0
0
TerraformHow-ToBeginner · 4 min read

How to Manage Terraform State: Best Practices and Examples

Manage Terraform state by storing it remotely using a backend like S3 or Terraform Cloud to enable collaboration and state locking. Use state locking and versioning to prevent conflicts and recover previous states safely.
📐

Syntax

The terraform block configures the backend where the state file is stored. Key parts include:

  • backend: Specifies the type of remote storage (e.g., s3, azurerm, gcs, or remote for Terraform Cloud).
  • configuration: Backend-specific settings like bucket name, region, or workspace.

Example syntax:

hcl
terraform {
  backend "s3" {
    bucket = "my-terraform-state"
    key    = "project/terraform.tfstate"
    region = "us-west-2"
    encrypt = true
  }
}
💻

Example

This example shows how to configure Terraform to store state in an AWS S3 bucket with DynamoDB for state locking. This setup prevents multiple users from changing state at the same time and keeps state safe.

hcl
terraform {
  backend "s3" {
    bucket         = "example-terraform-state"
    key            = "envs/prod/terraform.tfstate"
    region         = "us-east-1"
    encrypt        = true
    dynamodb_table = "terraform-locks"
  }
}

provider "aws" {
  region = "us-east-1"
}

resource "aws_s3_bucket" "example" {
  bucket = "my-example-bucket"
  acl    = "private"
}
Output
Terraform will initialize the backend and use the remote state stored in the specified S3 bucket with locking enabled via DynamoDB.
⚠️

Common Pitfalls

  • Not using remote state: Storing state locally can cause conflicts when multiple people work on the same infrastructure.
  • Missing state locking: Without locking, simultaneous changes can corrupt the state file.
  • Incorrect backend config: Typos or missing parameters in backend block cause initialization errors.
  • Not versioning state: Without versioning, you cannot roll back to previous states if something breaks.

Always run terraform init after changing backend configuration to apply changes.

hcl
### Wrong: Local state only (no backend)
# terraform {
#   backend "local" {}
# }

### Right: Remote backend with locking
terraform {
  backend "s3" {
    bucket         = "my-bucket"
    key            = "state.tfstate"
    region         = "us-west-1"
    dynamodb_table = "terraform-lock"
    encrypt        = true
  }
}
📊

Quick Reference

  • Use remote backends like S3, Azure Blob, or Terraform Cloud for shared state.
  • Enable state locking to avoid concurrent changes.
  • Enable encryption for sensitive state data.
  • Use versioning on storage buckets to recover old states.
  • Run terraform init after backend changes.

Key Takeaways

Always store Terraform state remotely using a backend to enable collaboration.
Enable state locking to prevent simultaneous conflicting changes.
Use encryption and versioning on your state storage for security and recovery.
Run terraform init after changing backend configuration to apply changes.
Avoid storing state locally in team environments to prevent conflicts.

Related by keyword

Best Practices for Terraform Modules: Clean, Reusable Infrastructure CodeModulesTerraform Best Practices: Clean, Safe, and Scalable InfrastructureBest PracticesWorkspace vs Separate State Files in Terraform: Key Differences and UsageWorkspacesTerraform Cloud vs Terraform Enterprise: Key Differences and Usage GuideTerraform CloudHow to Manage Multiple Environments in Terraform EasilyBest Practices

Up next

How to Use Sensitive Output in Terraform: Simple GuideWhat is Output in Terraform: Explanation and ExampleHow to Create a Module in Terraform: Simple GuideHow to Pass Variables to Modules in Terraform

More in State

How to Configure Backend in Terraform: Syntax and ExampleHow to Detect State Drift in Terraform: Simple StepsHow to Handle State File Conflict in Terraform: Simple FixesHow to Import Existing Resource to Terraform State Easily