5. Terraform Files

.terraform

• This folder gets created whenever our provider is initialized using terraform init

terraform.tfstate

• It represents all the states in terraform

• It keep tracks of all the changes of the resources

• It is crucial for the functionality of terraform

• It can contain sensitive information in plain text like passwords hence it should not be checked out in vesion control system

• We should use Terraform Cloud or self managed services like AWS S3 to store state files encrypted

Local Backend

• State file is stored locally

• Uncollaborative

• Unencrypted sensitive data

• Manual approach

Remote Backend

• State file is stored remotely

• Collaboration possible

• Sensitive data encrypted

• Automation possible

  • We can setup pipelines

• Increased complexity

Sample configuration for Terraform Cloud

Free upto five users

terraform {
  backend "remote" {
    organization = "xyz"
  }

  workspaces {
    name = "my-project"
  }
}

Sample configuration for AWS

• S3 used to store state file

• DynamoDB used for locking in race condition

terraform {
  backend "s3" {
    bucket = "my-bucket"
	  key = "tf-infra/terraform.tfstate"
	  region = "us-east-1"
	  dynamodb-table = "terraform-state-locking"
	  encrypt = true
  }
}