Terraform is a convergence-based, push-model "infrastructure as code" (IaC) tool that uses a declarative programming language (HCL) to describe the desired state of the infrastructure. The systems that Terraform manages are in general mutable, meaning that you manage their configuration over their entire lifecycle instead of rebuilding them from scratch on every configuration change, like you'd do with Docker containers, for example.
All these terms are explained in our Understanding infrastructure as code article which is highly recommended if don't already have a moderate amount of IaC experience.
Terraform uses HCL code to determine the desired state of the infrastructure. When Terraform creates a new resource it adds its details (type, unique identifier, parameters) to a record called Terraform state file. A resource can be a cloud VM, a virtual routing table, a database user, or something else.
The Terraform state file is essentially a translation table between resources defined in HCL code and the actual resources stored in the system managed by Terraform.
When Terraform runs it
This process is shown in this diagram:
Terraform uses providers (plugins) to query and modify resources. The provider's responsibility is to translate HCL code into commands understood by the system Terraform manages. Most providers rely on API calls to do queries and modifications.
Terraform uses the push model to make changes because it has little choice: most of the things it manages (e.g. public Cloud and SaaS services) are only accessible via APIs and installation of an agent that could pull configurations is impossible.
Pretty much anything that has API can be managed by Terraform, for example:
Terraform is not suitable for managing the configuration of computer systems at the operating system level. For example, installation of applications, setting up configuration files and managing system services is outside its scope. For those tasks other configuration management tools like Puppet, Ansible or Chef are much more suitable. That said, this seemingly clear distinction is blurred by two things:
In the recent years IT infrastructure has become increasingly complex and fragmented. Organizations often have on-premise hardware, virtual machines in private or public Cloud, SaaS service subscriptions and maybe even containers running some workloads.
The core strength of Terraform is its ability to manage and glue together this diversity with its huge number of providers. This allows it to act as a bridge between Clouds, SaaS services, network devices and local applications. For example you can use Terraform to create a user to multiple places in one go, or to create a VM or a load balancer in one Cloud and then add a DNS record for it in another Cloud.