Store Terraform State Files in Azure Remote Backend

In this blog post, I will show how to store Terraform state files in a Microsoft storage account and use it as a remote backend.

About Remote Backend

If you have been using Terraform, you probably understand that your Terraform configuration is dependent on the state files once you run and apply the configuration. by default Terraform will use a local backend which will store the state file on the local hard drive. If you move to another machine, Terraform will not make changes on Azure or AWS to existing deployment without the state files.

For this reason, Terrafom allows us to use a remote backend that that allows us to retrive the state file of the deployment from any computer.

In my case, I will use Azure storage account to store my state files as you will see shortly.

I’m using Azure because there is no need to authenticate or use access key (password) to access the storage since I’m authenticating using az login before running the code which also authenticates to the storage account.

If you are not going to login to Azure or use Azure as your remote backend and deploy to AWS you will need to use an access key to authenticate to the storage account, read more here regarding this option.

Create a Storage Account

The first step in using Azure as your remote backend is to create a storage account if you are using RBAC to set up the permissions. Open Azure Storage Accounts and click on Create.

After creating the account, create a storage container by clicking on Containers from the Overview screen.

Name your container using a name that make sense to what it is going to be used.

Terraform Backend Configuration

The final step is to add the Backend configuration block to the top of the configuration file, as shown below. Fill in the following values, resource group name, storage account, storage container name and the name you would like to give the state file (key).

Save the file and deploy the configuration in my case, I am creating a storage account.

terraform {
  backend "azurerm" {
    resource_group_name  = "myrggroup"
    storage_account_name = "mystorageaccount"
    container_name       = "terraformbackend"
    key                  = "deploy.tfstate"
  }

  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = ">= 2.26"
    }
  }
}

provider "azurerm" {
  features {}
}

resource "azurerm_resource_group" "rg" {
  name     = "TRF1"
  location = "westus2"

  lifecycle {
    prevent_destroy = true
  }
}

After you run the code, you will see the state file in the sorage container as shown below.

By clicking submit, you agree to share your email address with the site owner and Mailchimp to receive marketing, updates, and other emails from the site owner. Use the unsubscribe link in those emails to opt out at any time.

Processing…
Success! You're on the list.

Posted

in

by

NTW – Content Network