HashiConf
Join us this September for 3 days of talks, training, product news & more. Book Your Ticket Now

Getting Started - AWS [Updated for 0.12]

Remote State Storage

You have now seen how to build, change, and destroy infrastructure from a local machine. This is great for testing and development, but in production environments it is more responsible to share responsibility for infrastructure. The best way to do this is by running Terraform in a remote environment with shared access to state.

Terraform supports team-based workflows with a feature known as remote backends. Remote backends allow Terraform to use a shared storage space for state data, so any member of your team can use Terraform to manage the same infrastructure.

Depending on the features you wish to use, Terraform has multiple remote backend options. HashiCorp recommends utilizing Terraform Cloud. Terraform Cloud offers free state management with no limits on users, workspaces, locking, and HashiCorp Vault encryption.

Terraform Cloud is HashiCorp's commercial solution and also acts as a remote backend. Terraform Cloud allows teams to easily version, audit, and collaborate on infrastructure changes. Each proposed change generates a Terraform plan which can be reviewed and collaborated on as a team. When a proposed change is accepted, the Terraform logs are stored, resulting in a linear history of infrastructure states to help with auditing and policy enforcement. Additional benefits to running Terraform remotely include moving access credentials off of developer machines and freeing local machines from long-running Terraform processes.

How to Store State Remotely

First, we'll use Terraform Cloud as our backend. Terraform Cloud offers free remote state management. Terraform Cloud is the recommended best practice for remote state storage.

If you don't have an account, please sign up here for this guide. For more information on Terraform Cloud, view our getting started guide First, configure the backend in your configuration with your own organization and workspace names:

terraform {
  backend "remote" {
    organization = "Cloud-Org"

    workspaces {
      name = "Dev-QA"
    }
  }
}

The backend section configures the backend you want to use. After configuring a backend, run terraform init to setup Terraform. It should ask if you want to migrate your state to Terraform Cloud. Say "yes" and Terraform will copy your state.

Now, if you run terraform apply, Terraform should state that there are no changes:

$ terraform apply
# ...

No changes. Infrastructure is up-to-date.

This means that Terraform did not detect any differences between your
configuration and real physical resources that exist. As a result, Terraform
doesn't need to do anything.

Terraform is now storing your state remotely in Terraform Cloud. Remote state storage makes collaboration easier and keeps state and secret information off your local disk. Remote state is loaded only in memory when it is used.

If you want to move back to local state, you can remove the backend configuration block from your configuration and run terraform init again. Terraform will once again ask if you want to migrate your state back to local.

Terraform Cloud

Terraform Cloud is a commercial solution which combines a predictable and reliable shared run environment with tools to help you work together on Terraform configurations and modules.

Although Terraform Cloud can act as a standard remote backend to support Terraform runs on local machines, it works even better as a remote run environment. It supports two main workflows for performing Terraform runs:

  • A VCS-driven workflow, in which it automatically queues plans whenever changes are committed to your configuration's VCS repo.
  • An API-driven workflow, in which a CI pipeline or other automated tool can upload configurations directly.

For a hands-on introduction to Terraform Cloud, follow the Terraform Cloud getting started guide.