State Management & Remote Backends

What is State in Terraform?

Terraform must store state about your managed infrastructure and configuration. This state is used by Terraform to map real-world resources to your configuration, keep track of metadata, and improve performance for large infrastructures.

By default, state is stored locally in a file named terraform.tfstate.

Remote Backends

Storing state locally is fine for personal projects, but it becomes problematic in a team environment:

Shared Storage: Everyone needs access to the state file.
Locking: You must ensure no two people are modifying infrastructure at the same time.
Secrets Management: State files can contain plain-text secrets.

Remote backends solve these problems by storing the state in a centralized location (like AWS S3, Google Cloud Storage, or Terraform Cloud).

Example: S3 Backend with DynamoDB Locking

terraform {
  backend "s3" {
    bucket         = "my-terraform-state"
    key            = "global/s3/terraform.tfstate"
    region         = "us-east-1"
    dynamodb_table = "terraform-locks"
    encrypt        = true
  }
}

State Locking

When you run terraform plan or terraform apply, Terraform locks the state file so that no one else can make changes concurrently. If someone else tries to run a command while the state is locked, Terraform will throw an error. This prevents corruption and race conditions.

HCL Declarative Syntax & Core Concepts Reusable Module Architecture