Terraform 1.14: Query, Import, Act — What’s New and Why It Matters

Terraform 1.14, released on November 19, 2025, focuses on problems that teams face every day. It helps you find existing infrastructure, bring it under Terraform, and run safe operational tasks around resource lifecycles.

If you manage brownfield setups or large organizations, this release will matter to you. Terraform is moving from "declare the desired state" to "discover, import, and operate your real environment."

1. Query Existing Infrastructure with tfquery

A major change in Terraform 1.14 is the new ability to query live infrastructure.

You define list resources in *.tfquery.hcl files. These files describe how to find existing resources, such as:

• List EC2 instances with these tags
• List CloudFront distributions for these domains
• List all storage buckets in this account

Running terraform query executes those definitions and returns real resources. Terraform can then generate configuration and import blocks for everything it discovers.

This gives you:

• No more copying IDs from the console
• A way to start from your current cloud estate instead of writing everything from scratch
• A fast path to manage brownfield environments as code

It turns a manual import process into a guided workflow

2. Smarter Imports with GenerateResourceConfiguration

Terraform 1.14 adds a new provider RPC called GenerateResourceConfiguration.

Today, when you import a resource, Terraform fetches the remote state, but you still have to guess the right HCL. This RPC lets providers produce suggested configuration during import.

Benefits:

• Providers can prefill fields with real values
• You avoid guessing required arguments
• Imported config matches the real resource more closely

Combined with terraform query, the flow becomes: discover → generate config → import → refine → manage as code.

3. Terraform Actions: Simple Day-2 Operations in HCL

Terraform now supports actions, which are provider-defined operations that sit outside the usual CRUD model.

Examples include:

• Running a Lambda function
• Triggering a CloudFront invalidation
• Starting or stopping compute
• Triggering jobs in external systems

You define an action block, set its inputs, and then:

• Trigger it automatically using action_trigger in a resource lifecycle
• Or trigger it manually with -invoke during a run

Terraform also reports how many actions ran in each apply.

Terraform now manages not only resources but also the small operational tasks around them – in a versioned and reviewable way.

4. Better Testing and CLI Experience

Terraform 1.14 adds several changes that improve day-to-day use:

Testing

• terraform test now shows expected diagnostics in verbose mode. This helps when writing tests that assert warnings or errors.
• prevent_destroy is ignored during test cleanup, so test runs do not fail due to production safety rules.

CLI

• terraform validate -query validates .tfquery.hcl files without running live queries.
• terraform stacks -help now works, making the stacks interface easier to explore.

These changes are small but reduce friction in pipelines and test suites.

5. Platform and Backend Fixes

Terraform 1.14 also improves stability in real environments:

• terraform import on Terraform Cloud/Enterprise now loads all workspace variables, including inherited ones.
• Backend proxy support is fixed for teams behind corporate proxies.
• Query operations now generate unique identifiers for expanded list resources and handle missing schemas more cleanly.
• Support for the AWS European Sovereign Cloud has been added.

These fixes reduce edge-case failures and improve predictability

6. Upgrade Notes You Should Not Ignore

A few changes may impact your workflow:

Reduced parallelism in containers

Terraform now honors CPU bandwidth limits in containers. In CI pipelines with strict quotas, plan and apply may run slower. Test your workloads and adjust -parallelism or runner sizing if needed.

macOS build requirements

Building Terraform from source now requires macOS Monterey or later. Teams with older macOS versions will need to update their build hosts.

These changes are not blockers but may cause surprise slowdowns if missed.

7. Experimental Features Worth Watching

Terraform 1.14 includes experiments in alpha builds that hint at future direction.

Deferred actions

Enabled with terraform plan -allow-deferral, this allows count and for_each to take unknown values in modules, resources, and data sources.

Test features

• terraform test cleanup removes leftover local state from failed test runs
• backend blocks can be used in run blocks to persist long-running infra across tests
• skip_cleanup lets you keep state files for inspection

These are not production ready, but useful for advanced workflows in isolated environments.

8. How to Adopt Terraform 1.14 Safely

You can roll out Terraform 1.14 in steps:

1. Start with terraform query in read-only mode.
   Test your *.tfquery.hcl definitions in non-production accounts.
2. Pilot Actions in low-risk areas.
   Begin with safe tasks like cache invalidations or notifications.
3. Use GenerateResourceConfiguration for targeted imports.
   Apply it to one service or account at a time.
4. Monitor performance in containerized CI.
   Adjust parallelism and runner limits if plans run slower.
5. Update runbooks and review rules.
   Actions introduce new side effects. Make sure reviewers understand them.

This gives your team the benefits of Terraform 1.14 while keeping risk low.