IT 3110 : DevOps Automation

Terraform 2

Terraform tfstate

• When you run terraform it creates a terraform.tfstate file. This file maps your config file to resources (in AWS for example).
• Don't edit this file

Terraform tfstate

Storing locally is great if you are just running as a personal project, but if you are sharing with team members, it doesn't work well. For teams:

• need to use shared storage
• locking (what happens if two people running terraform at same time?)
• environment isolation

Terraform tfstate

You should store your terraform file in git, but not the tfstate file. Problems:

• it has secrets
• things change,they would always need to do a git pull prior to running terraform commands, or things would break
• file locking issues

Terraform tfstate

We have been using the local backend, but for teams and shared access, we should use a remote backend. (i.e. S3 bucket)

Solves the problems from the previous slide:

• Automatically loads the state file from the backend
• Locks file while someone is using it.
• Encrypts your secrets

Terraform Isolation

How do you use workspaces?

• terraform workspace new prod

Creates and switches you. Look at tfstate dir it creates

Terraform Workspaces

• terraform workspace new <name of workspace> #creates new ws
• terraform workspace select <name of workspace #changes current ws
• terraform workspace list #shows workspaces available
• `terraform workspace delete <name of workspace> #deletes (but only if empty)

Terraform Workspaces????

You could alternatively just create similar tf files in various subdirectories, but this isn't always the most convenient way to handle separate states. Terraform installs a separate cache of plugins and modules for each working directory, so maintaining multiple directories can waste bandwidth and disk space. You must also update your configuration code from version control separately for each directory, reinitialize each directory separately when changing the configuration, etc.