When working with Terraform, especially in team environments or CI/CD pipelines, knowing exactly which provider versions you're using is crucial for reproducibility and debugging. Let me share several reliable methods to discover this information.
The most straightforward approach is using the terraform providers command introduced in Terraform 0.12:
$ terraform providers
Providers required by configuration:
.
├── provider[registry.terraform.io/hashicorp/aws] ~> 3.0
└── provider[registry.terraform.io/hashicorp/random] 3.1.0
Providers required by state:
provider[registry.terraform.io/hashicorp/aws]
provider[registry.terraform.io/hashicorp/random]
Terraform 0.14+ introduced dependency lock files (.terraform.lock.hcl) which explicitly record provider versions:
# .terraform.lock.hcl
provider "registry.terraform.io/hashicorp/aws" {
version = "3.74.0"
constraints = "~> 3.0"
hashes = [
"h1:YNOblHBUf+XTjGTfIIsAMGp4weXB+tmQrMPCrJkmPcQ=",
"zh:00767509c13c0d1c7ad6af702c6942e6572aa6d529b40a00baacc0031a387cc7",
]
}
For older Terraform versions (pre-0.12), you can examine the .terraform/plugins directory structure:
$ find .terraform/plugins -name "*aws*" -exec basename {} \;
terraform-provider-aws_v3.74.0_x5
Terraform 1.0.0+ provides machine-readable output for version information:
$ terraform version -json
{
"terraform_version": "1.1.7",
"provider_selections": {
"registry.terraform.io/hashicorp/aws": "3.74.0",
"registry.terraform.io/hashicorp/random": "3.1.0"
},
...
}
When working with complex setups involving multiple workspaces, consider this script to extract all provider versions across environments:
#!/bin/bash
for dir in */; do
if [ -f "$dir/.terraform.lock.hcl" ]; then
echo "Workspace: $dir"
grep -A 2 'provider "registry.terraform.io' "$dir/.terraform.lock.hcl" | \
awk '/provider/ {print $2} /version/ {print $0}'
echo "-------------------"
fi
done
Based on my experience managing large Terraform deployments:
- Always pin provider versions in your configuration using version constraints
- Commit the
.terraform.lock.hclfile to version control - Regularly update providers using
terraform init -upgrade - Consider using provider mirrors in enterprise environments
When working with Terraform, especially in collaborative environments or CI/CD pipelines, knowing exact provider versions is crucial for reproducibility. While Terraform keeps provider binaries in the .terraform/plugins directory, there are more reliable ways to check versions than parsing filenames.
For your specific version (v0.10.7), you can use:
terraform providers
This will list all providers with their source locations. While it doesn't show versions directly, it gives you the registry path where versions are specified.
Newer Terraform versions provide better tools:
terraform version
This shows both Terraform core version and all provider versions. For detailed provider info:
terraform providers schema -json
Terraform maintains version information in the dependency lock file:
cat .terraform.lock.hcl
Example output:
provider "registry.terraform.io/hashicorp/aws" {
version = "4.12.1"
constraints = ">= 3.63.0, >= 3.72.0"
hashes = [
"h1:5lpnVUgX62Lefftr121+18fRlGZ9+2p7ANW2FQALZ6k=",
"zh:2b432dc3bf3e070d0d9e2f0f3530c0e1c9bcffb2b1e1e7d4a5e0c1ff9da421b",
...
]
}
For automation scenarios, you can parse the state file:
terraform show -json | jq '.values.root_module.provider_config'
Or using the terraform-config-inspect tool:
terraform-config-inspect --json . | jq '.required_providers'
Always specify provider versions in your configuration:
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 4.12"
}
}
}
This ensures consistent behavior across different environments and makes version tracking explicit.