Terraform Folder Files and Project Layout

Which files belong in version control and which are created at runtime. A practical file checklist.

Terraform Beginner 6 min read

Updated 2026-04-12

Files you often keep in source control

A typical Terraform project folder contains a small set of .tf files that describe your infrastructure. These files are the main deliverable and should be committed.

main.tf — core resource definitions
variables.tf — input variable declarations
outputs.tf — output value declarations
versions.tf — terraform block with required provider versions
terraform.tfvars — variable values for a specific environment (sometimes excluded if it contains secrets)
.terraform.lock.hcl — provider version lock file, always commit this

Files created during local work

When you run terraform init and terraform apply, Terraform creates several local files and folders. Most of these should not go into version control.

.terraform/
terraform.tfstate
terraform.tfstate.backup
*.tfplan
crash.log

The .terraform/ folder holds provider binaries. It can be large and is fully reconstructed by terraform init. The state files record what Terraform has actually created and may include sensitive values.

Never commit terraform.tfstate in a team project. Use a remote backend such as an S3 bucket with state locking to share state safely.

A safe starter rule

Add a .gitignore file to every new Terraform project before the first commit. Start with these entries:

.terraform/
terraform.tfstate
terraform.tfstate.backup
*.tfplan
crash.log

Then commit everything else. Later you can decide whether tfvars files with real values stay outside version control too.

[ { "question": "Which file should you always add to .gitignore?", "options": [ "main.tf", "variables.tf", "terraform.tfstate", ".terraform.lock.hcl" ], "answer": 2, "explanation": "terraform.tfstate can contain sensitive data and should not be committed. Use a remote backend for team projects." }, { "question": "What is the purpose of .terraform.lock.hcl?", "options": [ "It stores provider credentials", "It locks provider versions for reproducible runs", "It prevents terraform destroy from running", "It caches the plan output" ], "answer": 1, "explanation": ".terraform.lock.hcl records the exact provider versions used so that all team members get the same providers." }, { "question": "Which folder is created when you run terraform init?", "options": [ "publish/", "modules/", ".terraform/", "state/" ], "answer": 2, "explanation": "terraform init creates the .terraform directory and downloads provider plugins into it." } ]

Terraform Folder Files and Project Layout

Files you often keep in source control

Files created during local work

A safe starter rule

Small technical takeaways

Always gitignore the .terraform folder

State in remote backend

Continue the topic

Terraform Hello World and First Step

Terraform File Structure: main.tf

Terraform: What Is the Approach to Keep Secrets