Back to module
Hands-on Lab

#Lab: Terraform Remote State

Manage Terraform state in a team environment.

#๐ŸŽฏ Objectives

  • Configure remote state backend
  • Implement state locking
  • Use workspaces for environments

#๐Ÿ“‹ Prerequisites

  • Terraform installed
  • AWS credentials (for S3 backend)

#โฑ๏ธ Duration: 30 minutes

#Task 1: Create Backend Resources (10 min)

First, create the S3 bucket and DynamoDB table for state:

hcl
1# backend-setup/main.tf
2provider "aws" {
3  region = "us-east-1"
4}
5
6resource "aws_s3_bucket" "terraform_state" {
7  bucket = "my-terraform-state-${random_id.suffix.hex}"
8}
9
10resource "random_id" "suffix" {
11  byte_length = 4
12}
13
14resource "aws_s3_bucket_versioning" "enabled" {
15  bucket = aws_s3_bucket.terraform_state.id
16  versioning_configuration {
17    status = "Enabled"
18  }
19}
20
21resource "aws_s3_bucket_server_side_encryption_configuration" "default" {
22  bucket = aws_s3_bucket.terraform_state.id
23  rule {
24    apply_server_side_encryption_by_default {
25      sse_algorithm = "AES256"
26    }
27  }
28}
29
30resource "aws_dynamodb_table" "terraform_locks" {
31  name         = "terraform-locks"
32  billing_mode = "PAY_PER_REQUEST"
33  hash_key     = "LockID"
34
35  attribute {
36    name = "LockID"
37    type = "S"
38  }
39}
40
41output "s3_bucket_name" {
42  value = aws_s3_bucket.terraform_state.id
43}

#Task 2: Configure Remote Backend (10 min)

hcl
1# main.tf
2terraform {
3  backend "s3" {
4    bucket         = "my-terraform-state-abc123"  # Use your bucket
5    key            = "prod/terraform.tfstate"
6    region         = "us-east-1"
7    dynamodb_table = "terraform-locks"
8    encrypt        = true
9  }
10
11  required_providers {
12    aws = {
13      source  = "hashicorp/aws"
14      version = "~> 5.0"
15    }
16  }
17}
18
19provider "aws" {
20  region = "us-east-1"
21}
22
23resource "aws_instance" "example" {
24  ami           = "ami-0c55b159cbfafe1f0"
25  instance_type = "t2.micro"
26}

#Initialize and Migrate

bash
1# Initialize with new backend
2terraform init
3
4# If migrating from local state
5terraform init -migrate-state

#Task 3: Workspaces (10 min)

bash
1# List workspaces
2terraform workspace list
3
4# Create new workspace
5terraform workspace new dev
6terraform workspace new staging
7terraform workspace new prod
8
9# Switch workspace
10terraform workspace select dev
11
12# Show current workspace
13terraform workspace show

#Use Workspace in Configuration

hcl
1locals {
2  environment = terraform.workspace
3  
4  instance_types = {
5    dev     = "t3.micro"
6    staging = "t3.small"
7    prod    = "t3.medium"
8  }
9}
10
11resource "aws_instance" "example" {
12  ami           = "ami-0c55b159cbfafe1f0"
13  instance_type = local.instance_types[local.environment]
14
15  tags = {
16    Environment = local.environment
17  }
18}

#โœ… Success Criteria

  • S3 backend configured
  • State locking with DynamoDB
  • Multiple workspaces created
  • Workspace-aware configuration

#๐Ÿงน Cleanup

bash
terraform workspace select default
terraform workspace delete dev staging prod
terraform destroy