Skip to content



The sequence of commands that you run to operate on each layer is called the Terraform workflow. In other words, it's what you would typically run in order to create, update, or delete the resources defined in a given layer.

The basic workflow

Assuming that you have everything configured, the frequent commands you'll need to run are these:

# 1. Initialize
leverage terraform init

# 2. Preview any changes
leverage terraform plan

# 3. Apply any changes
leverage terraform apply

The extended workflow

Now, the extended workflow is annotated with more explanations and it is intended for users who haven't yet worked with Leverage on a daily basis:

Terraform Workflow

  1. Make sure you understood the basic concepts:
  2. Make sure you installed the Leverage CLI.
  3. Go to the layer (directory) you need to work with, e.g. shared/global/base-identities/.
  4. Run leverage terraform init -- only the first time you work on this layer, or if you upgraded modules or providers versions, or if you made changes to the Terraform remote backend configuration.
  5. Make any changes you need to make. For instance: modify a resource definition, add an output, add a new resource, etc.
  6. Run leverage terraform plan to preview any changes.
  7. Run leverage terraform apply to give it a final review and to apply any changes.


You can use the --layers argument to run Terraform commands on more than one layer. For more information see here


If desired, at step #5 you could submit a PR, allowing you and the rest of the team to understand and review what changes would be made to your AWS Cloud Architecture components before executing leverage terraform apply (terraform apply). This brings the huge benefit of treating changes with a GitOps oriented approach, basically as we should treat any other code & infrastructure change, and integrate it with the rest of our tools and practices like CI/CD, in

Running in Automation


Figure: Running terraform with AWS in automation (just as reference).