Terraform Backend

Complete Terraform Tutorial Part – 6 – Terraform Backends

Terraform backend is like the repository of instruction to load and run the terraform state especially when the operation like terraform applies executed. Backend is very important when you are developing the infrastructure with a big team. So, Understanding the Terraform Backend is very important. This is part 6 of the Complete Terraform Tutorial series explaining what Terraform Backend is and how to create and configure local and remote backend.

So Far,

This is Part – 6 of the Complete Terraform Tutorial Series. Before taking this, we recommend reading the previous parts

Need of the Terraform Backend

First of all, Backend is not a mandatory feature of the Terraform. But as the modern collaborated teams, we have to hand the difficulties of developing infrastructure.

Terraform Backend
Terraform Backend

Let’s see some benefits are of using Terraform Backend.

  • Team Work – By default, Terraform backend will be stored in the local machine. But if you save it in the Remote location like Terraform Cloud, AWS S3, Azurerm, GCS, Consul, and more.
  • Running Terraform at remote – When your Infrastructure size increases, you will have to run you’re terraform commands for long. Say, some terraform apply command will take hours to finish. So, if you run your command at your local, you will have to wait. So, State in the Remote backend will take care of the execution of the Terraform Command.

Terraform Backend Initialization

Terraform backend should be configured like any other configuration in the configuration file and when you run the terraform init, Backed will be created. For example, we are going to configure the AWS S3 as a Terraform backend.

terraform {
  backend "s3" {
    bucket = "terraform-s3-bucket-name"
    key    = "s3 key path"
    region = "us-west-1"

In the above configuration, AWS S3 is configured as the Terraform Backed end. And this will be effective once you run the Terraform Backend. In this, We have configured S3 bucket name as  “terraform-s3-bucket-name“, key and the region. Remember, you don’t have to specify all the parameters inside the backend. There are many ways to declare the parameters of the Backend. We can do partial Configure the Terraform Backend and get the rest of the values in different ways.

Partial Configure

As we discussed, we don’t have to configure all the parameters and values of the Backend in the Terraform Configuration file. Like,

terraform {
  backend "s3" {

Rest of the configurations can be declared in different ways.

Because, you might have to give the sensitive information like credential of the Backend you are using, and you don’t want to save it in the general Terraform configuration file. So, Terraform will ask you such sensitive information in the following ways.

Secret File

You can have the Terraform Backend Configuration in the secret file and at the time of terraforming init operation, you can mention the path of the file as the CLI parameter as mentioned below.

$ terraform init -backend-config=/path/to/terraform/backend/file

Command line Values

Another way is to pass the configuration as the CLI parameter as mentioned below.

$ terraform init \
    -backend-config="bucket=terraform-s3-bucket-name" \
    -backend-config="key=s3 key path" \

Interactive Prompt

If you are not mentioning any of the parameters in the Terraform Backend or at the time of Terraform init operation, Terraform Init will ask you the required parameters that are related to the backend you mentioned in the Terraform configuration file.

If you want to change the configuration of terraform, you can simply change the values in the Terraform Configuration and run the Terraform init command again to update the backed. But please make sure you take the backup of the terraform.tfstate file manually so that you can replace the state file at any time if the change in backend fails.

Similarly, you can remove the Terraform configuration at any time from the Terraform Configuration file and run the Terraform Init command gain to update the state file.

State Push/Pull to Backend

As the Terraform backend helps you to work as a Team, You will have to get the state configuration that is built by some other team members at any time. So, just like the Version Control System, You need to pull or push the state configuration file from the backend by using terraform CLI command for the state.

  • Terraform state pull – This will pull the state file from the terraform backend
  • Terraform state push – If you made any manual change in the Terraform state file, you can push it to the backend. But be careful as it will change the entire terraform state configuration in the remote.

But Terraform will always prompt you before you do such dangerous operations. Terraform will show you the line difference and Higher Serial (Every version of the State file will have a unique number called serial.) of the state.

This protection is because the terraform state will be in a locked state in the remote backend. As we discussed in the previous Articles of the terraform Tutorial, You can have a lock feature for the Terraform state and use -force to override the locking if state.

Backend Types

So, in simple words, Backend is like the VCS of the Terraform. But the difference is that the Terraform is doing some time-consuming operations in the workflow of Terraform. Like, for Bigger infrastructure, terraform apply will take hours to finish the task. So, It is better that Terraform Remote supports such operations run on the remote. Based on this, Terraform backends are classified into two types.

  • Enhanced Backend – Additional operations like plan, apply, etc. on remote.
  • Standard backend – Simple State file storage and lock facility

Enhanced backend

So, enhanced backed will store the Terraform state file and locking it. But also, It will perform operations like Terraform Plan, Terraform Apply, and more. Basically, We can again classify the Enhanced backed as two parts.

  • Local Backend
  • Remote backend

Local backend

As we know Local has the binary of the Terraform and it will act as the completely enhanced backed of the Terraform. You just need to configure the Terraform as follows to use the Local as the terraform backed.

terraform {
  backend "local" {
    path = "/path/to/terraform.tfstate"

Remote Backend

As of now, Only Terraform Cloud is the only available remote backend that executes the Terraform operations at the backend. You can configure the Remote Backed as follows.

terraform {
  backend "remote" {
    hostname = "app.terraform.io"
    organization = "your Org name"

    workspaces {
      name = "production"

In this you can mention the workspace of the Terraform backend so that it will use the particular Terraform state file.

Standard backend

We have many standard Backends that supports the Terraform State file storage with locking facility. Some of those are,


As we discussed, Terraform Backend is Optional. But when you are working as Team and the Execution of the Terraform Commands and growing bigger as your organization Infrastructure is also growing bigger, you need to have the Terraform Backend. In this article, we have discussed what is Terraform Backend, how to configure it, and what are a different kind of backend available. This is our sixth part of the Complete Terraform Tutorial series of DigitalVarys. In our upcoming article, we will discuss more Terraform Providers and more features as parts of our complete terraform tutorial. Stay tuned and subscribe DigitalVarys for more articles and study materials on DevOps, Agile, DevSecOps, and App Development.

Leave a Reply