Shreya Gupta's Blog

Day 4 - Terraform State Management

Day 4 - Terraform State Management

Day 4 of TerraWeek

Shreya Gupta's photo
Shreya Gupta
Β·

7 min read

Table of contents

Task 1

Research the importance of Terraform state in managing infrastructure. Share your findings on how Terraform state helps track the current state of resources.

πŸ›‘ Terraform State

Terraform is a stateful application. This means that it keeps track of everything it builds in your cloud environments so that if you need to change something or delete something later, Terraform will know what it built, and it can go back and make those changes for you.

That state is stored in a state file. The terraform state file, by default, is named terraform.tfstate and is held in the same directory where Terraform is run. It is created after running terraform apply.

This State File contains full details of resources in our terraform code. When you modify something on your code and apply it on the cloud, terraform will look into the state file, and compare the changes made in the code from that state file and the changes to the infrastructure based on the state file.

Terraform State File is written in simply readable language β€œJSON”.

πŸ›‘ The benefits of using a Terraform state

Idempotence

Whenever a Terraform configuration is applied, Terraform checks if there is an actual change made. Only the resources that are changed will be updated.

Reducing dependencies

Terraform maintains a list of dependencies in the state file so that it can properly deal with dependencies that no longer exist in the current configuration.

Performance

Terraform can be told to skip the refresh even when a configuration change is made. Only a particular resource can be refreshed without triggering a full refresh of the state, hence improving performance.

Collaboration

The state keeps track of the version of an applied configuration, and it's stored in a remote, shared location. So collaboration is easily done without overwriting.

Auditing

Invalid access can be identified by enabling logging.

Safer storage

Storing the state on the remote server helps prevent sensitive information.Β 

Consistency and Predictability

Terraform state helps ensure consistency and predictability in the management of infrastructure resources.

Scalability and Automation

Terraform state can be managed automatically through the use of remote backends or infrastructure-as-code platforms like Terraform Cloud.

Task 2

Understand the different methods of storing the state file (local or remote). Create a simple Terraform configuration file and initialize it to generate a local state file and provide the Terraform state command and mention its purpose. Check the usage of terraform state command.

πŸ›‘ Where to store Terraform state?

There are several options for storing Terraform state, including local storage, remote storage, and Terraform Cloud.

Local Storage

By default, Terraform stores the state locally in a file called terraform.tfstate. This file is created in the same directory as your Terraform configuration files. While local storage is the simplest option, it is not recommended for production use, as it can be lost or corrupted if your local machine fails.

Remote Storage

Remote storage is a more secure and scalable option for storing Terraform state. Remote storage options include Amazon S3, Google Cloud Storage, and Azure Blob Storage. These services provide secure and durable storage for your Terraform state and can be configured to automatically back up your state file.

πŸ›‘ Terraform configuration file

  • Created a simple terraform configuration file.

  • Run terraform init to initialize Terraform.

  • Upon successful initialization and application, Terraform creates a local state file named terraform.tfstate. This file contains information about the resources managed by Terraform.

πŸ›‘ Usage of Terraform state commands

  • Inspecting State:

    • terraform state list: Lists all the resources tracked in the state file.

    • terraform state show <resource_address>: Shows detailed information about a specific resource in the state, including its attributes and dependencies.

  • Modifying State:

    • terraform state mv <resource_address> <new_resource_address>: Moves a resource to a new address in the state file. This is useful when refactoring or restructuring your infrastructure.

    • terraform state rm <resource_address>: Removes a resource from the state file. Use with caution, as it can cause the resource to be destroyed during the next terraform apply operation.

  • Managing Outputs:

    • terraform state pull: Retrieves and outputs the current state in JSON format. Useful for scripting and automation.

    • terraform state replace-provider <old_provider> <new_provider>: Replaces one provider with another in the state file. This is helpful when migrating between different provider versions or providers with different names.

  • State Backends:

    • terraform state push: Pushes the local state to the configured remote state backend, ensuring it is up to date.

Task 3

Explore remote state management options such as Terraform Cloud, AWS S3, Azure Storage Account or HashiCorp Consul. Choose one remote state management option and research its setup and configuration process.

πŸ›‘ Remote State

Terraform provides us with a remote state feature called backends. This allows us to have an updated state file with every iteration or execution.

Terraform supports various remote storage backends for securely storing the state file. Some popular options include:

  • Amazon S3: You can use Amazon S3 (Simple Storage Service) as a remote storage backend for the Terraform state file. S3 provides durability, scalability, and access control features. It is a widely used option for storing Terraform state files in AWS environments.

      terraform {
    backend "s3" {
      bucket = "my-terraform-state"
      key    = "terraform.tfstate"
      region = "us-east-1"
    }
  }

  resource "aws_s3_bucket" "example" {
    bucket = "my-example-bucket"
    acl    = "private"
  }

  • Azure Blob Storage: Azure Blob Storage is a remote storage service provided by Microsoft Azure. It offers secure and scalable storage for the Terraform state file in Azure environments.

      terraform {
    backend "azurerm" {
      storage_account_name = "<storage-account-name>"
      container_name       = "<container-name>"
      key                  = "<state-file-name>"
      access_key           = "<access-key>"
    }
  }

  • Google Cloud Storage: Google Cloud Storage is a remote storage solution provided by Google Cloud Platform (GCP). It provides durable and highly available storage for the Terraform state file in GCP environments.

      terraform {
    backend "gcs" {
      bucket  = "<bucket-name>"
      prefix  = "<prefix>"
      credentials = "<path-to-key-file>"
    }
  }

  • HashiCorp Consul: Consul is a distributed service mesh and a key-value store. It can be used as a remote storage backend for the Terraform state file. Consul offers features like high availability and distributed storage for state management.

      terraform {
    backend "consul" {
      address = "<consul-address>"
      path    = "<state-key-path>"
    }
  }

  • Terraform Cloud: Terraform Cloud is a fully managed service provided by HashiCorp. It offers a remote state storage feature with additional collaboration and workflow management capabilities.

      terraform {
    backend "remote" {
      organization = "my-org"
      workspaces {
        name = "my-workspace"
      }
    }
  }

Let's dive into the setup and configuration process for using AWS S3 as a remote state management option for Terraform.

πŸ›‘ Setup and Configuration Process for AWS S3 as a Remote Backend

  1. Create an S3 Bucket:

    • Sign in to the AWS Management Console and navigate to the Amazon S3 service.

    • Click on "Create bucket" to create a new S3 bucket.

    • Provide a globally unique name for the bucket, choose the desired region, and configure any other relevant settings. Click on "Create" to create the bucket.

  2. Configure AWS CLI Credentials:

    • Set up AWS CLI credentials on your local machine to enable Terraform to access your AWS account.

    • Install the AWS CLI tool and configure it with your AWS access key ID and secret access key. You can use the aws configure command to set up the credentials.

  3. Configure the Terraform Backend:

    • In your Terraform configuration file main.tf, specify the remote backend configuration to use AWS S3.

        terraform {
    backend "s3" {
      bucket         = "<bucket-name>"
      key            = "<state-file-name>"
      region         = "<region>"
    }
  }

  4. Initialize Terraform:

    • Open your command-line interface and navigate to the directory containing your Terraform configuration files.

    • Run terraform init to initialize Terraform and configure the backend to use AWS S3.

    • When running Terraform commands like terraform plan and terraform apply, the state file will be stored in AWS S3.

Task 4

Modify your Terraform configuration file to store the state remotely using the chosen remote state management option. Include the necessary backend configuration block in your Terraform configuration file.

  • Firstly, create an S3 bucket to store state files remotely.

  • To store the state remotely let's modify the Terraform configuration file main.tf to use AWS S3 as the remote backend.

  • Run the terraform init command to initialize Terraform and configure the backend to use AWS S3

  • Run Terraform commands such as terraform plan and terraform apply, the state will be stored in AWS S3, enabling remote state management and collaboration.

  • Let's check the bucket, state file is there.

Thank you for reading!!
~Shreya Gupta

https://github.com/shreeegupta/terraweek-challenge

Great initiative by the #trainwithshubham community. Thank you Shubham Londhe

#devops #terraweek #terraform #terraformstatemanagement

DevopsDevops articlesTerraweekchallengeTerraweek
Β