Terraform apply failure alerts to your phone

Q: How do I get alerts when terraform apply fails?

Run terraform apply and check the exit code. If it is non-zero, pipe the error summary to nerve send. Store the NERVE_DSN as an environment variable or CI secret.

Q: Does Nerve work with Terraform Cloud or Atlantis?

Nerve works anywhere you can run a shell command after terraform. For Terraform Cloud, use a run task or webhook bridge. For Atlantis, add nerve send to the post-apply workflow.

Why Nerve for Terraform

A failed terraform apply can leave your infrastructure in a partial state. Most teams find out from a Slack channel minutes later. Nerve sends an encrypted push to your phone the moment the command exits non-zero — with just enough context to act.

Basic wrapper

Wrap your apply with exit code checking.

#!/bin/bash
set -euo pipefail
export NERVE_DSN="nerve://TOKEN:[email protected]"

cd /opt/infra/production

if terraform apply -auto-approve 2>&1 | tee /tmp/tf-output.log; then
  echo "terraform apply succeeded: production" | nerve send
else
  tail -20 /tmp/tf-output.log | nerve send --severity critical
fi

GitHub Actions + Terraform

- name: Terraform Apply
  id: apply
  run: terraform apply -auto-approve tfplan
  continue-on-error: true

- name: Notify Nerve
  if: steps.apply.outcome == 'failure'
  env:
    NERVE_DSN: ${{ secrets.NERVE_DSN }}
  run: |
    echo "terraform apply FAILED: ${{ github.repository }} (${{ github.ref_name }})" \
      | nerve send --severity critical

GitLab CI + Terraform

apply:
  stage: deploy
  script:
    - terraform apply -auto-approve tfplan
  after_script:
    - |
      if [ "$CI_JOB_STATUS" = "failed" ]; then
        echo "terraform apply FAILED: $CI_PROJECT_NAME" | nerve send --severity critical
      fi
  variables:
    NERVE_DSN: $NERVE_DSN

Plan drift detection

Run terraform plan on a schedule and alert when drift is detected.

# Run nightly to catch drift
terraform plan -detailed-exitcode -out=tfplan 2>&1 | tee /tmp/tf-plan.log
EXIT=$?

if [ $EXIT -eq 2 ]; then
  echo "Terraform drift detected in production" | nerve send --severity alert
elif [ $EXIT -ne 0 ]; then
  tail -15 /tmp/tf-plan.log | nerve send --severity critical
fi

Atlantis post-apply hook

# repos.yaml
repos:
  - id: /.*/
    post_workflow_hooks:
      - run: |
          if [ "$PULL_STATUS" = "error" ]; then
            echo "Atlantis apply failed: $REPO_REL_DIR" | nerve send --severity critical
          fi

What not to send

Never include raw Terraform state or plan output in a push notification. Send the workspace name, exit status, and a link to the CI run. Nerve encrypts the payload, but keeping signals lean is good hygiene.

Quick start

go install github.com/nerve-ink/nerve-cli/cmd/nerve@latest
export NERVE_DSN="nerve://TOKEN:[email protected]"
echo "terraform apply failed: production" | nerve send --severity critical

FAQ

How do I get alerts when terraform apply fails?

Check the exit code after terraform apply. If non-zero, pipe a summary to nerve send. Store the DSN as a CI secret or environment variable.

Does Nerve work with Terraform Cloud or Atlantis?

For Terraform Cloud, use a run task or webhook bridge. For Atlantis, add nerve send to the post-apply workflow hook.

Is my Terraform state data encrypted?

Nerve encrypts the signal payload before it leaves your machine. But never include raw state output in the alert — send a short summary instead.

Terraform apply failure alerts to your phone.