- Add a DynamoDb table with the
lock_id
; it ensures that only 1 person could apply lock at a time. - Interpretation would be like as follows.
- If Done via AWS SERVICES we can use the =. CloudTrail
- The backend ios most popularly stored in the
AWS S3
, then there areHashicorp Consul
,Azure Blob Storage
andGoogle Cloud Storage
- When the files are kept in the backned then the Local State File can be deleted and it will be easier to maintain the versions.
- Improved Collabration among the Team Members.
- State Locking can be provided to prevent the Concurrent Operations.
- Enhanced Security by storeing the state data in the centrailized locations.
- Terraform provides the
state-locking
of remote backends such that only a user can initiate terraform operation at a time. S3
- It uses DynamoDB for state locking usingid
aslockid
- WE can use the external secret management tool like
Hashicorp Vault
for storing the API KEYS and Secrets. - OR can use the
ENV_VARIABLES
[but it will go as soom as sessions terminates].
What startegies can you employ for mamaging Terraform State across multiple environments like (Dev, Staging, Prod etc)?
- We can make use of the the
terraform workspace
to manage multiple environments with same statefile.
terraform workspace list
terraform workspaceselect production
terraform workspace show
terraform workspace delete test
- It is the process of identifying the desired state declared in terraform filesand actual state of deployed infrastructure.
- Drift in infra can be due to => someone manulaly chnaging he resources in the cloud providers console.
- It comapres {tf current state of Resources} Vs {state recorded in tf state files}
- Checkout the drift in Infrastructure using ==> {terraform plan}
- They are
resources which are destroyed & recreated with each "terraform apply"
terraform taint aws_resource.my_example
- YES; as TF is Cloud Agnoistic.
- File Provisioners, Dirname, abspath
- terraform init -upgrade
- USing the
depends_on
- It is used to provide the human readable O/P from a state or Plan File.
YOU have existing indfrastructure in the AWS not in the TF Code ? How to bring that Infra in the Terraform Control?
- If we just want the state you can either just import it using the
terraform import
- WE want the whole code to be made; either do it by yourself or make use of the OpenSource tool using
Terraformer
If N people are using the TF; How to prevent team to bring up the resources in AWS/GCP which are too expensive?
- Can be a way using the
Open policy Agent
- We can make the variable type as
sensitive
- Integrate it withe External Secret Provider like Vault.
- DataResources are usd to refer to resources taht already exist in the AWS eg.: AWS AMI
- They are sued to perform the isolation; here the seprate statefiles for each environment like
DEV, QA, Staging, Production
.
terraform workspace select <workspace_name>
-
- Environment variables
-
- terraform.tfvars
-
- *.auto.tfvars
-
- -var or --var file
-
Variable Types: String, Number, Boolean, Array, List, Map, Set, Object, tuples
- Use
target
flag in tf command; it will mark that resource and recreate. - OR WE can use the
terraform taint
but should be careful