Terraweek Day 4 Knowledge about Terraform state, Local and Remote configurations

Task 1:The importance of Terraform state in managing infrastructure

The primary purpose of Terraform state is to store bindings between objects in a remote system and resource instances declared in your configuration. Terraform must store state about your managed infrastructure and configuration. This state is used by Terraform to map real world resources to your configuration, keep track of metadata, and to improve performance for large infrastructures.

This state is stored by default in a local file named "terraform.tfstate", but we recommend storing it in Terraform Cloud to version, encrypt, and securely share it with your team.

When Terraform creates a remote object in response to a change of configuration, it will record the identity of that remote object against a particular resource instance, and then potentially update or delete that object in response to future configuration changes.

While the format of the state files are just JSON, direct file editing of the state is discouraged. Terraform provides the terraform state command to perform basic modifications of the state using the CLI.Terraform expects a one-to-one mapping between configured resource instances and remote objects.

resource "aws_instance" "aws_ec2_test" {

        ami = "ami-05552d2dcf89c9b24"
        instance_type = "t2.micro"
        tags = {
     Name = "AshRawTerraWeek4"
  }
}        

Now we can see the terraform.tfstate file something like this:

ubuntu@ip-172-31-34-211:~/terraweek4$ cat terraform.tfstate 
{
  "version": 4,
  "terraform_version": "1.5.7",
  "serial": 1,
  "lineage": "82d76bff-5631-c475-4ce6-5ce263aae552",
  "outputs": {},
  "resources": [
    {
      "mode": "managed",
      "type": "aws_instance",
      "name": "aws_ec2_test",
      "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
      "instances": [
        {
          "schema_version": 1,
          "attributes": {
            "ami": "ami-05552d2dcf89c9b24",
            "arn": "arn:aws:ec2:ap-south-1:596666205397:instance/i-0b283030e6a99a43a",
            "associate_public_ip_address": true,
            "availability_zone": "ap-south-1b",
            "capacity_reservation_specification": [
              {
                "capacity_reservation_preference": "open",
                "capacity_reservation_target": []
              }
            ],
            "cpu_core_count": 1,
            "cpu_options": [
              {
                "amd_sev_snp": "",
                "core_count": 1,
                "threads_per_core": 1
              }
            ],        

The benefits of using a Terraform state

Idempotence

Whenever a Terraform configuration is applied, Terraform checks if there is an actual change made. Only the resources that are changed will be updated.

Deducing dependencies

Terraform maintains a list of dependencies in the state file so that it can properly deal with dependencies that no longer exist in the current configuration.

Performance

In addition to basic mapping, Terraform stores a cache of the attribute values for all resources in the state. This is the most optional feature of Terraform state and is done only as a performance improvement.

When running a terraform plan, Terraform must know the current state of resources in order to effectively determine the changes that it needs to make to reach your desired configuration.

Collaboration

State keeps track of the version of an applied configuration, and it's stored in a remote, shared location. So collaboration is easily done without overwriting.

Auditing

Invalid access can be identified by enabling logging.

Safer storage

Storing state on the remote server helps prevent sensitive information.?

Task 2: Local State and terraform state Command

1. Local State: By default, when you run Terraform commands, it stores the state file locally on your machine. The local state file is created in the same directory where you run the Terraform commands. While local state is simple and convenient for quick local development, it has limitations when working in a team or across multiple environments.

2. Remote State: The Terraform state subcommands all work with remote state just as if it was local state. Reads and writes may take longer than normal as each read and each write do a full network roundtrip. Otherwise, backups are still written to disk and the CLI usage is the same as if it were local state.

Terraform configuration file and initialize it to generate a local state file, for local state file we will take above EC2 instance exmple:

Initialize Your Directory

terraform init?— In order to prepare the working directory for use with Terraform, the?terraform init?command performs Backend Initialization.

Plan Your Infrastructure

terraform plan?— Plan will generate an execution plan, showing you what actions will be taken without actually performing the planned actions.

Deploy Your Infrastructure

terraform apply — Create or update infrastructure depending on the configuration files. By default, a plan will be generated first and will need to be approved before it is applied.

Destroy Your Infrastructure

terraform destroy?— Destroy the infrastructure managed by Terraform.

Refresh the State File

terraform refresh — Modify the state file with updated metadata containing information on the resources being managed in Terraform. Will not modify your infrastructure.

View Your State File

terraform show — Show the state file in a human-readable format.

Task 3:Explore remote state Management

Terraform writes its state file to your local filesystem. This works well for personal projects, but once you start working with a team, things start to get more challenging. In a team, you need to make sure everyone has an up to date version of the state file and ensure that two people aren’t making concurrent changes.

Remote state solves those challenges. Remote state is simply storing that state file remotely, rather than on your local filesystem. With a single state file stored remotely, teams can ensure they always have the most up to date state file. With remote state, Terraform can also lock the state file while changes are being made. This ensures all changes are captured, even if concurrent changes are being attempted.

Configuring remote state in Terraform has always been an involved process. For example, you can store state in an S3 bucket, but you need to create the bucket, properly configure it, set up permissions, create a DynamoDB table for locking, and then ensure everyone has proper credentials to write to it.

Task 4:Remote State Configuration

Remote state management using AWS S3 as the backend for storing Terraform state. AWS S3 is a popular and widely used object storage service that provides durable and scalable storage for various use cases, including Terraform state storage. Here’s an overview of the setup and configuration process for using AWS S3 as a remote state backend:

# Backend Variables
variable "state_bucket_name" {
    default = "mera-balti-me-lunga"
}

variable "state_table_name" {
    default = "tera-balti-tu-le"
}

variable "aws_region" {
    default = "ap-south-1"
}        

terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "4.66.1"
    }
  }
}        

As we see teeraweek03 folder remotely stored.

Happy Learning!