As part of or Complete Terraform Tutorial, this is Part – 4 explaining about Terraform State. Terraform will store the record of the infrastructure created right after the terraform apply command. This will be stored in the file called terraform.tfstate
. Challenge with the Infrastructure as code is when you have bigger infrastructure created by itself, change versions and workflow, It is very difficult to inform back the workspace where you run the Infrastructure As Code. Hence, this Terraform State will help you to get the updated state of infrastructure with you. In this article, we will see what Terraform State and Workspace is.
Table of Contents
So Far!
This is Part – 4 of the Complete Terraform Tutorial Series. Before taking this, We recommend you to take a look at the Part -3, Part -2 and Part -1
Complete Terraform Tutorial Part – 3 – Terraform CLI
Detailed explanation on Complete Terraform CLI and the various options of it
Importance of Terraform State
For the fundamental basic usage of Terraform, state is not needed. But for the following important factors, we need the Terraform State
- Resource Mapping
- Metadata
- Remote State with Locking
- Cache mechanism.
Resource mapping
As we know the Terraform configuration file can create real-world infrastructure. So, we need a kind of mapping between real-world infrastructure and Terraform configuration. If you have a provider that is not having a proper tag name, a terraform state will be very useful as it has its own naming conventions to map the resources of real-world providers.
Metadata
When you work with multiple resources, you will have to record all the dependency on the proper order. For example, when you create a subnet and after that servers, you should not delete the servers before the subnet. So, it is very important to know the dependency order. Hence Terraform State will store the metadata of dependency and order of the dependent resource.
Remote State with Locking
Now Infrastructure as Code (IaC) is in practice like normal development. So, Developing the IaC as a team is highly required. But Hence we deploy directly on the infrastructure, only one person at a time can be doing the Terraform. So, Terraform State will have the state of infrastructure and this can be shared among the developers so that the same state can be used by everyone. This feature can be achieved by using Remote State.
Cache Mechanism
Just like the browser, Terraform will store some attribute values in the cache in order to improve the performance. Because, for Bigger infrastructure, it is very difficult to query all the resources and dependent resources to get the attribute values. Hence, Terraform Store helps to store the attribute values of the resources in the cache to quickly query the attributes of resources.
Importing the Infrastructure
With the help of Terraform State, we can Import the existing Infrastructure. So, we can get the Infrastructure under Terraform’s management. However, this will create only the state file but not the Terraform Configuration file. In order to get the existing Infrastructure completely under Terraform, you need to write resource in the configuration file manually.
resource " aws_instance" "demo" { ….. … }
Here, ‘aws_instance’ is the resource name and demo is the local name for the same. Hence you can now run the import command to get the attribute data to the local workspace.
$ terraform import aws_instance.demo i-b3c65da4
In the above command, i-b3c65da4
is the instance name from AWS and this is the resource we need to import and get the attributes and metadata of this resource. Eventually, this will be stored in the terraform.tfstate
file in the root directory of the project.
Import functionality can be used in many more complex situations. We will discuss those situations as case studies in our upcoming article.
Workspace
Terraform workspace is the place where persistent data stored like Terraform State and more. By default, Terraform will have only one workspace which is called ‘default
’. The default workspace will have only one State which will map the resources mentioned in the configuration file in the same workspace.
Terraform CLI has a command to manage the Workspace. Though we discussed it already in our previous article, we will see some basic Terraform Workspace operations.
$ terraform workspace new personal Created and switched to workspace "personal"! You're now on a new, empty workspace. Workspaces isolate their state, so if you run "terraform plan" Terraform will not see any existing state for this configuration.
As the command describes, once you create a new workspace, you will have a new environment and it will have its own isolated Terraform state and its associated configurations.
Multiple Workspace
Practically, Multiple workspaces are to create multiple Infrastructure so that developer can test their infrastructure before they run complex infrastructure as code into production Infrastructure. So, Like in the Normal version control branching, we have a master branch and feature branches. Similarly, we have default workspace as Master and other non-default workspaces as feature branches in Terraform.
Remote State
As we discussed, terraform.tfstate is the local file that is available for the local machine. But, when you work as a team, Terraform state can be shared as Remote State. This is like Version Control and the Remote state can be stored in Terraform Cloud, Consul, Amazon S3, and more.
So, The delegation of work made easy by enabling the feature of Remote State. You can split the work of infrastructure as an example, Database Resource as one part, Web server resources as one part, and Network Subnet resources as another part and each part can be delegated to the different team members to get the work done simultaneously.
State Locking
Terraform State will be locked automatically for writing state. As we already mentioned, For working as a team, State Locking is very important to avoid updating state file from the backend (Will be discussed later). However, we can force unlock the Terraform state by using the following command.
$ terraform force-unlock -help Usage: terraform force-unlock LOCK_ID [DIR] Manually unlock the state for the defined configuration. This will not modify your infrastructure. This command removes the lock on the state for the current configuration. The behavior of this lock is dependent on the backend being used. Local state files cannot be unlocked by another process. Options: -force Don't ask for input for unlock confirmation.
Conclusion
In this article, we discussed Terraform State and the different parts and features of it. This is out forth part of the Complete Terraform Tutorial series of DigitalVarys. In our upcoming article, we will discuss more Terraform Providers, Modules, and more features as parts of our complete terraform tutorial. Stay tuned and subscribe DigitalVarys for more articles and study materials on DevOps, Agile, DevSecOps, and App Development.
Experienced DevSecOps Practitioner, Tech Blogger, Expertise in Designing Solutions in Public and Private Cloud. Opensource Community Contributor.