Terraform
How to Use Terraform with GitHub Actions - CICD Pipeline Guide
Set up Terraform CI-CD with GitHub Actions. Covers plan on PR, apply on merge, state locking, secrets management, and environment protection.
1 min read
Terraform
Terraform State File Explained - What It Is and How to Manage It
Understand the Terraform state file, its purpose, and best practices for managing it. Learn remote state, locking, and recovery techniques for teams.
LLuca Berton2 min read
Introduction
#The Terraform state file is one of the most critical components of any Terraform workflow. It maps your configuration to real-world resources and tracks metadata that Terraform needs to function correctly.
Understanding state is essential for working effectively with Terraform, especially in team environments.
What Is Terraform State?
#Terraform state is a JSON file (typically terraform.tfstate) that stores the mapping between your Terraform configuration and the actual infrastructure resources. Every time you run terraform apply, Terraform updates this file.
What State Contains
#- Resource mappings: Links between config resources and real infrastructure IDs
- Metadata: Dependencies, resource attributes, provider information
- Performance data: Cached attribute values to speed up
terraform plan
Example State Entry
#{
"resources": [
{
"mode": "managed",
"type": "aws_instance",
"name": "web",
"instances": [
{
"attributes": {
"id": "i-0abc123def456",
"ami": "ami-0c55b159cbfafe1f0",
"instance_type": "t3.micro",
"public_ip": "54.123.45.67"
}
}
]
}
]
}Why State Matters
#Without state, Terraform cannot:
- Know what exists - It wouldn't know which resources it manages
- Detect drift - It couldn't compare desired vs actual state
- Plan changes - It needs current state to calculate diffs
- Handle dependencies - Resource ordering relies on state data
- Track metadata - Provider configs, resource dependencies
Local vs Remote State
#Local State (Default)
#By default, Terraform stores state in a local file:
project/
├── main.tf
├── variables.tf
└── terraform.tfstate ← local stateProblems with local state:
- Not shared across team members
- No locking (concurrent runs can corrupt state)
- Risk of accidental deletion
- Sensitive data stored on disk
Remote State (Recommended)
#Store state in a shared backend:
terraform {
backend "s3" {
bucket = "my-terraform-state"
key = "prod/terraform.tfstate"
region = "us-east-1"
dynamodb_table = "terraform-locks"
encrypt = true
}
}Benefits:
- Shared across team members
- State locking prevents concurrent modifications
- Encryption at rest
- Versioning and backup
State Locking
#State locking prevents concurrent operations that could corrupt state:
# DynamoDB table for state locking
resource "aws_dynamodb_table" "terraform_locks" {
name = "terraform-locks"
billing_mode = "PAY_PER_REQUEST"
hash_key = "LockID"
attribute {
name = "LockID"
type = "S"
}
}If a lock gets stuck:
terraform force-unlock LOCK_IDState Commands
#Essential terraform state commands:
# List all resources in state
terraform state list
# Show details of a specific resource
terraform state show aws_instance.web
# Move a resource (rename)
terraform state mv aws_instance.old aws_instance.new
# Remove a resource from state (without destroying)
terraform state rm aws_instance.web
# Pull remote state to local
terraform state pull > state.json
# Push local state to remote
terraform state push state.jsonState Recovery
#Recovering from Corruption
#If your state file is corrupted:
- Check for backups: Terraform creates
terraform.tfstate.backup - S3 versioning: Restore a previous version from S3
- Import resources: Re-import resources into a fresh state
# Import an existing resource
terraform import aws_instance.web i-0abc123def456Splitting State
#For large projects, split state across workspaces:
terraform workspace new production
terraform workspace new staging
terraform workspace select productionBest Practices
#- Always use remote state in team environments
- Enable state locking with DynamoDB or equivalent
- Enable encryption for state at rest
- Enable versioning on state storage buckets
- Never edit state manually — use
terraform statecommands - Use workspaces for environment separation
- Limit state access with IAM policies
- Regular backups even with remote state
Hands-On Courses
#- Terraform for Beginners — Covers state management in depth
- Terraform Beginners on CopyPasteLearn
Conclusion
#The Terraform state file is the bridge between your code and your infrastructure. Managing it properly — with remote backends, locking, and encryption — is essential for production Terraform workflows.
#Terraform#DevOps#Best Practices#Infrastructure as Code
Related articles
Terraform
Terraform Workspaces Explained - Manage Multiple Environments
Master Terraform workspaces for managing dev, staging, and production environments. Covers workspace commands, state isolation, and CI/CD integration.
2 min read
Terraform
Terraform Backend Configuration Guide - S3, Azure, GCS
Configure Terraform backends for remote state. Complete guide for S3 + DynamoDB, Azure Blob, GCS, Terraform Cloud, and Consul with encryption and locking.
2 min read
Terraform
How to Use Terraform Variables - Complete Guide with Examples
Master Terraform variables with practical examples. Learn input, output, local, and environment variables for flexible infrastructure as code configurations.
3 min read