Run Terraform commands via Docker in this project. Use this skill whenever you need to run terraform init, plan, apply, destroy, output, or any other terraform CLI command. This project does NOT have Terraform installed locally — all terraform commands MUST go through Docker. Also use this skill when the user asks about infrastructure provisioning, AWS resource management, or IaC operations in this repo.
This project runs Terraform through the official Docker image (hashicorp/terraform:1.14). Never run terraform directly on the host.
docker run --rm \
-v "$(pwd)/infra/aws:/workspace" \
-v "$HOME/.aws:/root/.aws:ro" \
-e AWS_PROFILE=personal \
-w /workspace \
hashicorp/terraform:1.14 <command>
| Flag | Purpose |
|---|---|
-v "$(pwd)/infra/aws:/workspace" | Mount the Terraform root module into the container |
-v "$HOME/.aws:/root/.aws:ro" | Mount AWS credentials (read-only) for SSO auth |
-e AWS_PROFILE=personal | Use the SSO profile |
personal-w /workspace | Set working directory inside the container |
docker run --rm -v "$(pwd)/infra/aws:/workspace" -v "$HOME/.aws:/root/.aws:ro" -e AWS_PROFILE=personal -w /workspace hashicorp/terraform:1.14 init
docker run --rm -v "$(pwd)/infra/aws:/workspace" -v "$HOME/.aws:/root/.aws:ro" -e AWS_PROFILE=personal -w /workspace hashicorp/terraform:1.14 plan
docker run --rm -v "$(pwd)/infra/aws:/workspace" -v "$HOME/.aws:/root/.aws:ro" -e AWS_PROFILE=personal -w /workspace hashicorp/terraform:1.14 apply
docker run --rm -v "$(pwd)/infra/aws:/workspace" -v "$HOME/.aws:/root/.aws:ro" -e AWS_PROFILE=personal -w /workspace hashicorp/terraform:1.14 destroy
docker run --rm -v "$(pwd)/infra/aws:/workspace" -v "$HOME/.aws:/root/.aws:ro" -e AWS_PROFILE=personal -w /workspace hashicorp/terraform:1.14 output
docker run --rm -v "$(pwd)/infra/aws:/workspace" -v "$HOME/.aws:/root/.aws:ro" -e AWS_PROFILE=personal -w /workspace hashicorp/terraform:1.14 output -raw <output_name>
State は S3 に保存される。初回セットアップ時のみ bootstrap が必要:
# 1. bootstrap で S3 バケットを作成(ローカル state)
docker run --rm -v "$(pwd)/infra/aws/bootstrap:/workspace" -v "$HOME/.aws:/root/.aws:ro" -e AWS_PROFILE=personal -w /workspace hashicorp/terraform:1.14 init
docker run --rm -v "$(pwd)/infra/aws/bootstrap:/workspace" -v "$HOME/.aws:/root/.aws:ro" -e AWS_PROFILE=personal -w /workspace hashicorp/terraform:1.14 apply
# 2. メインの init で S3 backend に接続
docker run --rm -v "$(pwd)/infra/aws:/workspace" -v "$HOME/.aws:/root/.aws:ro" -e AWS_PROFILE=personal -w /workspace hashicorp/terraform:1.14 init
AWS SSO login must be active before running any command that accesses AWS:
aws sso login --profile personal
The infra/ directory is organized by provider. For a new provider (e.g., GCP):
infra/gcp/ with its own Terraform files-v "$(pwd)/infra/gcp:/workspace"