I was using AWS before I join the current company, but I don't even know terraform before I interview with the current company. I got hit by Terraform at first, it's really hard to deal with states.
plancommand to collaborate
When you work with your colleagues with same terraform project, sometimes they maybe need to apply some changes that haven't merged yet for testing, when you run the plan command, you will find that terraform want to destroy his resources. You can wait until his changes have merged. But actually, you can use the
-target to limit your resources for the plan command. So, you can run the plan command happily without destroying other people's works.
If you need to work on the same project with your colleagues, you need to set up a remote state. We use
s3 as our state backend, it will use s3 bucket to store the state file, and a DynamoDB table to store the lock. If you encounter some problems, you maybe need to check these resources manually to confirm it's all working properly.
state rmcommand to put resources outside terraform
You know, the state file includes the states terraform known about your resources, but what will happen if you delete some resources through other tools (e.g., make changes through AWS console)? Terraform didn't know those changes. We can use
state rm command to tell terraform not to manage these states in the feature. Beware that, the
destroy command will remove remote resources, and the
state rm will only remove from the state, if you haven't removed the remote resources through other tools, the resources will still there.
importcommand to import resources inside terraform
Sometimes, it's easy to create some resources through web UI. With
import command, we can create resources through the web UI, and then import them to terraform state.
If you have use providers in your module when you delete that module, terraform will report an error, that it can't find providers. It's annoying when you use modules in modules. You can simply create some fake module, these modules only have the same names as the original modules, but didn't have any resources. After apply, you can safely remove these fake modules.
consoleto test terraform expressions
HCL for terraform was not a programming language, but we can't stop to do programming in terraform. When we write some expressions, we need to test it. I suggest creating a temporary project to test it. Think about that you have a big project with 20+ resources, you need to refresh the states every time you want to run terraform plan.
Simply put the expressions in a
locals block, and output the results in
output blocks, you will see the terraform plan command run very fast.