Multi-Region AWS Infrastructure
Terraform modules managing VPCs, EKS clusters, RDS databases, and Lambda functions across 50+ AWS accounts with GitOps workflow via Atlantis.
Gaming Infrastructure Platform
Auto-scaling compute infrastructure for video transcoding, CDN configuration, and real-time monitoring setup serving 30M+ daily active users.
Multi-Cloud Platform
Kubernetes cluster provisioning across AWS, GCP, and on-premise with service mesh infrastructure and developer self-service tooling.
Merchant Infrastructure
Tenant isolation at scale with PCI-compliant payment infrastructure, global CDN setup, and database sharding for millions of merchants.
What Terraform Developers Actually Build
Before writing your job description, understand what Terraform work looks like at real companies. Here are examples from industry leaders:
Cloud Infrastructure at Scale
Slack uses Terraform to manage their entire AWS footprint—VPCs, EKS clusters, RDS databases, and thousands of Lambda functions across multiple regions. Their Terraform developers:
- Write modules for standardized infrastructure patterns
- Manage state across 50+ AWS accounts
- Implement drift detection and remediation
- Build self-service platforms for engineering teams
Twitch provisions gaming infrastructure with Terraform to handle 30+ million daily active users:
- Auto-scaling compute clusters for video transcoding
- CDN configuration across global edge locations
- Database provisioning with automated failover
- Real-time monitoring infrastructure
Multi-Cloud and Platform Engineering
Uber uses Terraform for their multi-cloud strategy spanning AWS, GCP, and on-premise:
- Kubernetes cluster provisioning across clouds
- Service mesh infrastructure (Envoy, Istio)
- Cross-cloud networking and security
- Developer platform self-service tools
Shopify leverages Terraform for their merchant infrastructure:
- Isolated tenant environments at scale
- PCI-compliant payment infrastructure
- Global CDN and edge computing setup
- Database sharding and replication
Terraform Skill Levels: What Each Means for Hiring
Level 1: Terraform User (Entry-Level)
Can write and apply basic configurations:
- Resource blocks (EC2, S3, VPCs, security groups)
- Variables, outputs, and locals
- Simple data sources
- Local state with terraform.tfstate
- Basic
terraform planandapplyworkflow
Hiring context: Fine for developers who occasionally provision resources. Not sufficient for dedicated infrastructure roles.
Level 2: Terraform Practitioner (Mid-Level)
Can manage infrastructure in team environments:
- Remote state backends (S3 + DynamoDB, Terraform Cloud)
- Modules for reusable components
- Workspaces for environment separation (dev/staging/prod)
- State locking and team collaboration
- Provider versioning and constraints
- Import existing infrastructure
- Troubleshoot state conflicts and drift
Hiring context: This is what "Terraform experience" typically means in job postings. Sufficient for most DevOps/Platform roles.
Level 3: Terraform Expert (Senior/Staff)
Can architect infrastructure systems at scale:
- Complex module design with composition patterns
- State management at scale (multiple backends, state migration)
- Advanced provider features and custom providers
- Infrastructure testing (Terratest, Checkov, TFLint)
- Terraform Cloud/Enterprise administration
- Policy as Code (Sentinel, OPA)
- Multi-cloud and hybrid architectures
- CI/CD pipeline design for IaC
- Cost optimization and FinOps integration
Hiring context: Senior Infrastructure/Platform Engineer territory. These developers design patterns for entire organizations.
Terraform vs. Alternatives: What Recruiters Need to Know
Understanding the IaC landscape helps you assess candidates and write accurate job descriptions.
Terraform vs. Pulumi
| Aspect | Terraform | Pulumi |
|---|---|---|
| Language | HCL (domain-specific) | Python, TypeScript, Go, Java, C# |
| Learning curve | Lower for ops folks | Lower for developers |
| State management | Mature, battle-tested | Similar, but newer |
| Community/ecosystem | Larger, more modules | Growing, modern feel |
| Best for | Standard infrastructure | Complex programmatic logic |
Recruiter insight: Pulumi skills transfer well to Terraform and vice versa. If a candidate knows Pulumi deeply, they can learn Terraform's HCL syntax quickly. The infrastructure concepts are identical.
Terraform vs. CloudFormation (AWS)
| Aspect | Terraform | CloudFormation |
|---|---|---|
| Cloud support | Multi-cloud (AWS, Azure, GCP, etc.) | AWS only |
| Syntax | HCL (readable) | JSON/YAML (verbose) |
| State | Explicit, portable | Managed by AWS |
| Ecosystem | 3,000+ providers | AWS services only |
| Best for | Multi-cloud, hybrid | AWS-only shops |
Recruiter insight: CloudFormation experience is valuable for AWS-focused roles, but Terraform skills are more portable. Many companies use both.
Terraform vs. Ansible
They serve different purposes and often work together:
- Terraform: Provisions infrastructure (creates servers, networks, databases)
- Ansible: Configures infrastructure (installs software, manages configs)
Recruiter insight: Don't treat them as alternatives. Senior infrastructure engineers often know both. Terraform creates the servers; Ansible configures them.
Modern Terraform Practices (2024-2026)
Terraform Cloud and Enterprise
HashiCorp's managed platform is becoming standard for enterprise teams:
- Remote state management with encryption and versioning
- Team collaboration with role-based access control
- Policy as Code via Sentinel for compliance enforcement
- Cost estimation before applying changes
- Private module registry for organizational standards
- Run history and audit logs for compliance
Growing adoption: Teams that used S3 + DynamoDB for state are migrating to Terraform Cloud for governance features.
GitOps and Atlantis
Infrastructure changes through pull requests:
- Atlantis automatically runs
terraform planon PRs - Reviewers see infrastructure changes before approval
terraform applyruns on merge- Full audit trail in Git history
Companies using this: Slack, Twitch, many startups. It's becoming the standard workflow.
Infrastructure Testing
Testing infrastructure code is no longer optional:
- Terratest: Go-based integration testing (Gruntwork)
- Checkov: Security scanning and compliance checks
- TFLint: Linting for best practices and errors
- Infracost: Cost estimation and budgeting
- tfsec: Security-focused static analysis
Interview signal: Candidates who mention testing show maturity. Ask: "How do you test your Terraform code before deploying to production?"
Policy as Code
Enforcing standards programmatically:
- Sentinel: HashiCorp's policy language (requires Terraform Cloud/Enterprise)
- OPA (Open Policy Agent): Open-source alternative, works with Conftest
- Checkov: Security policies out of the box
Example policies: "All S3 buckets must have encryption enabled," "No security groups allowing 0.0.0.0/0 on SSH."
Recruiter's Cheat Sheet: Terraform Edition
Technical Terms Decoded
| Term | What It Means | Why It Matters |
|---|---|---|
| State file | Terraform's record of what infrastructure exists | Corruption = disaster. Ask how they handle state. |
| Provider | Plugin connecting Terraform to AWS, Azure, etc. | Shows breadth—AWS-only vs. multi-cloud |
| Module | Reusable Terraform configuration | Module design = architecture skills |
| Remote backend | State stored in S3, Terraform Cloud, etc. | Essential for teams. Local state = solo work only |
| State locking | Prevents two people from applying simultaneously | Missing = production incidents waiting to happen |
| Workspace | Isolated state for different environments | One way to handle dev/staging/prod |
| Drift | Infrastructure changed outside Terraform | Detection and remediation is key skill |
| Plan vs. Apply | Preview changes vs. execute them | Always plan first. Apply without plan = dangerous |
Resume Green Flags
✅ Strong signals:
- Specific scale: "Managed 1,000+ AWS resources across 30 accounts via Terraform"
- Module development: "Built reusable VPC module used by 15 teams"
- State management experience: "Migrated from local to Terraform Cloud for team"
- Multi-environment: "Managed dev/staging/prod with workspaces"
- CI/CD integration: "Built Atlantis workflow for PR-based infrastructure changes"
- Testing: "Implemented Terratest and Checkov in CI pipeline"
- Cost awareness: "Reduced cloud spend 25% through Terraform refactoring"
Resume Red Flags
🚫 Be skeptical of:
- "Expert in Terraform" with only tutorial projects
- No mention of state management or team collaboration
- Lists Terraform without specific infrastructure managed
- "5+ years Terraform experience" (Terraform 0.12, the modern version, released 2019)
- Only local state experience—never worked on a team
- No cloud provider depth (Terraform alone isn't useful)
Conversation Starters That Reveal Skill Level
| Question | Junior Answer | Senior Answer |
|---|---|---|
| "How do you handle state?" | "terraform.tfstate in the repo" | "S3 backend with DynamoDB locking, separate state per environment" |
| "Tell me about your modules" | "I use modules from the registry" | "I designed a VPC module with composition patterns used across 20 projects" |
| "What happens if two people terraform apply?" | Confused or uncertain | "State locking prevents it. We use DynamoDB/TF Cloud locking" |
| "How do you test Terraform?" | "I run terraform plan" | "Terratest for integration tests, Checkov for security, TFLint in pre-commit" |
Common Hiring Mistakes
1. Testing for Syntax, Not Architecture
Anyone can learn HCL syntax in a week. The real skill is designing infrastructure patterns.
Better approach: Ask them to design a module. "How would you structure Terraform for a web application with a database, cache, and CDN?" Their approach reveals architecture thinking.
2. Ignoring State Management
State management is where Terraform gets complicated. Candidates who only know local state aren't ready for production teams.
What to ask: "Walk me through your state management setup. How do you handle state for multiple environments? What happens if state gets corrupted?"
3. Assuming Cloud Provider Expertise
Terraform is cloud-agnostic, but you still need cloud knowledge. A Terraform expert who doesn't understand AWS networking can't design good VPC modules.
What to verify: If hiring for AWS infrastructure, they need AWS depth. Terraform syntax without cloud understanding = liability.
4. Overlooking the Provider Ecosystem
Terraform manages more than cloud resources—GitHub repos, Datadog monitors, PagerDuty schedules. Candidates who've used diverse providers often have broader infrastructure thinking.
What to ask: "What providers have you used besides AWS/Azure/GCP?"
5. Forgetting About Lifecycle Management
Terraform isn't just about creating resources. Updates, rollbacks, and safe destruction are equally important.
What to ask: "Tell me about a time you had to rollback a Terraform change in production. What happened and how did you handle it?"
Why Terraform Roles Are Usually Combined
Unlike React or Python, "Terraform Engineer" is rarely a standalone job title. Terraform is a tool used by:
- DevOps Engineers — Terraform + CI/CD + monitoring
- Platform Engineers — Terraform + Kubernetes + developer tooling
- Cloud Engineers — Terraform + specific cloud provider (AWS/Azure/GCP)
- Infrastructure Engineers — Terraform + networking + security
- SRE — Terraform + observability + incident response
What this means for hiring: Don't post "Terraform Engineer" as a job title. Post "DevOps Engineer" or "Platform Engineer" with Terraform as a key skill. The JD template below reflects this reality.