Open in app

Sign in

Write

Sign in

Managing Terraform States in Remote Locations:

jaffar shaik
3 min readJan 5, 2021

Managing Terraform States in Remote Loactions:

Terraform State:

Just like Human has Heart , Terraform has States.Terraform knows if a Resource is created or destroyed or modified from its sate file. without statefile terraform won’t work.

Sample Resource Code:

resource "aws_instance" "myec23" {
ami = "ami-08f63db601b82ff5f"
instance_type = "t2.large"
tags = {
name = "myec3"
}
}

STATE FILE VIEW :

{
"version": 4,
"terraform_version": "0.12.26",
"serial": 9,
"lineage": "a507cf62-a1a4-e2a3-71b7-a0d645df67d0",
"outputs": {},
"resources":

The above image shows the basic structure of Terraform.it has outputs and resources.
1. Outputs states the resource attributes
2. Resources States about Resource Created,Destroyed,or modified.
3. The Resouce block changes when we do “Terraform destroy”, “Terraform apply” or when we Taint a resource.

terraform state cmds
1.terraform state list (lists resources of tf state file)
2.terraform state pull (gets remote state file)
3.terraform state show (shows attributes of single resource)
4.terraform state resource name (removes resources from tf state)

Problem statement:
When two users are simultaneously doing Terraform apply or Terraform Destroy the state file will be Locked.
For example when two users do the same operations , one user can execute the command for example in our case two users are doing same operation “Terraform Plan” then for the user1 who did terraform plan will gives the plan of the resoures to be created or destroyed or modified.

Output for user1:

If the user2 do the same operation simultaneously there will be lock on state file.

Output for user2:

Solution:

To resolve the issue we need to main the state file in remote location in our case we are maintaining remote state file in Aws cloud .
To perform this operation we need to
1. Create a s3 bucket this will helps to store the state file.

resource "aws_s3_bucket" "b" {
bucket = "mynightman777"
acl = "private"tags = {
Name = "My bucket"
}
}

2. Key = “we can give anyname here this will be name of our statefile in S3 bucket.

In the above image we can clearly see that under mynightman777 bucket a file called mystaefile is created .this file consists of the statefile of the resources.

In the above image we can clearly see that under mynightman777 bucket a file called mystaefile is created .this file consists of the statefile of the resources.

3. To implement state locking we need to Create a Dynamodb table

resource "aws_dynamodb_table" "example" {
name = "example"
hash_key = "LockID"
billing_mode = "PROVISIONED"
read_capacity = 20
write_capacity = 20
attribute {
type = "S"
name = "LockID"

}
}

4. The partion key or Hash key name must be LOCKID
5. The final remote backend code is represented below

terraform {
backend "s3" {
bucket = "mynightman777"
key = "mystatefile"
region = "us-east-2"
access_key = ""
secret_key = "
dynamodb_tablename = "mytable"
}
}

Now when Two users do same operation a Lockid can be seen under items of DynamoDB table.this will be present only during operation of Command. once the operation is completed the LOCKID will be released from items of the DynamoDB table.

The image will lock like this

The lockid changes for every operation.
Hope this article is helpful for you in configuring remote states.

--

--

jaffar shaik

Written by jaffar shaik

253 Followers

Am DevOps Engineer and SRE based in india.

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams