Here is some information about this architecture.
Here are the steps you can follow to build this solution on your own.
When you use Terraform, it stores information about your remote infrastructure resources in a local state file. This is a JSON formatted file named terraform.tfstate. By default, this file is stored locally in your project’s root directory. However, it can also be stored remotely for safety and collaboration purposes.
So, what’s the state file used for?
The state file maintains an exact replication of the infrastructure that it deployed for you, on a per projec basis. The state file is essentially bindings of the remote infrastructure resources, and whats in your local configuration files.
If you define an EC2 instance in a configuration file and deploy it to AWS, there is a record in the state file. When you want to make changes to the EC2 instance, Terraform will compare whats in the state file to the changes to come up with a change plan.
Why is the state file needed?
Let’s say that you use Terraform to deploy an EC2 instance. Later, you wan to change the subnet that the instance is in. Terraform uses the state file to keep track of the state of the instance e.g. what subnet its in, and then to develop a change plan. For subnet changes, it knows that it must destroy the instance and then recreate it. The state file helps Terraform make these change plans.
Terraform state is a very important concept to understand. This lesson we’ll touch on it briefly. However, the CLI Advanced Concepts covers it in more depth.
Let’s roll up our sleeves and get some experience with state.
If you're using the Skillmix Labs feature, open the lab settings (the beaker icon) on the right side of the code editor. Then, click the Start Lab button to start hte lab environment.
Wait for the credentials to load. Then run this in the terminal.
Be sure to enter in your own access key and secret key and name your profile 'smx-lab'.
$ aws configure --profile smx-lab
AWS Access Key ID [None]:
AWS Secret Access Key [None]:
Default region name [None]: us-west-2
Default output format [None]: Note: If you're using your own AWS account you'll need to ensure that you've created and configured a named AWS CLI profile named smx-lab.
main.tfThe focus of this lab is to give you some experience exploring Terraform state. Create a directory and main.tf file, and add the configuration included.
$ mkdir state-lab
$ cd state-lab
$ touch main.tf
Then, add this configuration to the main.tf file.
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 3.42"
}
}
required_version = ">= 0.15.3"
}
provider "aws" {
profile = "skillmix-lab"
region = "us-west-2"
}
data "aws_ami" "ubuntu" {
most_recent = true
filter {
name = "name"
values = ["ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*"]
}
filter {
name = "virtualization-type"
values = ["hvm"]
}
owners = ["099720109477"] # Canonical
}
data "aws_vpc" "lab_vpc" {
filter {
name = "tag:Name"
values = ["Skillmix Lab"]
}
}
data "aws_subnet" "lab_subnet" {
filter {
name = "tag:Name"
values = ["Skillmix Lab Public Subnet (AZ1)"]
}
}
resource "aws_security_group" "web_instance_sg" {
name = "web-server-security-group"
description = "Allowing requests to the web servers"
vpc_id = data.aws_vpc.lab_vpc.id
tags = {
Name = "web-server-security-group"
}
}
resource "aws_launch_template" "web_launch_template" {
name = "web-launch-template"
image_id = data.aws_ami.ubuntu.id
instance_type = "t2.micro"
vpc_security_group_ids = [aws_security_group.web_instance_sg.id]
}
resource "aws_autoscaling_group" "asg" {
vpc_zone_identifier = [data.aws_subnet.lab_subnet.id]
desired_capacity = 1
max_size = 1
min_size = 1
launch_template {
id = aws_launch_template.web_launch_template.id
version = "$Latest"
}
}
Next, run through the commands to deploy this configuration.
$ terraform init
...output
$ terraform plan
...output
$ terraform apply
...output
Great, now that we have a configuration deployed, you should have a local terraform.tfstate file. You can open this file with a text editor to explore it’s contents. Just read it; don’t change anything.
Warning: Terraform strongly warns against editing this file directly. Instead, use the Terraform CLI .
At your terminal, enter the following commands.
$ terraform show
...output (too big to show here)
$ terraform state list
data.aws_ami.ubuntu
data.aws_subnet.lab_subnet
data.aws_vpc.lab_vpc
aws_autoscaling_group.asg
aws_launch_template.web_launch_template
aws_security_group.web_instance_sg
$ terraform state show 'aws_security_group.web_instance_sg'
# aws_security_group.web_instance_sg:
resource "aws_security_group" "web_instance_sg" {
arn = "arn:aws:ec2:us-west-2:544619091154:security-group/sg-0879340bb6c9508f7"
description = "Allowing requests to the web servers"
egress = []
id = "sg-0879340bb6c9508f7"
ingress = []
name = "web-server-security-group"
owner_id = "544619091154"
revoke_rules_on_delete = false
tags = {
"Name" = "web-server-security-group"
}
tags_all = {
"Name" = "web-server-security-group"
}
vpc_id = "vpc-06567f645c62b0c95"
}
That’s all for now! We will go over Terraform state in depth in the next module.