Let's Terraform IT : Pt 2 -> Commands & State Files

In the part 1 we saw the building blocks of a tf file i.e providers and resources, in this blog, we are going to learn various commands which are a must for any terraform user.

We shall also discuss and learn about the various state file in terraform and their significance.

Apply, Create and Destroy

• Let's create a first_ec2.tf file which creates a simple ec2 instance.

provider "aws" {
  region     = "us-west-2"
  access_key = "your-access-key"
  secret_key = "your-secret-key"
}


resource "aws_instance" "myFirstEc2Instance" {
  ami           = "ami-0ca285d4c2cda3300"
  instance_type = "t2.micro"
}

terraform Plan

• Before any creation, it is a must and recommended practice to run the plan command. This command will tell us the changes terraform will do. Either it will create resources, modify or delete resources. In production env, it is highly recommended to make sure the changes terraform will make.

terraform plan

terraform apply

• By the name terraform apply will execute ( create, modify) resources based on the code you have written.
• terraform by nature is so smart and safe that it will again show us the plan and ask for a confirmation in the form of yes or no to execute.

terraform apply

terraform destroy

• Here comes the interesting command because this command has many caveats.
• in order to destroy the previous created instance all we need to run is terraform destroy

terraform destroy

The tricky part in destroying

• Let's add a bucket to the same file and run terraform apply

resource "aws_s3_bucket" "b" {
  bucket = "terraform-s3-blog-2022-bucket"

  tags = {
    Name        = "for blog"
    Environment = "Dev"
  }
}

resource "aws_s3_bucket_acl" "example" {
  bucket = aws_s3_bucket.b.id
  acl    = "private"
}

• Now what if we want to just delete ec2 instance and not our s3 bucket. For this we cannot use terraform destroy as it will delete all the resources.

• For this, we need to use the-target flag along with resource.local_resource_name along with destroy command to delete a selective resource.
  

terraform destroy -target aws_instance.myFirstEc2Instance

Note:- if you run terraform plan it will again add ec2 instance because in the code it is still there.

• Another way to delete selective resources would be to comment out the code of the resource which terraform should ignore.

Terraform state file ( terraform.tfstate )

• An interesting observation comes when we selectively destroy the ec2 command and if we run terraform plan, terraform tries to add back our ec2 instance.
• It is because terraform maintains a state of resources in a file called as terraform.tfstate.

• When terraform detects there is no state for the ec2 instance it tries to create the resource and update the state file.

• when you run terraform destroy information in terraform.tfstate file is deleted.

Note:- Terraform state file contains not just terraform related information but other information in the environment which are present like ec2 IP address or security group.

It is highly recommended to not edit (manually) or change terraform.tfstate or its backup file.

From DevOps perspective

• There are many times when we need to selectively destroy resources rather than destroy all resources. -target flag is our friend in that case.
• understanding how terraform state maintains the state helps us to know how states of infrastructure are handled.