Use Terraform to provision an IAM role, S3 bucket, Lambda function, and CloudWatch log group on AWS, inspect the plan, apply the configuration, verify outputs, update safely, and destroy everything cleanly.
Before writing any files, understand how Terraform manages AWS resources differently from CloudFormation.
No commands in this step — read the Terraform model before writing configuration
Terraform uses declarative configuration files to describe the desired infrastructure state.
The AWS provider translates Terraform resources such as aws_s3_bucket, aws_iam_role, and aws_lambda_function into AWS API calls.
The core workflow is: - terraform init downloads providers and prepares the working directory - terraform fmt formats configuration consistently - terraform validate checks configuration syntax and provider schema validity - terraform plan previews the actions Terraform would take - terraform apply performs those actions and records the result in state - terraform destroy removes resources tracked in state
The most important difference from CloudFormation is state ownership.
CloudFormation stores stack state inside AWS.
Terraform stores state in a state file, usually terraform.tfstate for local learning projects.
That file maps Terraform resource addresses to real AWS resource IDs.
Do not delete terraform.tfstate before cleanup — without state, Terraform no longer knows which live resources it created.
No output — this step is conceptual.
Proceed to step 2 to create an isolated Terraform working directory.