Terraform Remote State Storage & Locking |
Learn about Terraform Remote State Storage & Locking |
- Understand Terraform Backends
- Understand about Remote State Storage and its advantages
- This state is stored by default in a local file named
, but it can also be stored remotely, which works better in a team environment. - Create Azure Storage Account to store
file and enable backend configurations in terraform settings block - All the TF Configs copy from Section-19
- Go to Resource Groups -> Add
- Resource Group: terraform-storage-rg
- Region: East US
- Click on Review + Create
- Click on Create
- Go to Storage Accounts -> Add
- Resource Group: terraform-storage-rg
- Storage Account Name: terraformstate201 (THIS NAME SHOULD BE UNIQUE ACROSS AZURE CLOUD)
- Region: East US
- Performance: Standard
- Redundancy: Geo-Redundant Storage (GRS)
- In
Data Protection
, check the optionEnable versioning for blobs
- REST ALL leave to defaults
- Click on Review + Create
- Click on Create
- Go to Storage Account ->
-> Containers ->+Container
- Name: tfstatefiles
- Public Access Level: Private (no anonymous access)
- Click on Create
- Reference Sub-folder: terraform-manifests
- Terraform Backend as Azure Storage Account
- Add the below listed Terraform backend block in
Terrafrom Settings
block inc1-versions.tf
# Terraform State Storage to Azure Storage Container
backend "azurerm" {
resource_group_name = "terraform-storage-rg"
storage_account_name = "terraformstate201"
container_name = "tfstatefiles"
key = "project-1-eastus2-terraform.tfstate"
- project-1-eastus2-vmss
- Update
altered to have region name in resources.
# Define Local Values in Terraform
locals {
owners = var.business_divsion
environment = var.environment
#resource_name_prefix = "${var.business_divsion}-${var.environment}"
resource_name_prefix = "${var.resource_group_location}-${var.business_divsion}-${var.environment}"
common_tags = {
owners = local.owners
environment = local.environment
- c8-01-bastion-host-input-variables.tf
- c8-02-bastion-host-linuxvm.tf
- c8-03-move-ssh-key-to-bastion-host.tf
- c8-04-AzureBastionService.tf - Already commented
- c8-05-bastion-outputs.tf
- terraform.tfvars
#bastion_service_subnet_name = "AzureBastionSubnet"
#bastion_service_address_prefixes = [""]
- Required for Next demo when we implement Azure Traffic Manager
# Resource-1: Create Public IP Address for Azure Load Balancer
resource "azurerm_public_ip" "web_lbpublicip" {
name = "${local.resource_name_prefix}-lbpublicip"
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
allocation_method = "Static"
sku = "Standard"
tags = local.common_tags
# "domain_name_label" required for Azure Traffic Manager
domain_name_label = azurerm_resource_group.rg.name
- Change
resource_group_location = "eastus2"
- Add LB Public ID related output in Web Load Balancer.
- This we are going to use in
usingTerraform Remote State Datasource
in next demo.
# LB Public IP ID
output "web_lb_public_ip_address_id" {
description = "Web Load Balancer Public Address Resource ID"
value = azurerm_public_ip.web_lbpublicip.id
# Terraform Initialize
terraform init
## Sample CLI Output
Initializing the backend...
Successfully configured the backend "azurerm"! Terraform will automatically
use this backend unless the backend configuration changes.
# Validate Terraform configuration files
terraform validate
# Review the terraform plan
terraform plan
1. Acquiring state lock. This may take a few moments...
# Create Resources
terraform apply -auto-approve
# Verify Azure Storage Account for project-1-eastus2-terraform.tfstate file
1. Finally at this point you should see the project-1-eastus2-terraform.tfstate file in Azure Storage Account with content in it.
# Access Application
- Update in
- Uncomment Demo tag
common_tags = {
Service = local.service_name
Owner = local.owner
Tag = "demo-tag1" # Uncomment during step-08
- Execute Terraform Commands
# Review the terraform plan
terraform plan
# Create Resources
terraform apply -auto-approve
# Verify terraform.tfstate file in Azure Storage Account
1. New version of terraform.tfstate file will be created
2. Understand about Terraform State Locking
3. terraform.tfsate file should be in "leased" state which means no one can apply changes using terraform to Azure Resources.
4. Once the changes are completed "terraform apply", Lease State should be in "Available" state.
- Destroy Resources and Verify Storage Account
file Versioning
# Destroy Resources
terraform destroy -auto-approve
# Delete Files
rm -rf .terraform*
# c3-locals.tf - Comment demo tag for students seamless demo
common_tags = {
Service = local.service_name
Owner = local.owner
#Tag = "demo-tag1"