S A
Home » DevOps » Terraform: Using ‘state show’ command to show resource details

Terraform: Using ‘state show’ command to show resource details

Updated: February 3, 2024 By: Guest Contributor Post a comment
Table Of Contents
1 Introduction
2 What is Terraform State?
3 Basic Usage of state show
4 Adding Filters
5 Combining with Terraform Outputs
6 Advanced Usage: Interrogating Nested Structures
7 Working with Modules
8 Integration with State Backends
9 Automation and Scripts
10 Conclusion

Introduction

In the world of Infrastructure as Code (IaC), Terraform has emerged as a powerful tool, allowing users to define and provision infrastructure using a high-level configuration language. Managing and understanding the state of your infrastructure is critical for efficient operations and troubleshooting. One of Terraform’s valuable commands for achieving this insight is state show. This tutorial delves into using the state show command to explore resource details, with a progression from basic to advanced examples.

What is Terraform State?

Terraform state is a snapshot of your infrastructure at a particular point in time. It includes metadata and configuration details about each resource Terraform manages. Understanding the state is crucial for modifying and understanding your infrastructure.

Basic Usage of state show

To start with the state show command, you’ll need a basic Terraform configuration. Let’s suppose you have a Terraform-managed AWS S3 bucket.

resource "aws_s3_bucket" "my_bucket" {
  bucket = "my-example-bucket"
  acl    = "private"
}

After applying your configuration with terraform apply, you can view details of the S3 bucket using:

terraform state show aws_s3_bucket.my_bucket

This command produces detailed output, including the bucket’s ID, ARN, ACL, and more.

Adding Filters

As your infrastructure grows, you might want to filter the output of state show for specific data. This isn’t directly possible with state show alone, but you can combine it with tools like grep for simpler display:

terraform state show aws_s3_bucket.my_bucket | grep acl

This efficiently highlights the ACL setting of the bucket.

Combining with Terraform Outputs

Another effective way to extract specific information from your state file is through Terraform outputs. For instance, defining an output:

output "bucket_arn" {
  value = aws_s3_bucket.my_bucket.arn
}

And then applying the configuration. You can now use terraform output bucket_arn to get just the ARN of the bucket, tidily extracted from the state.

Advanced Usage: Interrogating Nested Structures

Resources like AWS security groups or VPCs can have nested structures, such as inline rules or associated resources. Getting to these details requires a nuanced understanding of the state output. Consider an AWS security group:

resource "aws_security_group" "my_sg" {
  name        = "my-security-group"
  description = "My security group"
  vpc_id      = "vpc-12345678"

  ingress {
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

To dive into its details using terraform state show aws_security_group.my_sg, you must carefully interpret the nested ingress and egress rules along with their attributes.

Working with Modules

When your infrastructure utilizes Terraform modules, accessing state info can get more involved. Assume you have a module:

module "aws_network" {
  source = "./network"
  ... // other parameters
}

To get details from an element within a module, the path used with state show needs to reflect the module hierarchy:

terraform state show 'module.aws_network.aws_security_group.my_sg'

Adopting the correct path is critical for accurate state interrogation.

Integration with State Backends

For teams, managing state files locally is seldom sustainable. Most projects benefit from using a remote state backend like AWS S3 with state locking via DynamoDB. Switching to a shared backend changes how you interact with your state file but not the syntax of the state show command. However, ensuring you’re authenticated and have access rights to the backend is essential before running state commands.

Automation and Scripts

For advanced users, integrating state show into scripts or CI/CD pipelines can automate infrastructure insights. Parsing the output with tools such as jq for JSON outputs (when using Terraform’s -json option) facilitates programmatically accessing specific data points.

Conclusion

Understanding the intricacies of the Terraform state and leveraging the state show command empowers developers and operators to efficiently manage and troubleshoot their infrastructure. This command, while simple in its essence, opens a window to deeply understand your Terraform-managed resources and their current state, supporting informed decision-making and effective infrastructure management.

Search tutorials, examples, and resources