The growth of the Terraform community is absolutely astounding. New providers are constantly popping up, providers are being upgraded at a feverish pace, and amazing new features are constantly being added. With all of this change, deprecations and breaking changes periodically surface. One way to protect yourself from breaking changes is to pin providers and modules to specific versions. You can accomplish this by adding specific git hashes or tags to your source statements, and by adding version directives to your provider definitions:
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "4.9.0"
}
.....
}
}
Terraform also has a required_version configuration directive to pin the version of Terraform you use:
terraform {
required_version = "1.0.8"
.....
}
}
With proper testing, you can propagate new versions between environments and catch breaking changes very early on in the process. One super cool utility that helps with this is tfswitch. Tfswitch can be used to manage a collection of terraform binaries, and “activate” the version defined in the required_version block. Activating a specific version is as easy as changing into the directory you want to work in, and running tfswitch:
$ cd environments/testing/services/vault
$ tfswitch
Reading required version from terraform file
Reading required version from constraint: 1.0.11
Matched version: 1.0.11
Installing terraform at /home/matty/bin
Switched terraform to version "1.0.11"
Tfswitch will download the version of Terraform that is specified in required_version if it doesn’t exist, and that will become accessible through your $PATH. Behind the scenes, tfswitch will place versioned terraform binaries in $HOME/.terraform.versions. The version specified in your HCL will be symbolically linked to $HOME/bin (or the location passed to “–bin”). We can see this with ls:
$ ls -la $HOME/bin/terraform
lrwxrwxrwx. 1 matty matty 48 Apr 8 15:43 /home/matty/bin/terraform -> /home/matty/.terraform.versions/terraform_1.0.11
Super useful utility, and makes working with multiple environments a bit easier.