Terraform State: Behind the Scenes of Plan and Apply

Introduction:

When working with Terraform, understanding what happens during the execution of terraform plan and terraform apply is crucial. In this blog, we will walk through a common scenario where the region in the configuration file is changed, and explain how Terraform handles the state file and interacts with the cloud provider (AWS in this case). Also how ‘refresh’ plays a big role in this process.

Explanation with example:

Let’s dive deep into it it, first we create an EC2 instance in ‘us-west-2’ region with the help of Terraform configuration file.

provider "aws" {
  region     = "us-west-2"
  access_key = "AKIAQ******R3O4SH"
  secret_key = "aRsZ2dhL+U*********s6bHZ4V0Y0FnN"
}


resource "aws_instance" "my-blog-instance" {
  ami = "ami-0b6d6dacf350ebc82"
  instance_type = "t2.micro"
  tags = {
    Name = "blog-instance"
  }
}

After we run terraform commands(terraform init, terraform plan, terraform apply), EC2 instance will be created in our AWS infrastructure.

State file called “ {} terraform.tfstate “ will also be created automatically by Terraform in the same folder where our Terraform file is, based on our created EC2 instance. This state file contains AMI Id, Instance Type, Name, Region etc. Therefore, it is important to store State file in a secured place, as it contains sensitive information.

State File:

The state file is an exact representation of the current infrastructure as managed by Terraform. It stores details about all the resources, their configurations, and their current state, helping Terraform understand what's already deployed and what changes are needed.

Here is our State file:

Now, interesting part comes into picture. Follow the steps:

1. Configuration file region change

Now, we want to change Region from us-west-2 to us-east-1 in our Terraform configuration file. Also, we need to change the AMI Id as per the region. Here is the updated code:

provider "aws" {
  region     = "us-east-1"
  access_key = "AKIAQ******WR3O4SH"
  secret_key = "aRsZ2dhL************pXs6bHZ4V0Y0FnN"
}


resource "aws_instance" "my-blog-instance" {
  ami = "ami-08b5b3a93ed654d19"
  instance_type = "t2.micro"
  subnet_id = "subnet-08166d25f26b02879"
  tags = {
    Name = "blog-instance"
  }
}

Now interesting part comes into picture.

2. Terraform init

We should run terraform init command again, when we change the region in our Terraform configuration file. It ensures that the Terraform is properly configured to interact with the AWS provider in the new region. It reinitializes your working directory, updates any required provider plugins, and sets the proper connection settings for the new region.

Without running terraform init, Terraform may continue using the previous region or fail to interact with AWS properly.

3. Terraform plan - what happens exactly

Next, when we run terraform plan, Terraform reads the updated configuration file(.tf file) to check the desired state, including the region change to us-east-1.

i) Terraform compares configuration file and state file

Terraform re-reads our Terraform configuration file and compares the “ desired state in .tf file ” with the ‘ current state ‘ stored in the Terraform state file”.

In our case, Terraform notices that the configuration has changed region from us-west-2 to us-east-1 and our state file still contains old region information (details of us-west-2 EC2instance).

ii)Terraform refreshes the state

Before planning any changes, Terraform first refreshes the state. It checks the current state of the infrastructure to ensure that it has the latest information about resources. This helps Terraform to be aware of any changes made outside of the Terraform configuration, like manual updates or changes in the AWS environment.

a) How Terraform connects to AWS

Since there is no information in the state file about an instance in us-east-1, Terraform directly makes API calls to AWS to check for any existing resources in that region.

If we change something minor, like the instance name (while keeping the same region), Terraform first checks the state file to compare the existing resource details. It then makes API calls only if necessary to verify or update the infrastructure.

b) Temporary storage in Memory (RAM)

Terraform temporarily stores the updated infrastructure details in memory, not in a state file. This temporary storage is what Terraform uses to compare the current state (the current infrastructure) with the desired state (the configuration in your Terraform files).

iii) Plan Calculation

Terraform then compares the actual state (from the refresh) with the desired state (from your configuration files), and it calculates the changes required to match our infrastructure with the configuration in your Terraform files. This calculation is done in memory, and the output shows us the differences.

Here, as there is no instance exists in us-east-1, it is showing to add 1 resource in the output.

The output generally includes:

• Resources to be added

• Resources to be modified

• Resources to be deleted

4. Review the proposed changes and Confirm to Apply

Now, we have to review the output carefully provided by terraform, when we execute terraform plan.

We have to run the terraform apply command after confirming the changes we want to apply to our infrastructure.

This will provide us prompt to confirm this. Type “yes” if we want to move further. We can also use terraform apply -auto-approve command instead of terraform apply to approve automatically, without any prompt.

i) Apply the execution plan

Once confirmed, Terraform proceeds with applying the execution plan. It uses the Terraform configuration file to communicate with the cloud provider (AWS, in our case) and makes the necessary API calls to create EC2 instance in “ us-east-1 “ as specified in the plan.

ii) Terraform updates the state file

After applying changes in our AWS infrastructure (i.e; after creation of EC2 instance), Terraform updates the state file to reflect the current state of our infrastructure. Don’t delete the state file, as it would be big mess to find out the resources in our infrastructure, especially if we have many resources.

The priority always will be given to desired state(in configuration file), terraform plan and terraform apply always helps us to change our infrastructure according to the desired state.

These are the detailed steps behind what happens exactly when we run terraform plan and terraform apply commands. And the process is repetitive when we make changes to our infrastructure.

conclusion:

Understanding how the Terraform state file updates is crucial. Without a proper understanding, there is a risk of losing important details in the state file, which can lead to infrastructure issues. Proper management of the state file ensures consistency and prevents unexpected changes.

Thanks note:

Thank you for visiting my blog! I hope you found the steps helpful. If you enjoyed this post, feel free to follow me for more interesting and useful information. All my blogs will be in simple, general English, making it easy to understand. Stay tuned for more updates!