction

A team rolls out a new Terraform change to production. They accidentally referenced the wrong security group ID, resulting in critical services going offline. Downtime could have been avoided with a simple test.

Just like any application code, your Terraform configurations need testing. It helps catch errors early and improve the stability of your code.

Some frequent errors include:

Using the wrong resource types or values.
Breaking changes in modules.
Security misconfigurations.
Missing dependencies between resources.

📚Do you want to read all lessons in a single pdf? Check out my Terraform Quickstart ebook.

In this chapter, you’ll learn:

Types of tests used in Terraform projects.
Common mistakes tests can catch.
Tools you can use to test Terraform code.

Types of Terraform Tests

Tests help you validate changes before deployment, especially in CI/CD pipelines. Refer to this testing pyramid:

Let’s explore the stages one by one:

1. Terraform Validate and Format

It checks if your config is syntactically correct and all required variables are defined.

$ terraform validate

Use this before every plan.

This ensures your files follow consistent formatting.

$ terraform fmt -check

It also avoids noisy diffs in version control.

2. Static Analysis

For example, tfsec is a 3rd party tool that detects issues like open security groups, public S3 buckets, missing encryption.

$ tfsec .

Checkov is another security scanner:

$ checkov -d .

It supports many cloud providers and has extensive policies.

3. Unit & Integration Testing with Terratest (Go)

Terratest is a Go framework for testing Terraform code. You can write tests like:

terraformOptions := &terraform.Options{
    TerraformDir: "../modules/my-vpc",
}

terraform.InitAndApply(t, terraformOptions)

This approach:

Deploys real infrastructure
Verifies with assertions (e.g. "Is the VPC created?")
Destroys after test run

It's powerful but requires Go and more setup.

Keep reading with a 7-day free trial

Subscribe to Curious Devs Corner to keep reading this post and get 7 days of free access to the full post archives.