Sign Up to Build

About this Architecture

Here is some information about this architecture.

How to Build This Solution

Here are the steps you can follow to build this solution on your own.

When you use Terraform, it stores information about your remote infrastructure resources in a local state file. This is a JSON formatted file named terraform.tfstate. By default, this file is stored locally in your project’s root directory. However, it can also be stored remotely for safety and collaboration purposes.

So, what’s the state file used for?

The state file maintains an exact replication of the infrastructure that it deployed for you, on a per projec basis. The state file is essentially bindings of the remote infrastructure resources, and whats in your local configuration files.

If you define an EC2 instance in a configuration file and deploy it to AWS, there is a record in the state file. When you want to make changes to the EC2 instance, Terraform will compare whats in the state file to the changes to come up with a change plan.

Why is the state file needed?

Let’s say that you use Terraform to deploy an EC2 instance. Later, you wan to change the subnet that the instance is in. Terraform uses the state file to keep track of the state of the instance e.g. what subnet its in, and then to develop a change plan. For subnet changes, it knows that it must destroy the instance and then recreate it. The state file helps Terraform make these change plans.

Terraform state is a very important concept to understand. This lesson we’ll touch on it briefly. However, the CLI Advanced Concepts covers it in more depth.

Lab Time!

Let’s roll up our sleeves and get some experience with state.

Get Your AWS Credentials

If you're using the Skillmix Labs feature, open the lab settings (the beaker icon) on the right side of the code editor. Then, click the Start Lab button to start hte lab environment.

Wait for the credentials to load. Then run this in the terminal.

Be sure to enter in your own access key and secret key and name your profile 'smx-lab'.

$ aws configure --profile smx-lab
AWS Access Key ID [None]: 
AWS Secret Access Key [None]: 
Default region name [None]: us-west-2
Default output format [None]: 

Note: If you're using your own AWS account you'll need to ensure that you've created and configured a named AWS CLI profile named smx-lab.

Create a Project &

The focus of this lab is to give you some experience exploring Terraform state. Create a directory and file, and add the configuration included.

$ mkdir state-lab
$ cd state-lab
$ touch

Then, add this configuration to the file.

terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 3.42"
  required_version = ">= 0.15.3"

provider "aws" {
  profile = "skillmix-lab"
  region  = "us-west-2"

data "aws_ami" "ubuntu" {
  most_recent = true

  filter {
    name   = "name"
    values = ["ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*"]

  filter {
    name   = "virtualization-type"
    values = ["hvm"]
  owners = ["099720109477"] # Canonical

data "aws_vpc" "lab_vpc" {
  filter {
    name = "tag:Name"
    values = ["Skillmix Lab"]

data "aws_subnet" "lab_subnet" {
  filter {
    name = "tag:Name"
    values = ["Skillmix Lab Public Subnet (AZ1)"]

resource "aws_security_group" "web_instance_sg" {
  name        = "web-server-security-group"
  description = "Allowing requests to the web servers"
  vpc_id =

  tags = {
    Name = "web-server-security-group"

resource "aws_launch_template" "web_launch_template" {
  name          = "web-launch-template"
  image_id      =
  instance_type = "t2.micro"
  vpc_security_group_ids = []

resource "aws_autoscaling_group" "asg" {
  vpc_zone_identifier = []
  desired_capacity   = 1
  max_size           = 1
  min_size           = 1

  launch_template {
    id      =
    version = "$Latest"

Deploy the Configuration

Next, run through the commands to deploy this configuration.

$ terraform init


$ terraform plan


$ terraform apply


Inspect State

Great, now that we have a configuration deployed, you should have a local terraform.tfstate file. You can open this file with a text editor to explore it’s contents. Just read it; don’t change anything.

Warning: Terraform strongly warns against editing this file directly. Instead, use the Terraform CLI .

At your terminal, enter the following commands.

$ terraform show

...output (too big to show here)

$ terraform state list


$ terraform state show 'aws_security_group.web_instance_sg'

# aws_security_group.web_instance_sg:
resource "aws_security_group" "web_instance_sg" {
    arn                    = "arn:aws:ec2:us-west-2:544619091154:security-group/sg-0879340bb6c9508f7"
    description            = "Allowing requests to the web servers"
    egress                 = []
    id                     = "sg-0879340bb6c9508f7"
    ingress                = []
    name                   = "web-server-security-group"
    owner_id               = "544619091154"
    revoke_rules_on_delete = false
    tags                   = {
        "Name" = "web-server-security-group"
    tags_all               = {
        "Name" = "web-server-security-group"
    vpc_id                 = "vpc-06567f645c62b0c95"

That’s all for now! We will go over Terraform state in depth in the next module.