Terraform 6 of 10: Terraform State using AWS Cloud9


This tutorial deals with Terraform State. AWS Cloud9 is the environment.

1 of 10. Open the Terraform documentation for "random_password"

Terraform Registry > Providers > Utility > Random > Documentation > Resources > random_password

random_password (Resource)

2 of 10. Open your AWS Cloud9 environment

Creating An Integrated Developer Environment (IDE) in the Cloud in Two Minutes!: AWS Cloud9(Step-by-Step)

3 of 10. Run "terraform init"

Per the documentation, "A backend defines where Terraform stores its state data files."

Backend Configuration

terraform init

4 of 10. Update "resources.tf"

Remove existing content, and make it look like the below. It should be a random password generator. Then, we want to "terraform init", "terraform plan" and "terraform apply". Pause a moment before hitting "yes", and you will notice that a lock.info file is created.

resource "random_password" "password" { length = 16 special = true } terraform init terraform plan terraform apply

5 of 10. "terraform show" and "terraform show -json"

Because the random_password is a sensitive value, you won't see it in the "terraform show" output, but you can find it in the "terraform show -json" output. This is expected behavior, per the documentation for the "terraform show" command. Note that the "show" command is simply showing human readabout output from a file. If a file isn't specified, then it assumes the "state" file by default. You may want to secure your state file, now that you know your secrets are stored in plain text in the state file. Recommendation is a remote state file.

Command: show

terraform show terraform show -json

6 of 10. Update "outputs.tf" to try to view the password output value.

Terraform should encounter an error.

output "password" { value = random_password.password.result } terraform apply

7 of 10. Update "outputs.tf" per the advice of the error message, and try again.

Terraform should display that it is a sensitive value.

output "password" { value = random_password.password.result sensitive = true } terraform apply

8 of 10. Update "resources.tf" to create a shorter password.

This should force "re-creation" of the password.

resource "random_password" "password" { length = 8 special = true } terraform apply

9 of 10. View the terraform.tftstate and the terraform.tfstate.backup, comparing the two files.

You should see the prior version of the password in the backup file.

10 of 10. Cleanup

Destroy the resource you created.

terraform destroy


random_password (Resource)

Creating An Integrated Developer Environment (IDE) in the Cloud in Two Minutes!: AWS Cloud9(Step-by-Step)


Backend Configuration

Command: init

Command: show


Popular posts from this blog

Containing the Chaos! | A Three-Part Series Demonstrating the Usefulness of Containerization to HumanGov

Ansible is the Answer! | A Three-Part Series Demonstrating the Usefulness of Ansible to HumanGov