Using Terraform Directly
⚠️ WARNING: POTENTIALLY DANGEROUS
Running Terraform commands manually bypasses the build system’s safety features and should only be done by experienced users who understand the risks.
Why is this dangerous?
When you run Terraform commands manually, you bypass:
- Automatic service account impersonation — you may accidentally use your personal credentials with elevated permissions
- Environment restrictions — the build system
prevents
terraform applyin production during local development. Manual commands have no such guard.
When is it necessary?
Manual Terraform commands should only be used for:
- Terraform Import — importing existing infrastructure resources into state
- Terraform State Modification — erasing or resetting resource state
For normal development, always use the standard workflow instead.
Steps
All commands below run from the project root. Set a variable for the module directory:
MODULE_DIR=infra/ha-infra/business_unit_1/non-production/cloudflare1. Initialize
If the module has not been initialized (no .terraform/
folder inside it), run init first:
./bin/terraform -chdir=$MODULE_DIR init2. Generate the token
TOKEN=$(gcloud auth print-access-token --impersonate-service-account=$SERVICE_ACCOUNT_EMAIL)The token expires after one hour.
3. Execute
TF_VAR_development_access_token=$TOKEN ./bin/terraform -chdir=$MODULE_DIR planImport Example
TF_VAR_development_access_token=$TOKEN ./bin/terraform -chdir=$MODULE_DIR import \
google_compute_instance.my_vm \
projects/my-project/zones/us-central1-a/instances/my-vmState Modification Example
TF_VAR_development_access_token=$TOKEN ./bin/terraform -chdir=$MODULE_DIR state rm \
google_compute_instance.my_vmState Locking
Terraform acquires a state lock before any write operation. If Cloud
Build is running terraform apply on the same environment,
your command will fail with a lock contention error. Wait for the other
operation to finish