Terraform State File
Terraform automates the provisioning and administration of infrastructure resources of cloud a well-liked infrastructure-as-code solution. It applies configurations to your infrastructure and manages your infrastructure resources using a variety of commands. It employs configuration files defined in the HashiCorp Configuration Language (HCL) to specify the desired state of your infrastructure.
Terraform State
Terraform must store the state of your managed infrastructure and configuration. Terraform uses this state to map real-world resources to your configuration, track information, and boost efficiency for huge infrastructures. This state is stored by default in a local file named “terraform.tfstate”.
Terraform uses the state to decide which infrastructure changes to make. Terraform does a refresh before any operation to update the state with the actual infrastructure. Bindings between resources declared in your configuration and objects in a remote system are mostly stored in the Terraform state. When Terraform generates a remote object in reaction to a configuration change, it records the identification of that remote object against a specific resource instance. Later, in response to subsequent configuration changes, Terraform may update or delete that object.
Structure of a Terraform state file
Terraform state files contain each and every detail of any resources along with their current status whether it is “ACTIVE”, “DELETED” or “PROVISIONING” etc.
here is a sample example of a compartment resources state file –
"module": "module.compartments",
"mode": "managed",
"type": "oci_identity_compartment",
"name": "test_compartment",
"provider": "provider[\"registry.terraform.io/hashicorp/oci\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"compartment_id": "compartment_id",
"defined_tags": {
"Oracle-Tags.CreatedBy": "user_id",
"Oracle-Tags.CreatedOn": "2023-05-24T10:25:53.737Z"
},
"description": "Compartment for testing ",
"enable_delete": null,
"freeform_tags": {},
"id": "compartment_id",
"inactive_state": null,
"is_accessible": true,
"name": "test",
"state": "ACTIVE",
"time_created": "2023-05-24 10:25:53.87 +0000 UTC",
"timeouts": null
},
"sensitive_attributes": [],
"private": " ",
"dependencies": [
"module.compartments.data.oci_identity_tenancy.tenancy",
]
}
]
How to Manage the Terraform State File?
There are two ways to store these state files :
1. Local File
When we don’t define any object storage or bucket to store these files, by default, these states get stored in a local file named “terraform.tfstate” . The disadvantage of using local files to store states is that every team member will have their own local state file, and this local state file will be different for sure. And it will create discrepancies for all resource states, and you might not be able to deploy the resources until you delete or modify the required state of the resource.We would recommend always using an object storage and configuring the backend to store state files.
2. Using Object Storage To Store State Files And Configure The Backend
We can explicitly defined a bucket to store the state files . For that we have to configure the backend . Create block “backend” inside “terraform” block and define these thing as listed below.
Configure the [default]
entry in the credentials file with the appropriate Object Storage credentials. Following is an example of Object Storage credentials:
[default]
aws_access_key_id
=ae37c0....
aws_secret_access_key
=mSTd.....
Where aws_access_key_id
and aws_secret_access_key
are user-specific values provided from the Console, mapped to the Object Storage parameters objectStoreKey
and objectStoreSecret
respectively.
How To Get Access Of Key And ID?
Open the navigation menu in cloud and click Identity & Security. Under Identity, click Users. Under User Details, click generate Customer Secret Key.
Code To Find
terraform {
backend "s3" {
bucket = "
bucket-name"
key = "
statefilename.tfstate"
region = "
valid-cloud-region-name"
endpoint = "
object-storage-bucket-url"
shared_credentials_file = "
./credential-file-name"
skip_region_validation = true
skip_credentials_validation = true
skip_metadata_api_check = true
force_path_style = true
}
}
endpoint : https://<namespace>.compat.objectstorage.<region>.<domainname>.com
region :
us-phoenix-1
Terraform Init
To know how terraform plan works refer to Terraform plan
terraform init
In bucket , empty state file will gets generated
Now run terraform apply command:
terraform apply
Advantages of Using Object Storage For Storing State File
- State file are stored in a centralised way . So Every team can access same state files and deploy each resource with their latest and correct state
- If supported by your backend, Terraform will lock your state for all operations that could write state. This prevents others from acquiring the lock and potentially corrupting your state.
- State locking happens automatically on all operations that could write state. You won’t see any message that it is happening. If state locking fails, Terraform will not continue.
So multiple team members can work easily on same infrastructure at the same time.
Troubleshooting Terraform State File Errors
1. Bucket does not exist – Make sure to create a bucket before initialising the s3 backend .
2. Invalid endpoint – Please recheck the defined endpoint url , it should be in following format :
https://<namespace>.compat.objectstorage.<region>.<domainname>.com
where namespace you can see in tenancy details page , region should be any valid region associated with any cloud service provider.
3. credential-file-name does not exist – This file should be in root folder or define exact location of this file in case you are keeping it somewhere else .
4. No credential found – Make sure to name the profile with [default] . This file can have multiples profiles.
[default]
aws_access_key_id=ae37c0….
aws_secret_access_key=mSTd…..
FAQs On Terraform State File
1. Where I Can Find The Bucket Namespace
Login into the tenancy -> click on your profile on right side -> click on tenancy name(details) -> in tenancy details page see the section Object storage settings -> Object storage namespace.
2. Can The State File Bucket And Deploying Can Be Different
YES , your bucket and deploying tenancy can be same or different . They can be in diff realm as well . Also you can store state file of more than on tenancy using terraform workspace concept.
eg- you can create bucket in R1 but you can deploy resources in OC1 and save the state files in bucket that present in R1.
Contact Us