Chapter 22 - Terraform State Commands
Learn about your state commands: show, list etc.
Terraform Commands
In addition to the known commands, init, validate, plan, apply, destroy, there are other commands that we can use.
terraform plan -out tf.plan
Running this will save the plan to a file so that you can run a terraform apply tf.plan on the file.
terraform apply tf.plan
This will not create a plan before executing the apply.
If you then run a terraform show, you will get a Saved Plan is Stale message:
terraform show
Shows the tfplan or shows the existing state in a readable format.
terraform show tf.plan:
terraform show -json tf.plan:
Exporting to JSON lets you manipulate it via any JSON commands.
Running terraform show on a non Terraform folder will give you a no state message.
terraform state
terraform state list
Lists the resources in the terraform state.
This will show the data sources as well as the resources.
terraform state show
You can run a terraform state show azurerm_resource_group.myrg to get details about the resource's state.
Using the terraform state list and terraform state show commands together will help you navigate the state without needing to open and read the state file.
terraform state mv
Dangerous command if you don't understand what it is doing. Use in production environment only when tested in lower environments.
terraform state mv --dry-run oldresource newresource will move the resource in the state file to the new resource. If you run a terraform plan without changing any terraform code, you will get a -/+ 1 resource, meaning it will destroy the resource in the state file and rebuild the old resource.
This is helpful if you are trying to move resources in or out of modules.
Note: The wrong way to use this is to run the terraform plan and terraform apply directly after moving the resource. You need to update you .tf file at the resource first.
Once you change the .tf, you can run the terraform apply -refresh-only or terraform plan and you will get No changes.
terraform rm
Removes the resource from the Terraform State file. This is helpful when you want to manage your resource within the cloud and not within Terraform. You need to be careful with this, as creating new resources will overlap with the resources that exist in the cloud. "Cannot create with same name" errors.
terraform state replace-provider
This allows you to replace your entire provider with another provider. This is a very unused command, but may be noted if you want to use a fork of an existing provider. Sometimes, it may be advantageous to host a fork of a cloud provider in your own source control.
terraform pull/push
This can be used if you want to update the state file on your remote backend. You can pull the state down, update it, then push it. It's not recommended to manually edit the state file, but if you needed to do this for whatever reason, you could do this within the confines of Terraform.
Terraform state push allows you to move your local state file to remote state.
terraform force-unlock
This is a terraform disaster recovery event. You will use this if you somehow lock the backend or the backend gets corrupted during one of the actions.
terraform taint
This command with cause a resource to be recreated.
terraform untaint
Use this one when you accidentally taint a resource before you run a new terraform plan and apply
terraform apply -target
This is used when you only want to make changes to one or more resources without making changes to the rest. This is useful when you add a bunch of resources and want to test creating one before you create the rest.
