Open In App

Terraform State File

Last Updated : 19 Sep, 2023
Improve
Improve
Like Article
Like
Save
Share
Report

Terraform automates the provisioning and administration of infrastructure resources of cloud a well-liked infrastructure-as-code solution. It applies configurations to your infrastructure and manages your infrastructure resources using a variety of commands. It employs configuration files defined in the HashiCorp Configuration Language (HCL) to specify the desired state of your infrastructure.

Terraform State

Terraform must store the state of your managed infrastructure and configuration. Terraform uses this state to map real-world resources to your configuration, track information, and boost efficiency for huge infrastructures. This state is stored by default in a local file named “terraform.tfstate”.

Terraform uses the state to decide which infrastructure changes to make. Terraform does a refresh before any operation to update the state with the actual infrastructure. Bindings between resources declared in your configuration and objects in a remote system are mostly stored in the Terraform state. When Terraform generates a remote object in reaction to a configuration change, it records the identification of that remote object against a specific resource instance. Later, in response to subsequent configuration changes, Terraform may update or delete that object.

Structure of a Terraform state file

Terraform state files contain each and every detail of any resources along with their current status whether it is “ACTIVE”, “DELETED” or “PROVISIONING” etc.

here is a sample example of a compartment resources state file –

"module": "module.compartments",
      "mode": "managed",
      "type": "oci_identity_compartment",
      "name": "test_compartment",
      "provider": "provider[\"registry.terraform.io/hashicorp/oci\"]",
      "instances": [
        {
          "schema_version": 0,
          "attributes": {
            "compartment_id": "compartment_id",
            "defined_tags": {
              "Oracle-Tags.CreatedBy": "user_id",
              "Oracle-Tags.CreatedOn": "2023-05-24T10:25:53.737Z"
            },
            "description": "Compartment for testing ",
            "enable_delete": null,
            "freeform_tags": {},
            "id": "compartment_id",
            "inactive_state": null,
            "is_accessible": true,
            "name": "test",
            "state": "ACTIVE",
            "time_created": "2023-05-24 10:25:53.87 +0000 UTC",
            "timeouts": null
          },
          "sensitive_attributes": [],
          "private": " ",
          "dependencies": [
            "module.compartments.data.oci_identity_tenancy.tenancy",
          ]
        }
      ]

How to Manage the Terraform State File?

There are two ways to store these state files :

1. Local File

When we don’t define any object storage or bucket to store these files, by default, these states get stored in a local file named “terraform.tfstate” . The disadvantage of using local files to store states is that every team member will have their own local state file, and this local state file will be different for sure. And it will create discrepancies for all resource states, and you might not be able to deploy the resources until you delete or modify the required state of the resource.We would recommend always using an object storage and configuring the backend to store state files.

2. Using Object Storage To Store State Files And Configure The Backend

We can explicitly defined a bucket to store the state files . For that we have to configure the backend . Create block “backend” inside “terraform” block and define these thing as listed below.

Configure the [default] entry in the credentials file with the appropriate Object Storage credentials. Following is an example of Object Storage credentials:

[default]
aws_access_key_id=ae37c0....
aws_secret_access_key=mSTd.....

Where aws_access_key_id and aws_secret_access_key are user-specific values provided from the Console, mapped to the Object Storage parameters objectStoreKey and objectStoreSecret respectively.

How To Get Access Of Key And ID?

Open the navigation menu in cloud and click Identity & Security. Under Identity, click Users. Under User Details, click generate Customer Secret Key.

Code To Find

terraform {
  backend "s3" {
    bucket   = "bucket-name"
    key      = "statefilename.tfstate"
    region   = "valid-cloud-region-name"
    endpoint = "object-storage-bucket-url"
    shared_credentials_file     = "./credential-file-name"
    skip_region_validation      = true
    skip_credentials_validation = true
    skip_metadata_api_check     = true
    force_path_style            = true
  }
}

endpoint : https://<namespace>.compat.objectstorage.<region>.<domainname>.com

region : us-phoenix-1

Terraform Init

To know how terraform plan works refer to Terraform plan 

terraform init

terraform init

In bucket , empty state file will gets generated

state file

Now run terraform apply command:

terraform apply

Advantages of Using Object Storage For Storing State File

  • State file are stored in a centralised way . So Every team can access same state files and deploy each resource with their latest and correct state
  • If supported by your backend, Terraform will lock your state for all operations that could write state. This prevents others from acquiring the lock and potentially corrupting your state.
  • State locking happens automatically on all operations that could write state. You won’t see any message that it is happening. If state locking fails, Terraform will not continue.

So multiple team members can work easily on same infrastructure at the same time.

Troubleshooting Terraform State File Errors

1. Bucket does not exist – Make sure to create a bucket before initialising the s3 backend .

2. Invalid endpoint – Please recheck the defined endpoint url , it should be in following format :

https://<namespace>.compat.objectstorage.<region>.<domainname>.com

where namespace you can see in tenancy details page , region should be any valid region associated with any cloud service provider.

3. credential-file-name does not exist – This file should be in root folder or define exact location of this file in case you are keeping it somewhere else .

4. No credential found – Make sure to name the profile with [default] . This file can have multiples profiles.

[default]

aws_access_key_id=ae37c0….

aws_secret_access_key=mSTd…..

FAQs On Terraform State File

1. Where I Can Find The Bucket Namespace

Login into the tenancy -> click on your profile on right side -> click on tenancy name(details) -> in tenancy details page see the section Object storage settings -> Object storage namespace.

2. Can The State File Bucket And Deploying Can Be Different

YES , your bucket and deploying tenancy can be same or different . They can be in diff realm as well . Also you can store state file of more than on tenancy using terraform workspace concept.

eg- you can create bucket in R1 but you can deploy resources in OC1 and save the state files in bucket that present in R1.



Like Article
Suggest improvement
Next
Terraform Resources
Share your thoughts in the comments

Similar Reads

What Is Terraform Lock FIle?
Microsoft Azure - How To Deploy VM in Azure using Terraform?
Setup Terraform On Linux and Windows Machine
Terraform Syntax With Examples
Terraform Plan Command
ECS Deployment Using Terraform
Difference Between Terraform Vs Ansible
How to Push Docker Image to AWS ECS Fargate Using Terraform?
Terraform Work Flow
Terraform Validate Command

S
sonidhimanmnnit
Article Tags :
We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy
Lightbox