Store Terraform state in Cloud Storage

Srinivasan (Srini) Viswanathan Srinivasan (Srini) Viswanathan

Srinivasan (Srini) Viswanathan

Service Delivery Leader | DevOps Engineer| Kubernetes | Terraform | CI/CD | Containers| AWS | GCP | Observability | GKE | EKS

发布日期: 2024年1月3日
+ 关注

using S3 or Google Storage Bucket

Terraform state file is a crucial component in Terraform's workflow. The content of this file is a JSON formatted mapping of resources defined in the configuration and those that exist in your infrastructure.

By default, state file is stored locally in the file system. In this example, we will store terraform in two cloud storage locations namely AWS and GCP.

Storing Terraform state file a cloud backend helps in concurrent collaboration, enhances the security of sensitive information stored in the state file, version control for tracking changes to the configuration file.

Below snippet can be used to store terraform state file in GCP. Note, create a bucket with necessary access. 

terraform {
  backend "gcs" {
    bucket = "<name of the bucket in gcloud>"
    prefix = "terraform/terraform.tfstate"  
# referring to terraform folder and file name which will be stored in the bucket.  
    }
}

You may need to setup environment variable if you are remotely executing terraform.

$env:GOOGLE_APPLICATION_CREDENTIALS = "path to credential json file"

领英推荐

export GOOGLE_APPLICATION_CREDENTIALS=< gcp json file name>

In AWS, backend snippet is listed below. 

terraform {
  backend "s3" {
    bucket = "<bucketname>"
    key    = "terraform/terraform.tfstate"
# will create a folder terraform and store terraform.tfstate
    region = "<region>"
    access_key = "<accesskey>"
    secret_key = "<securitykey>
  }
}

Note, while using backend attribute, we may need to provide all the values and cannot assign or provide variables. In AWS, backend attributes include access and secret key within the block, while in GCP, credentials can be mentioned outside backend block.

Here is an example of creating a EC2 instance while storing state file in S3. 


terraform {
  backend "s3" {
    bucket = "your_aws_bucket_name"
    key    = "terraform/state"
    region = "ap-south-1"
    access_key = "Your_access_key"
    secret_key = "Your secret_key"
  }
}

provider "aws" {
 region = var.region
 access_key = var.access_key
 secret_key = var.secret_key
}

resource "aws_instance" "test-instance" {
  ami = "ami-03f4878755434977f"
  instance_type = "t2.micro"
}

# above ami is in ap-south-1 for creating a ubuntu instance, refer cloud notes to re-verify AMI

要查看或添加评论,请登录

Srinivasan (Srini) Viswanathan的更多文章

社区洞察

其他会员也浏览了