How to Use Terraform Apply with -Auto-Approve Flag

The terraform apply -auto-approve command in Terraform is used to apply changes to your infrastructure without prompting for user confirmation. It is typically used in automation scripts, CI/CD pipelines, or other non-interactive environments where human approval is not possible or desired. 

Without -auto-approve, Terraform displays a proposed execution plan and waits for a yes confirmation before proceeding.

Using -auto-approve should be done cautiously, especially in production, as it applies changes immediately without a manual review.

Read more: Terraform Apply – When to Run & Quick Usage Examples

Suppose you are managing your cloud infrastructure using Terraform and want to create an S3 bucket in AWS. You’ve written a Terraform configuration file named main.tf that contains the following code:

After initializing your working directory with terraform init, you want to apply this configuration to create the S3 bucket. 

Normally, you would run terraform apply and wait for the confirmation prompt. However, since you are scripting this process or using it in an automation job, you want it to proceed without manual approval. So you run:

Terraform reads the configuration file, determines that it needs to create a new S3 bucket, and then immediately proceeds with the creation without waiting for your approval. This is especially helpful if you are deploying this infrastructure as part of a CI/CD pipeline where there’s no one available to type “yes” at the prompt. 

Once complete, Terraform outputs the result, confirming that the bucket has been created.

Imagine you are managing an EC2 instance using Terraform, and you initially provisioned it with the t2.micro instance type. 

Your original configuration might look like this:

Later on, you decide to upgrade the instance type to t3.micro to get better performance. You edit the configuration so that the instance_type value is now t3.micro. 

When you run terraform apply, Terraform will usually update the instance in place (stop → modify → start). Replacement can happen in some cases, depending on attached resources or provider/EC2 constraints.

If you run the command as terraform apply, it will first show the planned change and ask if you want to proceed. But if you run:

Terraform skips the interactive approval step and immediately applies the change using the in-place update when possible (or replacement only when required).

This kind of non-interactive behavior is ideal for environments where changes are reviewed in code via pull requests and infrastructure deployment is meant to be hands-off and fast.

The terraform apply -auto-approve command is used in Terraform to automatically apply infrastructure changes without prompting the user for confirmation. It is important to use it with care because it removes a safeguard that would otherwise prevent unintentional changes. 

Terraform is really powerful, but to achieve an end-to-end secure GitOps approach, you need to use a product that can run your Terraform workflows. Spacelift takes managing Terraform to the next level by giving you access to a powerful CI/CD workflow and unlocking features such as:

• Policies (based on Open Policy Agent)
• Multi-IaC workflows
• Self-service infrastructure
• Integrations with any third-party tools

If you want to learn more about Spacelift, create a free account today or book a demo with one of our engineers.

Note: New versions of Terraform are placed under the BUSL license, but everything created before version 1.5.x stays open-source. OpenTofu is an open-source version of Terraform that expands on Terraform’s existing concepts and offerings. It is a viable alternative to HashiCorp’s Terraform, being forked from Terraform version 1.5.6.