DevOps

Terraform backends and state locking - Day 7

Anandhi's photo
Anandhi
·

3 min read

Terraform uses a state file to keep track of the resources it manages and their current state. The state file is crucial for Terraform to understand the existing infrastructure and make informed decisions about what changes to apply. When working with Terraform in a collaborative or team environment, it's essential to use a remote backend to store and share the state file.

Backends primarily determine where Terraform stores its state. By default, Terraform implicitly uses a backend called local to store state as a local file on disk. A remote backend is a storage location for the Terraform state file that is external to the local working directory. This enables collaboration among team members and ensures a consistent state when multiple people are working on the same infrastructure.

Terraform supports various types of remote backends, including,

  • Amazon S3

  • Azure Blob Storage

  • Google Cloud Storage

  • HashiCorp Consul

  • HashiCorp Vault, and more.

Each type of backend has its own configuration parameters.

State locking

State locking is a mechanism to prevent concurrent modifications to the Terraform state file by different users or processes. It helps avoid conflicts and ensures that only one Terraform operation can modify the state at a time.

When Terraform performs an operation (e.g., terraform apply), it attempts to acquire a lock on the state file. If it can't acquire the lock, it means another process is already working with the state, and Terraform will wait until the lock is released.

Local backends support locking, but not all backends support it. If you choose S3 as a remote backend, it does not provide support for state locking functionality. To achieve state locking functionality in this case, you will need to utilize a DynamoDB table.

In this blog, we will explore the process of configuring an S3 bucket as a remote backend and a DynamoDB table for state locking.

🔸 Step 1: Create a S3 bucket and DynamoDB table in AWS. You can configure it manually or alternatively, provision them using Terraform or the AWS CLI.

Below is the Terraform configuration file for creating S3 bucket and DynamoDB table.

🔸 Step 2: Write a terraform resource block as below for setting an AWS S3 bucket as a remote backend and a DynamoDB table for state locking.

Below is the Terraform configuration for specifying the provider and setting up an EC2 instance.

🔸 Step 3: After executing the terraform init command, you will observe that the remote backend is configured.

Force unlocking the state

Terraform has a force-unlock (terraform force-unlock) command to manually unlock the state if unlocking failed. If you unlock the state when someone else is holding the lock it could cause multiple writers. Force unlock should only be used to unlock your own lock in the situation where automatic unlocking failed.

TerraformDevops#IaCAWS