Introduction

Hey there everyone! 👋 Welcome back to our journey through the exciting world of Infrastructure as Code with Terraform on Azure. If you’ve been following along, you’ve already learned how to set up your Terraform environment, create your first Azure resources, and even make changes to your infrastructure. Great work so far! 🎉

(If you’re just joining us, no worries! You might want to start with our introduction to Terraform on Azure to get up to speed.)

But as you’ve been working with Terraform, you might have noticed something curious. After running your Terraform commands, a file called terraform.tfstate appeared in your project directory. What’s this file all about? Why does Terraform needs it? And why should you, as a Terraform user, care about it?

Well, my friend, you’ve just stumbled upon one of the most important concepts in Terraform: state. Don’t worry if it sounds a bit mysterious right now – by the end of this article, you’ll have a solid grasp of what Terraform state is all about.

Why Talk About State?

Understanding Terraform state is like learning the rules of a game. Sure, you can play without knowing all the rules, but once you understand them, you’ll play much better! Here’s why state matters:

1. It’s Always There: Whether you realize it or not, you’re already using state every time you run Terraform.
2. It’s Crucial for Terraform’s Operation: State is how Terraform keeps track of what’s going on in your Azure environment.
3. It Can Impact Your Workflow: As your projects grow, how you manage state can make your life easier (or harder!).

What We’ll Cover

Don’t worry – we won’t dive into the deep end just yet. Think of this as a gentle introduction to the concept of state. Here’s what we’ll explore:

1. What Terraform state actually is
2. How Terraform uses state to manage your resources
3. How to take a peek at your state (it’s not as scary as it sounds!)
4. The basics of local vs. remote state
5. Some simple best practices to keep your state safe and sound

By the end of this article, you’ll have a solid foundation in understanding Terraform state. This knowledge will serve you well as you continue your Terraform journey, making you better equipped to manage more complex infrastructures down the road.

Ready to unravel the mystery of Terraform state? Let’s dive in! 🏊‍♂️

What is Terraform State?

Alright, let’s demystify this Terraform state business! 🕵️‍♂️

State: Terraform’s Memory

Think of Terraform state as Terraform’s memory. Just like how you remember what you had for breakfast this morning, Terraform needs to remember what resources it has created in your Azure environment. This memory, or state, is what allows Terraform to know what exists, what needs to be added, changed, or deleted when you run your Terraform commands.

In essence, Terraform state is a snapshot of your infrastructure as Terraform knows it. It’s like a detailed inventory of all the Azure resources Terraform is managing for you.

Why Does Terraform Need State?

You might be wondering, “Can’t Terraform just look at Azure and see what’s there?” Well, it’s not quite that simple. Here’s why Terraform needs state:

1. Resource Tracking: State helps Terraform keep track of which Azure resources it’s managing. Without state, Terraform wouldn’t know if a resource in Azure was created by Terraform or by some other means.

2. Performance: Checking the state of every resource in Azure each time you run Terraform would be slow. State allows Terraform to work more efficiently.

3. Resource Dependencies: State helps Terraform understand the relationships between your resources, which is crucial for knowing the correct order for creating, updating, or deleting resources.

4. Metadata Storage: State stores important metadata about your resources that isn’t always available just by looking at the resource in Azure.

The terraform.tfstate File

Now, let’s talk about that mysterious file you’ve seen pop up in your project directory: terraform.tfstate. This JSON file is where Terraform stores its state by default when you’re working locally.

Here’s a quick peek at what a simple terraform.tfstate file might look like:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29

{
  "version": 4,
  "terraform_version": "1.0.0",
  "serial": 1,
  "lineage": "3f2d5dff-7f6b-4097-8737-e874f2c33345",
  "outputs": {},
  "resources": [
    {
      "mode": "managed",
      "type": "azurerm_resource_group",
      "name": "example",
      "provider": "provider[\"registry.terraform.io/hashicorp/azurerm\"]",
      "instances": [
        {
          "schema_version": 0,
          "attributes": {
            "id": "/subscriptions/.../resourceGroups/example-resources",
            "location": "westus",
            "name": "example-resources",
            "tags": null,
            "timeouts": null
          },
          "sensitive_attributes": [],
          "private": "..."
        }
      ]
    }
  ]
}

Don’t worry if this looks a bit overwhelming – you don’t need to understand every detail. The important thing to know is that this file contains information about the resources Terraform has created, including their attributes and relationships.

A Word of Caution

While it’s okay to look at your state file, it’s important to remember:

1. Never Edit State Manually: Editing the state file directly can cause Terraform to get confused about the state of your infrastructure.
2. Keep It Secret, Keep It Safe: Your state file can contain sensitive information, so treat it like you would a password. We’ll talk more about state safety later in this article.

And there you have it! You now know what Terraform state is, why it’s important, and where it lives. In the next section, we’ll explore how Terraform actually uses this state to manage your resources. Ready to dive deeper? Let’s go! 🏊‍♂️

How Terraform Uses State

Now that we know what Terraform state is, let’s explore how Terraform actually uses this state to work its infrastructure-as-code magic.

1. Mapping Real-World Resources to Your Configuration

Imagine you’re a librarian (stay with me here! 📚). You have a catalog (your Terraform configuration) that lists all the books that should be in the library. But how do you know if the actual books on the shelves match your catalog? That’s where state comes in!

Terraform uses state to map the resources defined in your configuration files to the actual resources in Azure. This mapping allows Terraform to know:

• Which Azure resources it’s responsible for managing
• How the current state of these resources in Azure compares to what’s defined in your configuration

For example, let’s say you’ve defined a resource group in your Terraform configuration:

1
2
3
4

resource "azurerm_resource_group" "example" {
  name     = "my-resources"
  location = "Australia East"
}

When you run terraform apply, Terraform creates this resource group in Azure and records its details in the state. Now, every time you run Terraform, it can check the state, see that it’s managing this specific resource group, and compare its current settings in Azure to what’s in your configuration.

2. Tracking Metadata

Terraform state is like a super-detailed diary of your infrastructure. It doesn’t just record what resources exist; it also keeps track of a bunch of extra information (metadata) that Terraform needs to manage your resources effectively.

This metadata might include:

• Dependencies between resources
• Resource-specific data that Terraform needs to know but isn’t directly part of the Azure resource (like a computed password for a database)
• The last known state of a resource, which helps Terraform determine if something has changed

This extra information helps Terraform make smart decisions about how to manage your infrastructure.

3. Improving Performance for Large Infrastructures

Imagine if, every time you wanted to change something in your Azure environment, Terraform had to scan your entire Azure subscription to figure out what’s there and what needs to change. For a small project, this might be fine, but for larger infrastructures, it would be painfully slow!

This is where state really shines. By keeping a local record of your infrastructure, Terraform can quickly determine what it needs to do without constantly querying Azure. It’s like having a map of your infrastructure that Terraform can refer to, instead of having to explore the entire landscape every time.

Here’s a simple example of how this improves performance:

1. You run terraform plan to see what changes Terraform will make.
2. Instead of checking every resource in Azure, Terraform first looks at its state file.
3. It compares the state to your configuration files to determine what’s different.
4. It only needs to check with Azure for resources that it thinks might have changed.

This process is much faster than checking every single resource every time, especially when you’re managing dozens or hundreds of resources!

A Real-World Example

Let’s tie this all together with a practical example. Say you’re managing a web application in Azure with Terraform. Your infrastructure includes:

• A resource group
• A virtual network
• A couple of virtual machines
• An Azure SQL Database

Here’s how Terraform might use state in this scenario:

1. Mapping: Terraform uses the state to know exactly which resource group, VNet, VMs, and database in Azure correspond to the resources in your Terraform configuration.

2. Metadata Tracking: The state keeps track of things like the dependencies between these resources (e.g., the VMs need to be in the VNet), and any computed values (like the fully qualified domain name of your database server).

3. Performance: When you want to add a new VM, Terraform can quickly check its state to understand the current infrastructure without querying Azure for every single resource. It knows from the state what VNet and subnet to put the new VM in, without having to rediscover this information.

By leveraging state in these ways, Terraform can efficiently manage your Azure resources, making your job as an infrastructure engineer much easier!

And there you have it! You now understand not just what Terraform state is, but how Terraform uses it to work its magic. In the next section, we’ll learn how to take a peek at this state ourselves. Ready to do some state-snooping? Let’s go! 🕵️‍♂️

Viewing Your Terraform State

Alright, curious Terraform explorers! 🔍 Now that we understand what Terraform state is and how Terraform uses it, let’s learn how to take a peek at this state ourselves. It’s like getting X-ray vision for your infrastructure!

The terraform show Command

Terraform provides a handy command that allows us to view the current state of our infrastructure: terraform show. This command is like asking Terraform, “Hey, what do you think our infrastructure looks like right now?”

Here’s how to use it:

1. Open your terminal or command prompt.

2. Navigate to your Terraform project directory (where your .tf files are).

3. Run the following command:

   1	terraform show

Understanding the Output

When you run terraform show, Terraform will display a human-readable version of your state. Let’s break down what you might see:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25

# azurerm_resource_group.example:
resource "azurerm_resource_group" "example" {
    id       = "/subscriptions/12345678-1234-1234-1234-123456789012/resourceGroups/my-resources"
    location = "australiaeast"
    name     = "my-resources"
    tags     = {}

    timeouts {}
}

# azurerm_virtual_network.example:
resource "azurerm_virtual_network" "example" {
    address_space       = [
        "10.0.0.0/16",
    ]
    dns_servers         = []
    id                  = "/subscriptions/12345678-1234-1234-1234-123456789012/resourceGroups/my-resources/providers/Microsoft.Network/virtualNetworks/my-network"
    location            = "australiaeast"
    name                = "my-network"
    resource_group_name = "my-resources"
    subnet              = []
    tags                = {}

    timeouts {}
}

Let’s break this down:

1. Each resource in your state is shown with its type and name (e.g., azurerm_resource_group.example).
2. Under each resource, you’ll see its attributes and their current values.
3. Some values, like IDs, are generated by Azure and stored in the state.
4. You can see the relationships between resources (e.g., the virtual network’s resource_group_name matches the name of the resource group).

What If I Don’t See Anything?

If you run terraform show and don’t see any output, don’t panic! This usually means one of two things:

1. You haven’t run terraform apply yet, so no resources have been created and there’s nothing in your state.
2. You’re in the wrong directory. Make sure you’re in the directory with your .tf files and terraform.tfstate file.

Practical Uses of terraform show

Now, you might be wondering, “Why would I want to look at my state?” Great question! Here are a few practical reasons:

1. Troubleshooting: If something’s not working as expected, viewing the state can help you understand what Terraform thinks exists in your infrastructure.
2. Verification: After making changes, you can use terraform show to verify that the state reflects what you expect.
3. Learning: It’s a great way to understand how Terraform represents different Azure resources and their attributes.

A Word of Caution

Remember, while it’s fine to view your state, you should never manually edit the terraform.tfstate file. Terraform relies on this file being accurate, and manual edits can cause all sorts of confusion and problems.

Pro Tip: Focusing on Specific Resources

If you have a large infrastructure and want to view the state of a specific resource, you can use the terraform state show command followed by the resource address. For example:

1

terraform state show azurerm_resource_group.example

This will show you the state for just that resource group, which can be handy when you’re managing lots of resources!

And there you have it! You now know how to peek into Terraform’s brain and see how it views your infrastructure. In the next section, we’ll talk about the difference between local and remote state. Ready to learn about keeping your state in the cloud? Let’s dive in! 🏊‍♂️

Local State: The Default Option

Let’s chat about the most straightforward way Terraform manages state: local state. It’s like keeping your infrastructure’s diary right on your own computer.

What is Local State?

When we talk about “local state” in Terraform, we’re referring to the default behavior where Terraform stores the state file (terraform.tfstate) directly in your project directory on your local machine. It’s like keeping a notebook about your Azure resources right on your desk.

Remember that terraform.tfstate file we mentioned earlier? That’s your local state file. Every time you run terraform apply, Terraform updates this file to reflect the current state of your infrastructure.

Advantages of Local State

Local state is simple and straightforward, which is why it’s the default option. Here are some reasons why local state can be great:

1. Simplicity: There’s no setup required. You create your Terraform configuration, and boom! Terraform automatically manages the state locally.

2. Quick Start: It’s perfect for learning Terraform or for small, personal projects. You can get up and running without any additional configuration.

3. Full Control: The state file is right there on your machine. You can easily back it up or version control it (though be careful with sensitive information!).

Disadvantages of Local State

However, local state isn’t always sunshine and rainbows. It has some limitations, especially as your projects grow:

1. Limited Collaboration: If you’re working in a team, local state can be a headache. Only one person can make changes at a time, and you’d need to manually share the state file.

2. Lack of Remote Backup: If something happens to your local machine, you could lose your state file. Ouch!

3. No Native Locking: When state is local, there’s no built-in way to prevent two people from making changes at the same time, which could lead to conflicts.

4. Security Concerns: Storing state locally means any sensitive data in your state (like database passwords) is stored in plaintext on your machine.

When to Use Local State

Given these pros and cons, when should you stick with local state? Here are some good use cases:

1. Learning and Experimentation: When you’re first getting to grips with Terraform, local state is perfect. It’s simple and requires no extra setup.

2. Personal Projects: If you’re the only one working on a project and it’s not mission-critical, local state can be just fine.

3. Small, Short-lived Projects: For quick, one-off infrastructure deployments that won’t need ongoing management, local state can be a good fit.

4. Proof of Concepts: When you’re testing out ideas or demonstrating Terraform’s capabilities, local state keeps things simple.

A Real-World Analogy

Think of local state like keeping a personal diary. It’s great for your private thoughts and day-to-day reflections. But if you were collaborating on a book with others, you’d probably want a shared document instead of passing around a physical notebook. That’s where remote state comes in, which we’ll talk about next!

Best Practices for Local State

If you’re using local state, here are a few tips to keep in mind:

1. Version Control: While you should never commit your terraform.tfstate file to version control (due to potential sensitive data), do commit your .terraform.tfstate.backup file. This is a backup Terraform creates, and it can be a lifesaver if something goes wrong.

2. Regular Backups: Manually back up your state file regularly, especially before making significant changes.

3. Be Careful with Sensitive Data: Remember, your state file might contain sensitive information. Treat it with the same care you’d give to passwords or API keys.

And there you have it! You now understand the ins and outs of local state in Terraform. It’s a great starting point, but as your Terraform journey continues, you might find yourself outgrowing it. In our next section, we’ll introduce you to the concept of remote state, which addresses many of the limitations of local state. Ready to take your state management to the cloud? Let’s go! 🚀

Introduction to Remote State

We’ve explored local state, and now it’s time to take a step into the cloud with remote state. Think of this as upgrading from a personal diary to a shared online document for your infrastructure. Let’s dive in!

What is Remote State?

Remote state is exactly what it sounds like - it’s when your Terraform state file is stored remotely, usually in a cloud storage service, instead of on your local machine. In the context of Azure, this often means storing your state file in Azure Blob Storage.

Imagine if, instead of keeping that terraform.tfstate file on your computer, you could keep it in a secure, shared location in the cloud. That’s the essence of remote state!

Why Consider Remote State?

You might be wondering, “Why complicate things? Local state seems fine!” Well, as your projects grow and as you start working in teams, remote state offers some significant advantages:

1. Improved Collaboration: Multiple team members can access and update the state safely. It’s like moving from passing around a notebook to collaborating on a Google Doc.

2. Better Security: Cloud storage services often provide better security features than your local machine. It’s like keeping your valuables in a bank vault instead of under your mattress.

3. Backup and Disaster Recovery: Cloud storage typically includes features for backup and versioning. If something goes wrong, you can often recover a previous version of your state.

4. State Locking: Many remote state backends support locking, which prevents two people from modifying the infrastructure at the same time. It’s like having a “do not disturb” sign for your Terraform operations.

5. Separation of Concerns: Remote state allows you to separate your Terraform configuration from the state data. This is especially useful in CI/CD pipelines.

A Glimpse of Remote State in Azure

While we won’t go into the nitty-gritty details of setting up remote state (that’s a topic for a future article!), here’s a quick peek at how you might configure Terraform to use Azure Storage for remote state:

1
2
3
4
5
6
7
8

terraform {
  backend "azurerm" {
    resource_group_name  = "tfstate"
    storage_account_name = "tfstate1234"
    container_name       = "tfstate"
    key                  = "terraform.tfstate"
  }
}

This block tells Terraform to store the state file in an Azure Storage account. Cool, right?

When to Consider Remote State

You might want to start thinking about remote state when:

1. You’re working in a team and need to collaborate on Terraform configurations.
2. Your projects are becoming more complex or mission-critical.
3. You’re setting up automation or CI/CD pipelines for your infrastructure.
4. You’re concerned about the security of sensitive data in your state file.

A Word of Caution

While remote state is powerful, it does add some complexity to your setup. For beginners or simple projects, local state is often sufficient. As you grow more comfortable with Terraform and your projects become more complex, you can gradually move towards remote state.

The Journey Ahead

Understanding remote state is a big step in your Terraform journey. It opens up new possibilities for collaboration, security, and scalability in your infrastructure management. While we’ve just scratched the surface here, you now have a foundation to build upon as you continue learning.

In future articles, we’ll dive deeper into setting up and managing remote state in Azure. For now, pat yourself on the back for leveling up your Terraform knowledge! 🎉

Next up, we’ll talk about some basic precautions for keeping your state safe, whether it’s local or remote. Ready to become a state safety expert? Let’s go! 🚀

Common State Commands

We’re in the home stretch now. Let’s round out our state management knowledge with some handy Terraform commands that’ll help you interact with and manage your state. Think of these as your Swiss Army knife for Terraform state!

terraform refresh: Updating State

The terraform refresh command is like giving Terraform a pair of glasses to see the current state of your Azure resources more clearly. It updates the state file to match what actually exists in your Azure environment.

Here’s how to use it:

1

terraform refresh

When you run this command:

1. Terraform reads the current state file.
2. It then checks the actual resources in Azure.
3. If there are any differences, it updates the state file to match reality.

This is useful when:

• You suspect changes have been made to your Azure resources outside of Terraform.
• You want to make sure your state file is up-to-date before planning or applying changes.

Remember, terraform refresh doesn’t modify your actual resources - it just updates Terraform’s understanding of them.

terraform state list: Seeing What’s in Your State

If you want to get a quick overview of what resources Terraform is managing, the terraform state list command is your go-to. It’s like asking Terraform, “Hey, what’s in your state file?”

Here’s how to use it:

1

terraform state list

This command will output a list of resources in your state file. For example:

1
2
3
4
5

azurerm_resource_group.example
azurerm_virtual_network.example
azurerm_subnet.example
azurerm_network_interface.example
azurerm_windows_virtual_machine.example

This is super helpful when:

• You want to quickly check what resources Terraform is managing.
• You need to find the exact name of a resource for use in other commands.

Combining Commands for Power Use

These commands become even more powerful when you combine them. For example, you might:

1. Run terraform refresh to make sure your state is up-to-date.
2. Then use terraform state list to see what resources are being managed.
3. Finally, use terraform show (which we learned about earlier) to get detailed information about a specific resource.

This workflow helps you keep a clear picture of your infrastructure and Terraform’s understanding of it.

A Word of Caution

While these commands are safe to use (they don’t modify your actual Azure resources), always be careful when working with state. Especially in a team environment, it’s a good idea to communicate with your teammates before running commands that might change the state file.

Real-World Scenario

Imagine you’re working on a project where a colleague manually added a new subnet to your virtual network through the Azure portal. Your Terraform state doesn’t know about this new subnet. Here’s how you might handle this:

1. Run terraform refresh to update your state with the new subnet.
2. Use terraform state list to confirm the new subnet is now in your state.
3. Update your Terraform configuration to include the new subnet.
4. Run terraform plan to see what changes Terraform will make to bring your configuration in line with the actual state.

This process helps you maintain consistency between your Terraform configuration, your state, and your actual Azure resources.

Wrapping Up

And there you have it! You now have some powerful tools in your Terraform toolkit for managing and inspecting your state. As you continue your Terraform journey, you’ll find these commands invaluable for keeping your infrastructure in check.

Remember, Terraform state is the bridge between your configuration and your actual Azure resources. By understanding and effectively managing your state, you’re setting yourself up for success in your infrastructure-as-code adventures!

Conclusion

Awesome work mate. You’ve just completed a whirlwind tour of Terraform state management in Azure. Let’s take a moment to reflect on what we’ve learned:

1. We discovered that Terraform state is like a magical map that helps Terraform understand and manage your Azure resources.
2. We explored the default option of local state and when it’s appropriate to use it.
3. We peeked into the world of remote state and how it can supercharge your Terraform game, especially for team collaborations.
4. We learned about the importance of keeping your state safe and some basic precautions to take.
5. Finally, we added some powerful state commands to our Terraform toolkit.

Understanding Terraform state is like unlocking a new level in your infrastructure-as-code journey. It’s the behind-the-scenes hero that makes Terraform’s magic possible. By grasping these concepts, you’re well on your way to becoming a Terraform wizard! 🧙‍♂️

But remember, this is just the beginning. As you continue to work with Terraform and Azure, you’ll discover even more ways to leverage state management to your advantage. Here are some areas you might want to explore next:

• Setting up and managing remote state in Azure Blob Storage
• Working with state in a team environment
• Advanced state operations like moving resources between states
• Integrating Terraform into your CI/CD pipelines

In our next article, we’ll be diving into the exciting world of Terraform Dependencies in Azure Infrastructure. We’ll explore how Terraform figures out the order to create, update, or delete resources, and how you can control these dependencies. It’s going to be choice!

Remember, every expert was once a beginner. Don’t be afraid to experiment, make mistakes, and learn from them. That’s the beauty of infrastructure-as-code – you can always tear it down and start again!

Keep practicing, keep learning, and most importantly, have fun building amazing things with Terraform and Azure. The cloud’s the limit! ☁️🚀

Stay strong 💪, and happy Terraforming!