Hashicorp Terraform Remote State and Azure

0
votes

I realize that Terraform supports Azure, and I've actually been able to get Terraform working with Azure by doing the following:

  • Create a storage account
  • Create a blob container
  • Plugged in access key
  • Created a file titled backend.tfvars with resource_group_name, storage_account_name, container_name, access_key, key values.
  • Added following to main.tf:

Main.tf

terraform {  
  backend "azurerm" {  
     }  
}
  • I ran terraform init -backend-config="backend.tfvars"

When I look in the blob container, I see the myapp.tfstate file, which means that I've been successful, right?

What exactly does this allow me? I understand that my state file is now saved in Azure, but... how does that help me? I've looked around for documentation explaining this, but for some reason haven't been able to find anything.

2
terraformterraform-provider-azure

2 Answers

0
votes

Charles is right about nothing store "just" being in another place, but he is wrong there is no difference. There is a difference. Main difference is if you have a team of people working with TF.

You see, state is not only used to store state, but to signal that currently there is an operation going on. Called locking. With centralized storage none of your teammates can accidentally try and change resources when somebody else is doing that already.

0
votes

Actually, store the Terraform in Azure Storage Account, I think it's no different with local, just replaced the place. But according to the description in the document:

By default, data stored in an Azure Blob is encrypted before being persisted to the storage infrastructure. When Terraform needs state, it is retrieved from the backend and stored in memory on your development system. In this configuration, the state is secured in Azure Storage and not written to your local disk.

It seems that there is still a little effect on the security of the data.