Skip to main content
In this lesson you’ll learn how to inspect Terraform state from the CLI. This is useful when you need to verify concrete resource IDs, network attributes, tags, or other values that Terraform has recorded after apply. The primary commands demonstrated here are:
  • terraform state list — enumerate resource addresses stored in the state.
  • terraform state show — display detailed attributes for a single resource from the state.
  • terraform show — render the full state (or a saved plan file) in a human-readable format.
Use terraform state list to discover resource addresses, then pass one of those addresses to terraform state show to inspect that resource in detail.

Quick command reference

CommandPurposeExample
terraform state listList all resource addresses recorded in the stateterraform state list
terraform state show <address>Show detailed attributes for a single resourceterraform state show aws_instance.web
terraform show [planfile]Dump the full state or a saved plan in human-readable formterraform show or terraform show plan.out

1. List resources in state

Begin by listing every resource Terraform currently manages in your state: 
$ terraform state list
aws_instance.web
aws_subnet.private
aws_subnet.public
aws_vpc.main
$
This output lists resource addresses you can use as arguments to terraform state show. The addresses reflect the resource type and name from your configuration (for example, aws_instance.web).

2. Inspect the entire state (or a saved plan)

When you want a full dump of state data or want to inspect a saved plan file, use terraform show. This prints resource blocks with all recorded attributes: 
$ terraform show
# aws_instance.web:
resource "aws_instance" "web" {
  ami                                 = "ami-05efc83cb5512477c"
  arn                                 = "arn:aws:ec2:us-east-2:603991114860:instance/i-07289d6c1b924df1c"
  associate_public_ip_address         = false
  availability_zone                   = "us-east-2a"
  ebs_optimized                       = false
  get_password_data                   = false
  id                                  = "i-07289d6c1b924df1c"
  instance_initiated_shutdown_behavior = "stop"
  private_dns                         = "ip-10-0-5-245.us-east-2.compute.internal"
  private_ip                          = "10.0.5.245"
  public_dns                          = null
  public_ip                           = null
  region                              = "us-east-2"
  subnet_id                           = "subnet-0d0fdf0bdf3680113"
  tags                                = {
    "Environment" = "development"
    "Name"        = "web-server"
  }
}
Note: For large states this output can be verbose. When possible, scope your inspection to a specific resource address to reduce noise.

3. Inspect a single resource from state

To view only one resource’s recorded attributes, run terraform state show with a resource address printed by terraform state list. For example, inspect the EC2 instance: 
$ terraform state show aws_instance.web
ami                                       = "ami-05efc83cb5512477c"
arn                                       = "arn:aws:ec2:us-east-2:603991114860:instance/i-07289d6c1b924df1c"
associate_public_ip_address               = false
availability_zone                         = "us-east-2a"
ebs_optimized                             = false
get_password_data                         = false
id                                        = "i-07289d6c1b924df1c"
instance_initiated_shutdown_behavior      = "stop"
placement_partition_number                = 0
primary_network_interface_id              = "eni-021f0bd1d36d8a756"
private_dns                               = "ip-10-0-5-245.us-east-2.compute.internal"
private_ip                                = "10.0.5.245"
public_dns                                = null
public_ip                                 = null
region                                    = "us-east-2"
secondary_private_ips                     = []
security_groups                           = []
source_dest_check                         = true
subnet_id                                 = "subnet-0d0fdf0bdf3680113"
tags                                      = {
  "Environment" = "development"
  "Name"        = "web-server"
}
vpc_security_group_ids                    = [
  "sg-0a6bf794da82ceca4",
]
This output shows concrete values (IDs, networking details, tags) exactly as stored in the Terraform state.

4. Example: inspect a subnet

A common workflow is to list resources and then inspect a specific subnet to verify IDs, tagging, and VPC association. List resources: 
$ terraform state list
aws_instance.web
aws_subnet.private
aws_subnet.public
aws_vpc.main
$
Then inspect the private subnet: 
$ terraform state show aws_subnet.private
id                                  = "subnet-0d0fdf0bdf3680113"
ipv6_cidr_block                      = null
ipv6_cidr_block_association_id       = null
ipv6_native                          = false
map_customer_owned_ip_on_launch      = false
map_public_ip_on_launch              = false
outpost_arn                          = null
owner_id                             = "603991114860"
private_dns_hostname_type_on_launch  = "ip-name"
region                               = "us-east-2"
tags                                 = {
  "Environment" = "development"
  "Name"        = "main-subnet"
}
vpc_id                               = "vpc-0e419xxxxxxx"
This reveals the subnet ID, owner, tagging, region, and its associated VPC.
Avoid editing the state file manually. If you need to adjust state (move, remove, or import resources), use Terraform state subcommands like terraform state mv, terraform state rm, or terraform import to keep state consistent and avoid corruption.

Summary

  • Use terraform state list to enumerate resource addresses present in the state.
  • Use terraform state show <address> to inspect a single resource’s recorded attributes.
  • Use terraform show to produce a full, human-readable dump of the entire state or a saved plan.
  • Prefer Terraform state subcommands for state modifications; do not edit state files by hand.

Watch Video