Terraform Testing Demystified: Building Reliable Infrastructure as Code

#IaaS #Terraform #InfrastructureAsCode #IaC #DevOps #CloudEngineering #HashiCorp #TestingInfrastructure #TestDrivenDevelopment #InfrastructureTesting #Terratest #UAT #CI_CD #QualityEngineering #AutomationFirst #ShiftLeft #CloudBestPractices #DeveloperExperience #PlatformEngineering #SiteReliabilityEngineering #CloudComputing #AWS #Azure #GCP #SoftwareEngineering #TechLeadership #OpenSource #Microsoft

Introduction

In today’s fast-paced digital landscape, businesses demand agile, scalable, and reliable infrastructure. To meet these needs, Infrastructure as Code (IaC) has emerged as a game-changer—enabling teams to automate the provisioning and management of infrastructure through code. By treating infrastructure configurations as version-controlled artifacts, IaC fosters repeatability, consistency, and collaboration across development and operations.

Among the various IaC tools available, Terraform has rapidly gained popularity for its cloud-agnostic capabilities, declarative syntax, and vibrant ecosystem. Whether managing resources on AWS, Azure, GCP, or hybrid environments, Terraform provides a unified workflow that simplifies infrastructure management at scale.

However, with this power comes risk. Untested infrastructure changes can lead to outages, misconfigurations, security vulnerabilities, and costly downtime—especially in production environments. Despite IaC's promise of automation and stability, the absence of rigorous testing can undermine its benefits and introduce chaos into the CI/CD pipeline.

This article aims to empower DevOps teams by demystifying testing best practices for Terraform. From static analysis to integration and user acceptance testing, we'll explore how to build confidence in your infrastructure code, reduce errors before deployment, and ensure your Terraform configurations are robust, secure, and production-ready.

Why Testing Terraform Code is Critical

Terraform offers powerful automation for provisioning and managing infrastructure, but with that power comes significant responsibility. Unlike traditional application code, a mistake in infrastructure code can bring down production systems, open security vulnerabilities, or result in unexpectedly high cloud bills. Rigorous testing of Terraform configurations is not just a best practice—it’s essential for maintaining stability, security, and confidence in your infrastructure deployments.

1. Detect Configuration and Logic Errors Early - Terraform code, like any other codebase, is prone to syntax mistakes, misconfigurations, and logical errors. Whether it's a misconfigured subnet range or an unintended dependency between resources, early detection through testing helps prevent these issues from reaching production environments. Tools like terraform validate and terraform plan can catch many of these issues before any real infrastructure is affected.

2. Prevent Unintentional Infrastructure Changes - Without tests in place, seemingly harmless edits can lead to major unintended consequences—like destroying a production database or creating unneeded instances. Testing provides a safety net, ensuring that changes align with expectations and only modify what is intended. terraform plan and policy-as-code tools help highlight diffs and enforce change controls before applying.

3. Ensure Compliance with Security and Operational Standards - Many organizations must adhere to strict security, compliance, and operational standards. Terraform testing, especially when integrated with tools like tfsec, checkov, and OPA (Open Policy Agent), can enforce these standards automatically. This shift-left approach ensures misconfigurations and non-compliant settings are caught early in the development lifecycle.

4. Improve Maintainability and Collaboration - When Terraform code is tested thoroughly, it becomes easier for teams to maintain and extend infrastructure definitions with confidence. Testing promotes modular design, encourages better documentation, and reduces the learning curve for new contributors—making collaboration smoother across teams.

5. Enable Safe Automation via CI/CD - Automating infrastructure deployments through CI/CD pipelines is a cornerstone of modern DevOps. However, without testing, automation can become a fast track to disaster. By embedding robust Terraform tests into CI/CD workflows, teams can confidently automate deployments, knowing each change has been validated for correctness, compliance, and stability.

3. Types of Terraform Testing

To build reliable infrastructure using Terraform, it's essential to apply a layered testing approach—starting from basic syntax validation to complex end-to-end and policy compliance checks. Each type of test plays a critical role in ensuring that infrastructure behaves as expected, meets security requirements, and supports operational goals.

a. Syntax & Static Analysis

Purpose: Detect simple syntax errors, enforce best practices, and catch security misconfigurations before infrastructure is deployed.

Tools:

• terraform validate: Verifies whether the configuration is syntactically valid and internally consistent.
• tflint: A linter for Terraform code that checks for style issues, deprecated syntax, and common mistakes.
• checkov: Performs static analysis to ensure infrastructure complies with security policies and industry benchmarks (e.g., CIS).
• tfsec: Scans Terraform code for security risks such as open ports, unencrypted resources, or publicly accessible services.

What They Check:

• Syntax correctness
• Security misconfigurations
• Policy violations
• Cloud provider best practices

These tools form the base of the testing pyramid and should be included in every CI/CD pipeline.

b. Unit Testing

Purpose: Validate individual units of infrastructure—typically modules or specific resources—by checking expected plans, logic, and outputs.

Concept of a Unit in Terraform: In the context of Terraform, a "unit" can be a module, resource block, or configuration file that serves a distinct purpose.

Approach:

• Use terraform plan to inspect changes.
• Mock external data sources, backends, and providers to isolate behavior.
• Test module input/output behavior without deploying real infrastructure.

Tools:

• Terratest (Go): Allows writing automated tests that can invoke terraform init, apply, and destroy programmatically.
• Kitchen-Terraform (Ruby): Integrates Test Kitchen with Terraform for testing modules in isolated environments.
• Conftest (Rego): Used for writing custom policies to test configurations against expected outcomes.

These tests are fast and ideal for early feedback.

c. Integration Testing

Purpose: Verify that infrastructure components work together correctly after deployment in a controlled sandbox or staging environment.

What It Involves:

• Deploying real infrastructure in a non-production environment.
• Testing interactions (e.g., whether a load balancer routes traffic to backend instances).
• Checking service availability (e.g., hitting an API endpoint, connecting to a database).

Cleanup Strategy: Always include terraform destroy or lifecycle hooks to clean up resources after tests. This avoids resource sprawl and unnecessary cloud costs.

Example Use Cases:

• Confirming a VPC is correctly peered with another.
• Ensuring that a service is reachable through a provisioned DNS record.

Integration tests ensure that individual resources combine correctly to form a working system.

d. End-to-End (E2E) Testing / UAT

Purpose: Validate that infrastructure deployments meet business requirements and operate as expected in real-world scenarios.

Focus Areas:

• Full system validation, from provisioning to operational readiness.
• Ensuring infrastructure aligns with production architecture.
• Matching outputs and configurations across environments (dev/stage/prod).

Example: Check that all environments use the same instance types, networking rules, and tagging strategies as defined in organizational standards.

Automation: Use scripts or test frameworks to automate UAT based on criteria defined by business stakeholders.

End-to-end tests close the loop by connecting technical outcomes with business expectations.

e. Security & Policy Compliance Testing

Purpose: Enforce security and governance standards at every stage of the Terraform lifecycle using automated checks.

Tools & Methods:

• OPA (Open Policy Agent) and Rego: Define and enforce custom policies (e.g., encryption required on S3 buckets).
• Sentinel (HashiCorp): A policy-as-code engine integrated with Terraform Enterprise.
• Checkov and tfsec: Detect security issues and enforce cloud security best practices.
• Custom in-house policies: Validate tagging, RBAC rules, and naming conventions.

Shift-Left Testing: Integrate these checks early in the development cycle—before apply—to avoid costly remediations later.

Security testing ensures your infrastructure is not only functional but also compliant, secure, and auditable.

4. Introducing the LOVE Framework

We propose a simple but comprehensive framework to help structure your Terraform testing strategy: LOVE.

L – Lint

Start by scanning your Terraform code for syntax issues, style violations, and known misconfigurations using static analysis tools. This stage prevents careless mistakes from entering your repositories.

O – Observe

Before applying infrastructure changes, use terraform plan and state inspection to understand exactly what changes will occur. Observing plan output helps prevent surprises and allows for peer review.

V – Verify

Use automated testing tools to verify that your Terraform modules and deployed infrastructure behave as expected. This includes unit tests, integration tests, and infrastructure policy enforcement.

E – Evaluate

Finally, evaluate the infrastructure from an end-user and business standpoint through User Acceptance Testing (UAT). This ensures the deployed infrastructure meets real-world business needs.

Together, these four phases create a reliable, test-driven workflow for Terraform that can scale across teams and environments.

Phase 1: Lint – Clean, Consistent, Secure Code

Linting Terraform code ensures it is formatted, readable, and free from basic syntax or security issues. Linting is the first layer of protection, catching simple yet critical issues before deeper testing layers.

Why Lint?

• Enforces consistent coding standards
• Prevents syntax and formatting errors
• Detects known bad practices or insecure patterns
• Enables static security checks

Core Linting Tools

1. terraform fmt

Automatically formats your Terraform code. Run it before every commit.

terraform fmt -recursive        

2. terraform validate

Validates your configuration files for syntax correctness and internal references.

terraform validate        

3. TFLint

Lints Terraform code for stylistic errors and cloud-provider-specific issues.

tflint --init        

Supports plugins for AWS, Azure, GCP, and custom rules.

4. Checkov

A security-first static analysis tool. Scans Terraform files against policies and compliance frameworks.

checkov -d .        

5. tfsec

Another popular static analysis tool for security-focused checks.

tfsec .        

Integration Tip:

Automate these tools using Git pre-commit hooks or CI pipelines to enforce standards before code is merged.

Phase 2: Observe – Understand What Will Change

Observation is the act of visualizing and reviewing infrastructure changes before they’re applied.

Why Observe?

• Prevent unintended changes
• Improve code reviews
• Estimate cost impacts
• Visualize dependencies
• Enable rollback strategies

Observation Tools and Techniques

1. terraform plan

Generates a readable plan of what Terraform intends to do.

terraform plan -out=tfplan        

2. terraform show -json

Outputs Terraform plans in JSON for programmatic analysis.

terraform show -json tfplan > plan.json        

3. Infracost

Estimates the cost of resources in your plan file.

infracost breakdown --path .        

4. Terraform Graph

Visualizes the dependency tree.

terraform graph | dot -Tpng > graph.png        

5. Pull Request Bots

Use GitHub Actions to post plan diffs into pull request comments. This enables team-wide visibility and review.

Phase 3: Verify – Test the Behavior of Infrastructure

Verification involves automated testing of Terraform code and its infrastructure output. It covers both unit tests (module behavior) and integration tests (resource interaction).

Unit Testing Terraform Modules

Focuses on testing input/output behavior of individual modules.

Tools:

• Terratest: A Go framework that deploys real infrastructure and validates its behavior.
• Kitchen-Terraform: Uses Test Kitchen and InSpec to test Terraform deployments.
• OPA/Conftest: Uses policy as code to validate resource configurations.

Example Terratest Code:

func TestEC2Module(t *testing.T) {     options := &terraform.Options{         TerraformDir: "../examples/ec2-instance",     }     defer terraform.Destroy(t, options)     terraform.InitAndApply(t, options)     instanceIP := terraform.Output(t, options, "public_ip")     assert.NotEmpty(t, instanceIP) }        

Integration Testing

Tests how Terraform resources interact post-deployment.

Examples:

• Is the EC2 instance reachable over SSH?
• Can the Lambda function access the DynamoDB table?
• Are security groups correctly attached?

Kitchen-Terraform Sample:

verifier:   name: inspec   sudo: true   systems:     - name: default       backend: ssh       host: 1.2.3.4       user: ubuntu        

Phase 4: Evaluate – Perform User Acceptance Testing (UAT)

UAT brings business validation to infrastructure. It ensures infrastructure meets user needs—not just technical correctness.

What is UAT for Terraform?

User Acceptance Testing validates real-world use cases:

• Can users access the new application portal?
• Is Single Sign-On (SSO) working via Azure AD?
• Are dashboards loading correctly for business users?

Steps to Enable UAT

1. Expose Outputs: Use Terraform outputs to provide login URLs, credentials, IPs, etc.
2. Deploy UAT Environment: Use a dedicated workspace (uat) or a staging account.
3. Provide Test Cases: Share access and business test cases with stakeholders.
4. Capture Feedback: Log Jira tickets, Slack approvals, or UAT sign-off sheets.

5. Popular Tools for Terraform Testing

1. terraform validate

Validates Terraform configuration files for syntax correctness and internal consistency, ensuring that variables, modules, and resource definitions are properly structured. It does not check against actual cloud provider APIs.

2. terraform plan + show

Generates and previews the execution plan for Terraform changes (plan), and then displays the resulting resource state in human-readable or JSON format (show). Used to confirm infrastructure behavior before applying changes.

3. tflint

A pluggable linter for Terraform that identifies style issues, deprecated syntax, and provider-specific misconfigurations. It enhances code quality by enforcing best practices and reducing common mistakes.

4. tfsec

A static analysis security scanner that detects misconfigurations and insecure practices in Terraform code. It checks for issues like open ports, public S3 buckets, and unencrypted resources, helping teams build secure infrastructure by default.

5. checkov

A Python-based static code analysis tool that scans Terraform (and other IaC) files for security and compliance violations using predefined or custom policies. It integrates well into CI/CD pipelines and supports frameworks like CIS and NIST.

6. Terratest

A Go-based testing library that enables automated unit and integration tests for Terraform modules. It executes Terraform commands, verifies infrastructure behavior (e.g., network connectivity), and ensures deployments work as expected in real environments.

7. Kitchen-Terraform

An extension of Test Kitchen (originally for Chef) that supports testing Terraform code. It allows you to define test suites in Ruby and run tests against deployed infrastructure using tools like InSpec or Serverspec.

8. Conftest

A policy-as-code tool that uses the Rego language (from OPA) to test Terraform plans and configurations against custom rules. It’s ideal for enforcing governance, compliance, and security policies across teams and environments.

6. CI/CD Pipeline Integration

Integrating Terraform testing into your CI/CD pipeline is essential to achieving automated, reliable, and secure infrastructure delivery. By embedding testing steps into platforms like GitHub Actions, GitLab CI, Jenkins, or Azure DevOps, DevOps teams can catch misconfigurations early, enforce governance, and deploy infrastructure safely and consistently.

Key Benefits of CI/CD Integration

• Enforces testing discipline and standardization
• Detects issues early with fast feedback
• Prevents human error in production environments
• Enables collaboration through code reviews and approvals
• Supports auditability and change tracking

Typical CI/CD Workflow for Terraform

A well-structured pipeline should follow a layered validation and testing process.

1. Lint               →  tflint (code style and best practices)
2. Validate           →  terraform validate (syntax and config structure)
3. Static Analysis    →  tfsec / checkov (security & compliance checks)
4. Plan               →  terraform plan (preview changes)
5. Unit Tests         →  Terratest / Kitchen-Terraform (module testing)
6. Integration Tests  →  Live infrastructure in sandbox
7. Policy Checks      →  OPA / Sentinel / Conftest (custom rule enforcement)
8. Manual Gate        →  Plan diff approval (optional for production)
9. Apply              →  terraform apply (controlled deployment)
        

Each stage should be independently testable and provide fast feedback where possible (especially stages 1–5).

Platform-Specific Integrations

GitHub Actions

• Use hashicorp/setup-terraform to install Terraform CLI.
• Define jobs for each test stage using matrix builds.
• Add required approvals via GitHub branch protection rules.

GitLab CI

• Use .gitlab-ci.yml to define Terraform stages.
• Create jobs for linting, validating, planning, testing, and applying.
• Integrate terraform plan with terraform fmt, tfsec, and Terratest as pipeline steps.

Jenkins

• Use Jenkins Pipeline (declarative or scripted) with Terraform CLI and custom test scripts.
• Plugins like Pipeline: GitHub, JUnit, and Blue Ocean enhance UX and visibility.
• Store test results and artifacts using Jenkins archives.

Azure DevOps

• Use Terraform extensions in Azure DevOps Pipelines.
• Define pipeline steps using azure-pipelines.yml.
• Integrate service connections and key vaults for secure secrets management.
• Use Environments and Approvals & Checks for gated releases.

Plan Diff Approvals: A Production Gatekeeper

For environments like production, it's recommended to introduce manual approval gates before executing terraform apply. This can be implemented by:

• Generating and storing the terraform plan output as an artifact.
• Requiring human approval or PR review before the apply step.
• Using tools like Atlantis or Terraform Cloud for plan/apply workflow management.

7. Sample Test Scenarios

Effective Terraform testing isn't just about syntax validation—it’s about validating intent, correctness, and compliance. Below are sample test scenarios that showcase how testing can be used to enforce architectural standards, reduce risk, and improve infrastructure quality.

1. Validate VPC CIDRs Do Not Overlap

Why it matters: Overlapping CIDR blocks between VPCs can cause routing conflicts, VPN failures, and connectivity issues.

How to test:

• Use Terratest or Conftest to extract and compare CIDRs.
• Add logic to detect overlaps with predefined ranges.
• Example rule in Rego (Conftest):

deny[msg] {
  input.resource_type == "aws_vpc"
  cidr_overlap(input.values.cidr_block, data.existing_networks)
  msg := "VPC CIDR overlaps with existing networks"
}
        

2. Confirm Naming Conventions Are Followed

Why it matters: Consistent naming helps with resource discovery, maintenance, and automation.

How to test:

• Use tflint with custom rules or Conftest to enforce regex-based naming.
• Example: All S3 buckets should follow env-team-resource format.

deny[msg] {
  input.resource_type == "aws_s3_bucket"
  not regex.match("^(dev|prod|stg)-[a-z]+-[a-z0-9-]+$", input.values.bucket)
  msg := sprintf("Invalid bucket name: %s", [input.values.bucket])
}
        

3. Ensure Only Encrypted Storage Is Used

Why it matters: Unencrypted storage (e.g., S3, EBS, RDS) is a common security risk and may violate compliance policies.

How to test:

• Use tfsec, checkov, or Conftest to validate encryption settings.
• Example:

deny[msg] {
  input.resource_type == "aws_ebs_volume"
  not input.values.encrypted
  msg := "EBS volume must be encrypted"
}
        

4. Check That Tagging Strategy Is Enforced

Why it matters: Tags enable cost tracking, automation, and environment classification.

How to test:

• Use tflint custom rules or checkov policies.
• Validate presence of required tags like Environment, Owner, CostCenter.

deny[msg] {
  required_tags := {"Environment", "Owner", "CostCenter"}
  input.resource_type == "aws_instance"
  some tag in required_tags
  not input.values.tags[tag]
  msg := sprintf("Missing required tag: %s", [tag])
}
        

5. Verify Critical Outputs Exist and Are Correct

Why it matters: Terraform outputs are often used as inputs for dependent stacks or external systems.

How to test:

• Use Terratest to read and assert output values after a plan/apply in test environment.
• Example test: Ensure ALB DNS name is outputted and reachable.

albDNS := terraform.Output(t, terraformOptions, "alb_dns_name")
require.NotEmpty(t, albDNS)
http_helper.HttpGetWithRetry(t, "http://"+albDNS, nil, 200, "Welcome", 10, 5*time.Second)        

8. Challenges in Terraform Testing

1. Ephemeral Environments and Cleanup

Terraform often provisions ephemeral (temporary) infrastructure during testing, which must be cleaned up properly to avoid resource leaks and unexpected costs. Managing this lifecycle reliably is tricky because:

• Test failures might leave behind orphaned resources.
• Proper teardown scripts or automated destroy steps are required.
• Parallel tests can interfere if not isolated correctly.
• Ensuring consistent environment states between test runs is complex.

2. Time and Cost of Integration Tests

Integration tests that involve actual cloud resource provisioning can be:

• Time-consuming: Creating, modifying, and destroying cloud resources can take several minutes or longer.
• Expensive: Running tests that spin up real cloud infrastructure repeatedly can incur significant costs.
• This often limits how frequently and how extensively integration tests can be run, pushing teams toward mocking or limited scope tests.

3. Testing External Services and APIs

Terraform configurations frequently depend on or interact with external services such as:

• Cloud provider APIs,
• Third-party service integrations,
• External data sources. Challenges include:
• Ensuring these external dependencies are stable and available during tests.
• Handling rate limits, API changes, and network issues.
• Simulating external service behavior or using mock responses to avoid side effects.
• Avoiding false negatives or positives due to external factors beyond test control.

4. Managing Secrets and Credentials Securely

Terraform tests often require access to sensitive information like:

• Cloud provider credentials,
• API keys,
• Database passwords. Challenges here involve:
• Securely injecting secrets into the test environment without exposing them in logs or code.
• Avoiding hardcoding or committing secrets into repositories.
• Using secret management tools or environment variables safely.
• Ensuring least privilege principles and rotating credentials to minimize security risks.

9. Best Practices for Terraform Testing

1. Modularize Terraform Code

• Break down your infrastructure code into reusable, well-defined modules.
• Modularization makes testing easier by isolating components for unit testing.
• Encourages consistent infrastructure patterns and reduces duplication.
• Enables focused tests on smaller parts before integrating.

2. Follow DRY and KISS Principles

• DRY (Don’t Repeat Yourself): Avoid duplicating code or test logic to reduce errors and maintenance overhead.
• KISS (Keep It Simple, Stupid): Write clear, straightforward Terraform code and tests that are easy to understand and modify.
• These principles improve readability and maintainability of both code and tests.

3. Use Version Control for Test Code

• Store Terraform configurations and test scripts together in a version control system (e.g., Git).
• Enables tracking changes, rollback, and collaboration across teams.
• Use branches and pull requests to review changes to infrastructure and tests.
• Integrates well with CI/CD pipelines to automate testing on every commit.

4. Automate All Tests in Pipelines

• Integrate linting, validation, unit, integration, and security tests into your CI/CD pipeline.
• Automation ensures consistent quality checks on every change.
• Provides immediate feedback to developers, reducing the chance of breaking infrastructure.
• Enables gating deployment until tests pass, enhancing reliability.

5. Review Test Coverage Regularly

• Monitor which parts of your Terraform codebase are covered by tests.
• Identify gaps where important resources or modules lack adequate testing.
• Update or add new tests as infrastructure evolves or new modules are added.
• Helps maintain confidence in infrastructure changes over time.

6. Implement Rollback and Cleanup Strategies

• Design your test workflows to include automatic cleanup of resources after tests complete or fail.
• Use Terraform’s destroy commands or cloud-native scripts to remove ephemeral resources.
• Implement rollback mechanisms to revert to known good states if deployments fail.
• Prevent resource leaks that cause cost overruns and cluttered environments.

10. Future Trends in Terraform Testing

1. AI-Driven Code Reviews for Infrastructure as Code (IaC)

• AI and machine learning tools will increasingly assist in reviewing Terraform code.
• Automated analysis will detect misconfigurations, anti-patterns, and security risks before deployment.
• AI can provide intelligent suggestions for optimization and compliance improvements.
• This will speed up code reviews and reduce human errors in complex infrastructure scripts.

2. Preemptive Drift Detection and Self-Healing Tests

• Drift detection tools will become more proactive, identifying configuration drift before it impacts production.
• Integration of self-healing mechanisms will allow tests to not only detect drift but automatically correct it or trigger remediation workflows.
• This trend moves infrastructure management toward autonomous, self-correcting systems.
• Results in increased stability and reduced manual intervention.

3. Native Testing Frameworks in Terraform

• Expect development of built-in testing capabilities within Terraform itself or closely integrated frameworks.
• These will provide standardized ways to write, run, and report on unit, integration, and compliance tests.
• Streamlines testing workflows and makes them more accessible for teams without extensive testing expertise.
• Reduces reliance on external tools and custom scripts.

4. Greater Convergence of Security and IaC Pipelines (DevSecOps)

• Security will be embedded deeply into IaC pipelines, with automated checks for vulnerabilities, policy compliance, and secrets management.
• Terraform testing will incorporate security scanning as a first-class citizen alongside functionality and performance tests.
• This convergence supports DevSecOps practices, ensuring infrastructure is secure by design.
• Enhances governance and compliance posture while accelerating deployment cycles.

11. Conclusion

Testing Terraform code is essential to ensure the reliability, security, and maintainability of your infrastructure. By catching errors early, preventing unintended changes, and automating validations, testing helps teams deliver infrastructure confidently and efficiently.

Adopting a test-first mindset encourages proactive quality assurance, making tests an integral part of the development lifecycle rather than an afterthought. This approach leads to more resilient infrastructure and faster iteration cycles.

Starting small—by introducing basic linting and validation tests—and gradually expanding to comprehensive unit and integration testing allows teams to build testing maturity sustainably. Over time, this disciplined practice will pay off through reduced outages, lower costs, and improved collaboration.

Investing in Terraform testing today sets the foundation for scalable, secure, and agile infrastructure management tomorrow.

12. Appendix

Sample Test Cases

1. YAML Example – Terratest with Go (unit test skeleton):

package test

import (
    "testing"
    "github.com/gruntwork-io/terratest/modules/terraform"
)

func TestTerraformBasicExample(t *testing.T) {
    terraformOptions := &terraform.Options{
        TerraformDir: "../examples/basic",
    }

    // Clean up resources with "terraform destroy" at the end of the test
    defer terraform.Destroy(t, terraformOptions)

    // Run "terraform init" and "terraform apply"
    terraform.InitAndApply(t, terraformOptions)

    // Validate output values or resource attributes
    output := terraform.Output(t, terraformOptions, "instance_id")
    if output == "" {
        t.Fatalf("Expected instance_id output to be non-empty")
    }
}        

Terraform Testing Checklist

• Code Quality
• Security Scanning
• Unit Testing
• Integration Testing
• Cleanup
• Version Control
• CI/CD Integration
• Secrets Management
• Test Coverage Review

Links for Tools

• Terraform CLI Docs: https://www.terraform.io/docs/cli/index.html
• Terratest: https://terratest.gruntwork.io/
• TFLint: https://github.com/terraform-linters/tflint
• TFSEC: https://tfsec.dev/
• Checkov: https://www.checkov.io/
• Open Policy Agent (OPA) / Gatekeeper: https://www.openpolicyagent.org/
• GitHub Actions for Terraform: https://github.com/hashicorp/setup-terraform
• Terraform Testing Best Practices: https://www.hashicorp.com/resources/terraform-testing-strategies