When we started with Terraform, it was all about writing code and applying changes. But behind the scenes, Terraform quietly maintains a state file to track everything it has created.
As projects grow, state management becomes critical. One accidental mistake here can break entire environments.
This blog will help you understand:
- What Terraform State is
- Why it’s essential
- How to use remote backends for secure, scalable state management
- Real-world examples & best practices
What is Terraform State?
When you run terraform apply, Terraform creates a state file (terraform.tfstate).
This file stores:
- The current configuration
- Real-world resource IDs (e.g., AWS S3 bucket ARNs)
- Metadata about dependencies
Terraform uses this file to:
- Know what exists → Avoid recreating resources.
- Plan changes → Detect what to add, modify, or destroy.
State File Example
After creating an S3 bucket, terraform.tfstate might store:
{
"resources": [
{
"type": "aws_s3_bucket",
"name": "my_bucket",
"instances": [
{
"attributes": {
"bucket": "my-terraform-bucket",
"region": "us-east-1"
}
}
]
}
]
}
This tells Terraform:
"Hey, the S3 bucket already exists. Don’t recreate it next time!"
Why Remote Backends?
In small projects, the state file lives locally on your laptop.
But in real-world teams:
- Multiple developers work on the same codebase.
- CI/CD pipelines deploy infrastructure automatically.
- Local state becomes a single point of failure.
Remote Backends solve this by:
- Storing state in the cloud (e.g., AWS S3, Azure Storage, Terraform Cloud).
- Supporting state locking to prevent conflicts.
- Enabling team collaboration safely.
Example: S3 Remote Backend
Here’s how to store state in an AWS S3 bucket with locking in DynamoDB:
terraform {
backend "s3" {
bucket = "my-terraform-state"
key = "prod/terraform.tfstate"
region = "us-east-1"
dynamodb_table = "terraform-locks"
encrypt = true
}
}
- bucket → S3 bucket name
- key → Path inside S3
- dynamodb_table → For state locking
Now your state is safe, shared, and versioned.
Case Study: Scaling DevOps Teams
A fintech startup moved from local to S3 remote state:
- Before: Developers overwrote each other’s state files → Broken deployments.
- After: S3 + DynamoDB locking → No conflicts, automated CI/CD deployments, audit logs in S3.
Result? Faster collaboration, zero downtime.
State Management Best Practices
- Always use Remote Backends for shared environments.
- Enable State Locking (e.g., S3 + DynamoDB).
- Never edit
terraform.tfstatemanually. - Use workspaces for multiple environments (dev, staging, prod).
- Backup state files regularly.
State Commands You Should Know
| Command | Purpose |
|---|---|
terraform state list |
Show resources in the state file |
terraform state show |
Show details of a resource |
terraform state rm |
Remove resource from state |
terraform state mv |
Move resources within state |
What’s Next?
Now you understand Terraform State Management and Remote Backends for secure, team-friendly workflows.
In Blog 6, we’ll dive into Terraform Modules so you can write reusable, production-grade infrastructure code.
Bibliography
- HashiCorp. Terraform Modules Overview. Available at: https://developer.hashicorp.com/terraform/language/modules
- HashiCorp. Terraform Registry – Public Modules. Available at: https://registry.terraform.io/
- AWS. Terraform AWS Module Examples. Available at: https://registry.terraform.io/namespaces/terraform-aws-modules
- Azure. Terraform Azure Module Examples. Available at: https://registry.terraform.io/namespaces/Azure
- Google Cloud Platform. Terraform GCP Module Examples. Available at: https://registry.terraform.io/namespaces/terraform-google-modules
