Remote Backend State with Terraform and Azure Storage

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

in this video we use a remote back end on azure storage for the terraform state file [Music] so far we've written our terraform files created modules and passed variables and outputs between them but we've been operating as a team of one you won't always be alone i'm here for you my friend as for terraform at some point we'll need to collaborate with others that's what this video is about before that please like subscribe share with a friend and let me know what you think in the comments below also check out my courses on hybrid identities with azure id and azure virtual desktop on udemy.com the link is below and check out the new membership button if you're so inclined let's talk about the state file terraform.tf state is a json-based file that's created when we run terraform init the terraform state maps real world resources to the configuration it tracks metadata such as dependencies between resources and improves performance for large infrastructures by caching information on the resources in the state by default terraform uses a local state file created in the root directory to plan and make changes to the infrastructure this is fine for a party of one but not when we're working with a team imagine if a group was working on the same infrastructure but each had a different version of the state file configuration could easily overlap and cause all sorts of issues how do we address this potential issue when working in a team to deploy infrastructure's code we could use a centralized state file that everyone has access to terraform supports storing remote states and terraform cloud amazon s3 azure blob storage google cloud storage alibaba cloud and more these remote states can be accessed and shared by multiple people as this series is on terraform with azure we're not going to use google cloud storage for the remote state we'll use azure blob storage in order for this to work we first have to set up the storage account and then we'll provide access with the storage account key we'll store this key as an environment variable for terraform to use after that we'll create a back end block in the terraform main.tf file instructing terraform to use the azure storage account for the state file finally we'll create a deployment and verify the remote state is working let's get started in vs code here we are in vs code we're going to start by creating a storage account with the azure cli be sure you're logged into the correct subscription with the command az account show funny thing we're creating a storage account for terraform but not using terraform to create it terraform is an option but for this example we'll use the cli consider that the terraform state file in this storage account is not a stateless resource meaning we can't just destroy and recreate it as needed there's state data in the storage account needed for our deployments by definition the state file is well stateful this is a script file but it's intended to be ran line by line you could also create a storage account in a container in the portal if that works better for you let's walk through this with the azure cli set the resource group name and the storage account name along with a container in the storage account the container is what will hold the state file the get random command will add random characters to the storage account name so it's unique i hope you enjoy my mix of powershell and azure cli why use one scripting language when you can use two run the variables to add them to memory highlight right click and select run line in terminal to run that block of code create the resource group with the azgroup crate command we'll run the line in the terminal now that we have the resource group we can create the storage account then we'll run the next line that creates a container in the storage account let's take a look at the storage account in the portal here we are in the resource group and we also have the new storage account and if we go to containers we have our tf state container and right now that's empty we're not done yet let's go back to vs code next we need to provide access to that back-end storage account we do this with the following commands the first command gets the storage account key for the account we just created the next command adds it to the arm access key or arm access key environmental variable terraform uses that to access the account let's highlight and run and now that key is part of the environmental variable there are a few options for managing this key it could be pasted right into the main.tf but it's a bad idea to store security items in plain text we could also leverage key vault for now we'll add it as an environmental variable to this machine keep in mind in a team setting each member of the team needs this key to access the storage account if you've created the storage account through the portal you can get the key from the storage account under security networking access keys now things will get really interesting we have the storage account set up let's add the back end configuration to our terraform main.tf file you can use any terraform deployment for this i'm using a simple resource group deployment because i was feeling lazy you can find this example on my github repo the link is below we'll go to the terraform section of the main.tf we'll add a new block in terraform called backend with the local name azure rm so this is under required providers next we'll supply some values including the resource group name the storage account name and the container name next we'll add the key this is not the storage account access key don't be confused by the name the key value is the name of the file in blob storage it can be any name like devterraform.tf state we'll call it terraform.tf state for this example we don't have to add the storage account key because that's set as an environmental variable save the file and let's open up the terminal and we'll run terraform in it we get a message that it successfully configured the back end and that will be used for the changes that's promising notice also there's no terraform.tf state file in the root of the directory let's run terraform plan next that all looks good before we move on let's take another look at the storage account in the portal here we are in the storage account let's go to containers go into tf state and there's our file terraform.tf state if we click on that we can get some information about the file notice the lease status is unlocked and the lease state is available now let's go back to vs code and run terraform apply well that's running let's go back to the terraform.tf state file in the storage account do a refresh and now the lease status shows locked and the state shows least this is one of the benefits of using a shared state file in a remote backend it prevents multiple actions that may conflict with each other from taking place at the same time and that applied successfully that's how we use a remote back end with an azure storage account i hope that helps you better understand what a remote state is why to use one and how to configure a backend with azure storage accounts please don't forget to like and subscribe and thanks for watching

Info

Channel: Travis Roberts

Views: 12,047

Rating: undefined out of 5

Keywords: Backend, shared state, remote backend, terraform backend state, terraform.tfstate Azure Storage State, Azure Storage, Modules, terraform modules, terraform variables, terraform var, Azure, Azure CLI, IaC Terraform, Terraform Registry, VSCode, Terraform for Azure, registry, .tf, HashiCorp, workflow, Terraform Resource, .terraform, Terraform Write, Terraform Plan, Terraform Apply, Terraform Destroy, main.tf, terraform tutorial, terraform training, Terraform Examples

Id: mpoTI660_Yg

Channel Id: undefined

Length: 8min 43sec (523 seconds)

Published: Sun Jan 09 2022