🗺️
Terraform Learning Roadmap
A structured path from Terraform beginner to HashiCorp Certified: Terraform Associate. Master IaC, state management, modules, CI/CD automation, and production security.
Estimated time:4–8 weeks to Associate+4 weeks for production patterns
1🌱
Phase 1 — Core Concepts
What is IaC and why Terraform?foundational
HCL syntax: resources, variables, outputsfoundational
Providers and plugin registryfoundational
terraform init / plan / apply / destroymust learn
Local vs remote statefoundational
.tfvars and variable precedencefoundational
2🗄️
Phase 2 — State Management
Remote backends (S3, GCS, Azure Blob)must learn
State locking with DynamoDB / GCS
terraform state commands (list, mv, rm, show)
Importing existing infrastructure
Sensitive values in stateimportant
State file encryptionimportant
3📦
Phase 3 — Modules
Module structure (main/variables/outputs)
Registry modules vs local modulesmust learn
Module versioning and pinning
Input validation blocks
Nested modules and composition
Public Terraform Registrymust learn
4🌍
Phase 4 — Workspaces & Environments
Workspaces (terraform workspace)
Environment promotion patterns (dev/stg/prod)
Using locals for environment logic
Conditional expressions and count/for_each
Dynamic blocks
Data sources for cross-stack references
5🔄
Phase 5 — CI/CD & Automation
GitHub Actions / GitLab CI for Terraformimportant
atlantis for PR-based automation
terraform plan output as PR comment
OIDC-based cloud auth (no long-lived keys)important
Drift detection and scheduled plans
HCP Terraform (formerly Terraform Cloud)advanced
6🔐
Phase 6 — Security
Secrets management (Vault, AWS SSM / Secrets Manager)must learn
IAM least-privilege for Terraform runners
Scanning with tfsec / Checkov / Trivy
Provider credential injection patterns
Encrypting remote state at rest
Sentinel policies (HCP Terraform)advanced
7🚀
Phase 7 — Advanced Patterns
Terragrunt for DRY configurationsadvanced
provider_meta and custom provider development
Lifecycle rules (create_before_destroy, ignore_changes)
Moved blocks for state refactoring
terraform_remote_state data source
Multi-region and multi-account patternsadvanced
8🏅
Phase 8 — Certification
Exam domains: IaC concepts, core workflow, state, modules, HCP
Official study guide and sample questions
Practice with real cloud providers (AWS / GCP)important
Time management: 57 questions / 60 min
HashiCorp Certified: Vault Associateafter TF
Ready to start?
Start with the CLI cheatsheet to learn the core workflow, then tackle interview questions.