When we provision infrastructure using terraform, it stores the created infrastructure state locally in “terraform.state” locally which is bad when more than one team is working on the same project. It may create conflict or change the actual state of the file which may lead to incorrect behavior or changes in the provisioned infrastructure.
Hence to avoid this problem we can store the terraform state to a remote location i.e. azure/AWS/google depending on which provider we are working with.
Store terraform state to file remotely provides many benefits including providing “locks”. State file can be locked while it is in use by terraform, which is a great feature.
What is Terraform state file?
Terraform stores state of the managed infrastructure and configuration. This state is used by Terraform to map real-world resources (provisioned in azure/aws/google) to your configuration, keep track of metadata, and improve performance for large infrastructures. This state is stored by default in a local file named "terraform.tfstate”
We need to follow the below steps to store the terraform state remotely in Azure.
Create a storage account and container in Azure, log in to the Azure portal, and search for “storage account” in the marketplace to create a new resource.
After creating the storage account and container, let’s create a terraform configuration file “main.tf” which will create a resource group in Azure.
If you are not sure/new to terraform, please read my previous article on how a create a terraform configuration file,
- # Azure provider source ########################################
- terraform {
- required_providers {
- azurerm = {
- source = "hashicorp/azurerm"
- version = "~>2.0"
- }
- }
- backend "azurerm" {
- resource_group_name = "terraform_remotestate_rg"
- storage_account_name = "itma63110"
- container_name = "terraform-state"
- key = "terraform.tfstate"
- }
- }
- # configure the azure resource Provider ########################################
- provider "azurerm" {
- features {
-
- }
- }
-
- # configure variables ########################################
- variable "resource_group_name" {
- type = string
- description = "RG name in Azure"
- default = "my_terraform_rg"
- }
-
- variable "resource_group_location" {
- type = string
- description = "RG location in Azure"
- default = "centralindia"
- }
-
- # configure resources ########################################
- resource "azurerm_resource_group" "rg" {
- name = var.resource_group_name
- location = var.resource_group_location
-
- tags = {
- environment = "development"
- }
- }
-
- # Output ###############################################
-
- output "ResourceGroupName" {
- value = azurerm_resource_group.rg.name
- }
Now run the below Terraform commands in PowerShell/cmd in the below sequence,
Note
You must have installed
Azure CLI and
Terraform before running commands,
-
az login
It will redirect you to your default browser to login into your azure account.
-
Once step one is completed and after successful login, run the below command,
az account set -s “Name or ID of subscription”
-
terraform init
-
terraform plan -out "remotestate.tfplan"
-
terraform apply "remotestate.tfplan"
-
Verify the
“terraform.tfstate” file in azure under a created storage account.
Conclusion
We have successfully created a resource group and stored “terraform.tfstate” file remotely in Azure using infrastructure as code. It is a powerful and easy-to-use tool that provides more control over infrastructure provisioning at a remote destination. It can also be incorporated in the Azure DevOps CI/CD pipeline easily.