Back to Blog
When making changes to your infrastructure, it’s a best practice to isolate different environments. Without locking, if two team members are running Terraform at the same time, you can run into race conditions as multiple Terraform processes make concurrent updates to the state files, leading to conflicts, data loss, and state file corruption. As soon as data is shared, you run into a new problem: locking. That means you need to store those files in a shared location. To be able to use Terraform to update your infrastructure, each of your team members needs access to the same Terraform state files. But if you want to use Terraform as a team on a real product, you run into several problems: If you’re using Terraform for a personal project, storing state in a single terraform.tfstate file that lives locally on your computer works just fine. If for some reason you need to manipulate the state file - which should be a relatively rare occurrence - use the terraform import or terraform state commands (you’ll see examples of both later in this series). You should never edit the Terraform state files by hand or write code that reads them directly. The state file format is a private API that is meant only for internal use within Terraform. In other words, the output of the plan command is a diff between the code on your computer and the infrastructure deployed in the real world, as discovered via IDs in the state file. Every time you run Terraform, it can fetch the latest status of this EC2 Instance from AWS and compare that to what’s in your Terraform configurations to determine what changes need to be applied. Using this JSON format, Terraform knows that a resource with type aws_instance and name example corresponds to an EC2 Instance in your AWS account with ID i-0bc4bbe5b84387543. For example, let’s say your Terraform configuration contained the following: resource "aws_instance" "example" This file contains a custom JSON format that records a mapping from the Terraform resources in your configuration files to the representation of those resources in the real world. By default, when you run Terraform in the folder /foo/bar, Terraform creates the file /foo/bar/terraform.tfstate. But how did Terraform know which resources it was supposed to manage? You could have all sorts of infrastructure in your AWS account, deployed through a variety of mechanisms (some manually, some via Terraform, some via the CLI), so how does Terraform know which infrastructure it’s responsible for?Įvery time you run Terraform, it records information about what infrastructure it created in a Terraform state file. If you went through the tutorial in Part 2 of this series, as you were using Terraform to create and update resources, you might have noticed that every time you ran terraform plan or terraform apply, Terraform was able to find the resources it created previously and update them accordingly. This blog post corresponds to Chapter 3 of Terraform Up & Running, “How to Manage Terraform State,” so look for the code samples in the 03-terraform-state folders. You can find working sample code for the examples in this blog post in the Terraform: Up & Running code samples repo. In this post, you’ll learn about how Terraform manages state and the impact that has on file layout, isolation, and locking in a Terraform project. In Part 2, you got started with the basic syntax and features of Terraform and used them to deploy a cluster of web servers on AWS. In Part 1, you learned why we picked Terraform as our IAC tool of choice and not Chef, Puppet, Ansible, Pulumi, or CloudFormation. This is Part 3 of the Comprehensive Guide to Terraform series. Update, Sep 28, 2022: We’ve updated this blog post series for Terraform 1.2 and released the 3rd edition of Terraform: Up & Running ! Update, J: We’ve updated this blog post series for Terraform 0.12 and released the 2nd edition of Terraform: Up & Running ! Update, Novem: We took this blog post series, expanded it, and turned it into a book called Terraform: Up & Running ! Terraform state benefits from “bulkheads” too.
0 Comments
Read More
Leave a Reply. |