- What the Terraform state file is and why Terraform requires it.
- The kinds of information state stores and how Terraform uses that data during
planandapply. - Why state matters for collaboration, incremental updates, and predictable infrastructure changes.
This lesson focuses on the basics. Advanced topics—remote backends, state locking,
terraform import, and state migration—are important but beyond the scope of this lesson.- Compare your declared configuration with the actual infrastructure.
- Generate precise plans that show what will change.
- Perform targeted updates instead of recreating everything.
What the state file actually contains
The state file contains structured data that represents the current view of your managed infrastructure. Typical contents include:| Item | Purpose | Examples |
|---|---|---|
| Resource metadata | Identifiers and attributes Terraform needs to manage resources | id, provider-specific attributes, resource type |
| Resource dependencies | Dependency graph Terraform uses to order operations | implicit/explicit dependencies between resources |
| Outputs | Values exported from modules for consumption by other code or humans | output "db_endpoint" { value = aws_db_instance.main.endpoint } |
| Provider configuration references | Which provider instances were used to create resources | provider names, versions, and configuration references |
| Module structure | How resources are grouped inside modules | module paths and their resources |
| Internal metadata | Terraform’s internal bookkeeping | module addresses, serial, lineage |
Example: Viewing state locally
Common commands for inspecting or retrieving state:- Initialize a working directory:
- Generate a plan (state is used to compute diffs):
- Show a specific resource or the whole state:
- Pull the current remote state (if using a remote backend):
terraform show -json (abridged):
How Terraform uses state during plan and apply
- Terraform reads the state file to understand what exists.
- It compares the state + real-world resource attributes (via the provider) to the desired configuration.
- Terraform builds a dependency graph to compute the optimal order for creating, updating, or destroying resources.
- The plan shows precise create/update/delete operations; applying that plan updates both real resources and the state file.
- Avoid unnecessary changes,
- Target updates efficiently,
- Preserve resource identity across runs.
Why state matters for collaboration
When multiple team members or automation systems run Terraform against the same infrastructure, consistent and protected state is essential. Remote backends (S3, GCS, Terraform Cloud, etc.) centralize state and often provide locking to prevent concurrent modifications. Key collaboration considerations:- Use a remote backend to share state.
- Enable state locking where supported to prevent concurrent changes.
- Control access to the state file because it can contain sensitive values.
Terraform state can contain sensitive data (for example, resource IDs, IPs, or secrets). Always secure access to any backend or storage holding state and avoid committing state files (like
terraform.tfstate) to source control.Best practices (brief)
- Use a remote backend for team-based workflows.
- Enable state locking when available.
- Store only non-sensitive configuration in code; protect secrets via provider-specific secret management or state encryption.
- Use
terraform importto reconcile existing resources into state rather than recreating them. - Regularly back up your remote state or use a backend that snapshots state history.
Links and references
- Terraform State Documentation
- Terraform Remote Backends
- Terraform Commands: state, show, plan, apply