The purpose of the Terraform state file can be confusing, even for the most expert DevOps engineers. You may have noticed that the aptly named “tfstate file” appears when you’re making changes to resources or the configuration. In fact, it’s required by Terraform, and, according to HashiCorp, “cannot function without it.” The purpose of our introductory article is to save you from getting lost in a sea of files, without having any understanding of what is happening, how to secure them, and what you can do with them. In this article, we’ll go over:
$ terraform init $ terraform plan $ terraform apply. Note that in practice, encryption of the Slack webhook URL should happen differently (outside of this module). Note that this example may create resources which can cost money. Run terraform destroy when you don't need these resources. If you’re looking to connect with other Terraform learners or experts, we encourage you to join our Slack community to meet others and exchange valuable ideas. The World of Infrastructure on Cloud When discussing setting up an IT enterprise, a major component of the conversation involves setting up the infrastructure. Red street posting boxer. Terraform has an active and growing community of plugin developers willing to help you through various mediums. Mediums for users of Terraform are listed under the main Community page The Terraform Plugin SDK section of the community portal contains questions, use cases, and useful patterns. Terraform Plugin SDK Issue tracker on GitHub. Join us on Slack to meet both Terraform experts and learners, and continue learning. For reference, the latest version of Terraform v0.14.0 was released on December 2nd, and we’ll take a look at all of the major changes related to that version.
- What is the Terraform state file?
- Most Common Terraform State File Commands
- Remote vs. Local
HashiCorp Terraform - An open source tool written in Go, Terraform allows users to define infrastructure as code. Many public cloud providers are supported in Terraform, as well as on prem infrastructure like vSphere. ZeroTier - “ZeroTier delivers the capabilities of VPNs, SDN, and SD-WAN with a single system.
Let’s get started!
Note: If you’re interested in learning more or want to have your questions answered with 1-on-1 guidance, join our InfraCode Slack to gain valuable help from our community of experts.
What is a Terraform State File?
Your configuration is stored with the ending “.tfstate”. Below, you can see the sample screenshot of a list of files that were created after using the “apply” command. As you can see, it is also backed up to keep your work secure.
Here’s the interesting part: the Terraform state file is updated simultaneously to you creating a new resource. Here’s how it works: Essentially, a remote object for a particular resource is created on your system. The link between the remote object and the actual configuration is recorded. The next time that you update a resource on your configuration, a new remote object is created. The new object is, again, mapped against the resource in the tfstate, and the previous remote object is deleted. Therefore, every time you update a resource, you’re also creating a new remote object (whether you realize or not).
Source: “DevOps 101” by Rafael Belchoir
While it’s clear that the tfstate is important during the “apply” and “plan” commands, did you know that it also appears again when you hit the “destroy” command? Besides resource changes, the tfstate file also tracks resource dependencies. When performing the “destroy” action, it helps determine the order in which the resources are destroyed.
Most Common Terraform State File Commands
Additionally, the inspection and the modification of Terraform state files is also allowed, by using the command “terraform state”. Within this command are the following subcommands:
Any subcommand that modifies the tfstate always creates/writes backup information. They’re mandatory for every modification command and cannot be disabled.
While the allowed modifications to the tfstate file are quite limited and basic, we recommend that you don’t bother modifying them if you’re still new to Infrastructure as Code. Why do we suggest that you skip these actions?
As we mentioned previously, there is an inherent link maintained between every configuration resource and a remote object in the tfstate. Mac office 2011 mojave. However, if you begin to modify or delete any of the links in the Terraform state file, then, unfortunately, going forward, it will be your responsibility to manually maintain the links, as well as modify/delete objects. Why give yourself extra work as a beginner when you can focus on the basics? Note: If you are a beginner, check out our “Best Terraform Tutorial Guides” for a brief overview.
Remote vs. Local
Imagine a scenario where you have a team of 4 DevOps professionals, dedicated to building and maintaining your infrastructure. One team member updates the configuration, and everything is going as planned. The “apply” command is performed, which updates the Terraform state file on the user’s local system, leaving the user who made the changes with the updated tfstate file. But, the rest of your team is left with the old work, resulting in configurational differences (and overall confusion).
Terraform Slack Channel
The remote state solves this small issue that can lead to major complications. You can store, read, and write the tfstate file with cloud storage, which can easily be shared with your complete team. Your work can be stored with cloud providers such as Google Cloud Storage, Amazon S3, and Terraform Cloud.
With remote tfstate, another feature called “locking” is offered. Any operation that could write the tfstate automatically induces this operation. As the name insinuates, your work becomes locked and will not become corrupted. This is a backend process and if it fails, it does not let you continue with your configuration changes.
When you create a configuration, there may be resources with sensitive information such as passwords or user tokens. Locally, this data is stored as plain text. However, remotely, data can be stored in an encrypted format, making it more secure.
Next Steps
While the tfstate may be a bit confusing, we hope that you can see some of the advantages of working in a remote state. As we mentioned earlier, if you’re a beginner, it’s far easier to skip modifications and focus on other core components of Terraform. If you’re interested in learning more about the Terraform state file, or want to have your questions answered with 1-on-1 guidance, join our InfraCode Slack to gain valuable help from our community of experts.
P.S. A note from the team
Hi everyone! Considering the success of our first post with Faun, we’ve decided to provide you with the comprehensive Terraform information you’re looking for. We understand the pain you’ve experienced searching for resources. The reason we understand is because we were there too. We understand that the tools around HashiCorp are great, but smaller organizations needed to be empowered to use their tools. It can be difficult to find the time to seek out these resources--and some of these resources are not catered specifically to smaller organizations. We are trying to create content that not only solves this problem, but clearly lays out foundational concepts in an easy-to-use, practical manner. Since there is demonstrated latent demand for better, clearer explanations of core Terraform concepts, we’ve decided to begin a series of articles diving deep on the fundamentals without all the drag of reading the complex, esoteric descriptions in HashiCorp’s documentation. While we believe there’s a time and place to go in-depth, we also understand that the average beginner is looking for clear, carefully laid out information that is both tangible and immediately usable. We’re here to try and make your lives easier. Once again, thanks for joining us!
In this article, I am going to show how to use Terraform to configure a CloudWatch alert and send the message to a Slack channel.
Slack Webhook in AWS Secrets Manager
Before I start configuring the alert, I need the URL of a webhook that sends messages to Slack. Those of you who are not familiar with Slack webhooks can get the address using the instructions from Slack manual: api.slack.com/messaging/webhooks
I don’t want to store the webhook URL in the repository that contains Terraform rules. After all, it allows sending any message to the channel, so I should secure it.
Terraform Slacker
Let’s assume that I have stored the webhook URL in AWS Secrets Manager, and I can retrieve it using AWS CLI. Note that I use
jq
to extract the SecretString
from the JSON response.I have to define a new variable in the
variables.tf
file:![Terraform Terraform](/uploads/1/1/3/7/113777243/326561906.png)
Now, before calling the
terraform plan
command, I have to retrieve the URL from Secrets Manager and store it in the tfvars file. That is going to become tedious very soon, so I will define a Makefile script to do it for me:I should also use Makefile to apply the plan because otherwise, I would need to remember about passing the plan file as a parameter:
Notify-slack module
In the next step, I must create a new
tf
file in the Terraform configuration directory and define a new module:The
terraform-aws-notify-slack
module creates an SNS topic that receives a notification every time the status of an alert changes. It also creates a Lambda function to read the notifications from SNS and propagate the messages to the Slack channel.CloudWatch Alert
Wps pdf to word converter full. Now, I have to define the CloudWatch Alert. In this example, let’s imagine that I want to get a notification when an SQS consumer is not processing messages fast enough (or does not process them at all).
I am going to use the SQS
ApproximateAgeOfOldestMessage
metric to raise an alert when the oldest message is waiting in the queue for more than one minute.First, let’s specify the part of the configuration that defines the alert name and description:
Now, I can designate the AWS resource that triggers this alert:
To configure the metric, I need to define the metric type, the threshold, the size of the window on which I want to calculate the metric, and the number of time windows that must exceed the limit to raise the alarm.
In my example, I want to receive a notification whenever a message older than one minute is observed within a single 5-minute window.
In the end, I must use the previously defined Slack module to send notifications:
When I apply the Terraform plan and create the alert in AWS, I will immediately receive a notification telling me that there is not enough data to calculate the metric. It is the expected behavior of a newly defined CloudWatch Alert. After the monitored SQS queue updates its metrics, the status of the alert should change to either “OK” or “Alarm.”