Terraform is a popular IaC tool used for the deployment of infrastructure in multiple cloud platforms. Terraform is a cloud-agnostic tool, so it can be used with multiple clouds, on-prem solutions. Terraform was developed by HashiCorp.
When using Terraform it used a state file for keeping track of the resources deployed. This state file help terraform when needs to perform any update, delete and add resources to the existing environment or new deployment. The default configuration this state file stored in the local development environment and its not the most suitable way of storing the state file for the following reasons.
- Local state doesn’t work well in a team or collaborative environment.
- Terraform state can include sensitive information.
- Storing state locally increases the chance of inadvertent deletion.
When using Terraform with Azure deployment, it’s recommended to use remote storage to store this state file for the above reasons. We can use Azure Storage accounts as a solution for the remote locations for the Terraform state file.
Use following script to create a storage account
To configure state file for the storage account we need to configure the Terraform backend configuration as below.
To access the storage account its need a access key, so we can export he access key as below to current shell or for advance security we can keep it in Azure Key Vault.
export ARM_ACCESS_KEY=<storage access key>
Next use below sample .tf file to deploy the deployment.
terraform {
backend "azurerm" {
resource_group_name = "TF-State-RG"
storage_account_name = "tfstatekasunsa"
container_name = "tfstate"
key = "terraform.tfstate"
}
}
resource "azurerm_resource_group" "test-rg"{
name = "test-sec-rg"
location = "southeastasia"
}
resource "azurerm_network_security_group" "sec-nsg"{
location = "southeastasia"
name = "sec-nsg"
resource_group_name = azurerm_resource_group.test-rg.name
}
As per the below deployment completed.
If we go to the storage account we created for state file its shown as below.
