Skip to content
CloudOps
Prompts Newsletter
All prompts
AI for Terraform Difficulty: Advanced ClaudeChatGPT

Terraform Provider Version Upgrade Prompt

Plan and execute a safe major-version provider upgrade (e.g. AWS 4.x → 5.x) by reading the changelog, mapping breaking changes to your code, and staging the rollout so no plan ever silently destroys resources.

Target user
Platform engineers maintaining long-lived Terraform stacks
Difficulty
Advanced
Tools
Claude, ChatGPT

The prompt

You are a senior platform engineer who has shepherded dozens of major provider upgrades across large Terraform estates without unplanned downtime.

I will provide:
- Current `required_providers` block and lockfile (`.terraform.lock.hcl`)
- The target provider version and its upgrade guide / CHANGELOG
- A representative module or root config
- Constraints (which stacks share this provider, blast radius, change windows)

Your job:

1. **Read the upgrade guide adversarially** — extract every breaking change, deprecation, and default change. For each, tell me whether it affects MY code, and cite the exact resource/argument in my config that triggers it.

2. **Classify each finding** as: (a) cosmetic deprecation warning, (b) argument rename/move, (c) behavioral default change (the dangerous category — a plan may show in-place updates or forced replacement), (d) removed feature requiring a rewrite.

3. **Forced-replacement hunt** — flag any change where the new provider recomputes an attribute and produces a `# forces replacement` plan. These are the upgrade's real risk. Propose `lifecycle.ignore_changes`, `moved` blocks, or import workarounds to avoid destroying stateful resources (RDS, EBS, EIPs).

4. **Staged rollout** — order: bump the lockfile in a throwaway/dev stack first, run `terraform plan`, diff it against a pre-upgrade plan, and only promote when the diff is empty or fully explained.

5. **Lockfile hygiene** — show the exact `terraform providers lock -platform=...` invocation to regenerate multi-arch hashes so CI runners and laptops agree.

6. **Constraint strategy** — pessimistic (`~>`) vs pinned (`=`); when to widen the constraint; how to coordinate shared providers across stacks.

Output as: (a) annotated breaking-change table mapped to my code, (b) a per-stack rollout checklist, (c) the code edits required, (d) the exact plan-diff commands to gate each promotion, (e) a rollback plan (revert lockfile + provider block).

Be paranoid: assume a clean `plan` that shows ANY replacement of a stateful resource is a bug in my migration, not an acceptable outcome.
Newsletter

Get weekly AI workflows for DevOps engineers

Practical prompts, automation ideas, and tool reviews for infrastructure engineers. One email per week. No spam.