Thursday, March 3, 2022

How to store Terraform state file in Azure Storage | How to manage Terraform state in Azure Blob Storage | Terraform Remote state in Azure Blob storage | Terraform backend

One of the amazing features of Terraform is, it tracks the infrastructure that you provision. It does this through the means of state. By default, Terraform stores state information locally in a file named terraform.tfstate. This does not work well in a team environment where if any developer wants to make a change he needs to make sure nobody else is updating terraform in the same time. You need to use remote storage to store state file.

With remote state, Terraform writes the state data to a remote data store, which can then be shared between all members of a team. Terraform supports storing state in many ways including the below:

  • Terraform Cloud
  • HashiCorp Consul
  • Amazon S3
  • Azure Blob Storage
  • Google Cloud Storage
  • Alibaba Cloud OSS
  • Artifactory or Nexus 

We will learn how to store state file in Azure Blob storage. We will be creating Azure storage account and container.

Watch the steps in YouTube channel:



Logging into the Azure Cloud

Login into the Azure Cloud using Azure CLI using:

az login

enter your microsoft username and password to login to Azure cloud


terraform { required_providers { azurerm = { source = "hashicorp/azurerm" version = "=2.63.0" } } } provider "azurerm" { features {} } resource "azurerm_resource_group" "demo-rg" { name = "demo-resource-group" location = "eastus" }

terraform init 
terraform plan 
this will show it will create one resource

terraform apply 
Now this will create a local terraform state file in your machine.

How to store Terraform state file remotely?

Step # 1 - Configure Azure storage account

Before you use Azure Storage as a backend, you must create a storage account. We will create using shell script:

# Create resource group
az group create --name $RESOURCE_GROUP_NAME --location eastus
# Create storage account
az storage account create --resource-group $RESOURCE_GROUP_NAME --name $STORAGE_ACCOUNT_NAME --sku Standard_LRS --encryption-services blob
# Create blob container
az storage container create --name $CONTAINER_NAME --account-name $STORAGE_ACCOUNT_NAME

This should have created resource group, storage account and container in Azure portal.

Step # 2 - Configure terraform backend state 

To configure the backend state, you need the following Azure storage information which we created above:

    • resource_group_name: name of the resource group under which all resources will be created.
    • storage_account_name: The name of the Azure Storage account.
    • container_name: The name of the blob container.
    • key: The name of the state store file to be created.
    Create file
    We need to create a backend file.

    terraform {
    backend "azurerm" {
    resource_group_name = "tfstate"
    storage_account_name = "<storage_acct_name>"
    container_name = "tfstate"
    key = "terraform.tfstate"

    terraform init --reconfigure

    type yes

    This should have created backend file called terraform.tfstate in a container inside azure storage.

    You can view remote state file info:

    This is how you can store terraform state information remotely in Azure storage. 

    Now let's make changes to to create more resources


    resource "azurerm_container_registry" "acr" {
      name                = "myacr563123"
      resource_group_name =
      location            = azurerm_resource_group.demo-rg.location
      sku                 = "Standard"
      admin_enabled       = false

    terraform plan

    terraform apply --auto-approve

    This will update terraform state file remotely in azure blob container.

    No comments:

    Post a Comment

    How to create Pull Request (PR) templates in Github repository | Creating a pull request template for your GitHub repository

    Creating pull request (PR) templates in GitHub can help streamline the process of submitting PRs by providing a predefined structure. Thi...