AWS Buckets Managed By Terraform

Terraform code that creates and maintains infrastructure for stores, using Amazon Simple Storage Service (Amazon S3) which is an object storage service provided by AWS in multiple geographical regions.


State File

When using Terraform it needs to keep track of the infrastructure it's creating. It does this by means of a statefile. This file is just a simple JSON file (though its extension is terraform.tfstate) that defines the infrastructure that has been created by Terraform and any proposed changes. By default, this file is stored on the local machine where terraform commands are run and should be checked into git or any other source code management system used. More of the purpose of the state file can be explained here. Terraform compares your configuration with the state file and your existing infrastructure to create plans and make changes to your infrastructure. When you run terraform apply or terraform destroy against your initialized configuration, Terraform writes metadata about your configuration to the state file and updates your infrastructure resources accordingly.


Terraform Backends Keep State File Secure

If the state file is deleted terraform will lose track of the infrastructure it has created, so it is important to keep state file in safe place where it wont be deleted, like Terraform backends. Also since it is just a simple file, it can actually be edited by anyone that has access to it and this might cause unwanted behaviors in the state of your infrastructure. This is not ideal for collaboration as git conflicts may arise if multiple developers are modifying their own local copy of the file. Terraform introduce multiple online storage locations for this file called backends, and AWS S3 can be used as a backend to safely store your state file.

Sensitive Data in State File

The state file can handle sensitive data, if creating IAM_USER with access and secret key this will be stored in plain text in the state file. So recommend keeping state file secure.