DEV Community

Cover image for 🚀Terraform State File Management with AWS S3
Amit Kushwaha
Amit Kushwaha

Posted on

🚀Terraform State File Management with AWS S3

#30daysofawsterraformchallenges #cloud #devops #terraform

🧩 What Is the Terraform State File?

Whenever Terraform builds your AWS infrastructure, it needs a way to remember what it created.
That memory is stored in a file called:

terraform.tfstate
Enter fullscreen mode Exit fullscreen mode

This file tracks:

  • EC2 instances
  • S3 buckets
  • IAM roles
  • Databases
  • And their metadata

Terraform uses this file to compare:

  • Desired State (your .tf files)
  • Actual State (what exists in AWS)

❌ Why You Should NOT Store State Files Locally
🔐 1. Security Risk
State file contains sensitive info like:

  • AWS account IDs
  • Secrets
  • Passwords
  • ARNs

Keeping it on your laptop? Yeah… risky.
👥 2. Team Collaboration Issues

Local state = conflicts, overwrites, broken infra.
💥 3. Data Loss

If your laptop dies or state file is deleted, Terraform loses track of your cloud resources.

☁️ The Solution: Remote Backend Using AWS S3
A remote backend stores your state file in S3 instead of on your machine.

Benefits include:

✔ Secure, encrypted storage
✔ State locking
✔ Team collaboration
✔ Backups via S3 versioning
✔ Environment separation (dev, test, prod)

🛠️ How to Configure AWS S3 Remote Backend
Step 1: Create S3 Bucket (Outside Terraform)

Never create the state bucket using Terraform itself.

Enable:

  • Server-side encryption
  • Versioning
  • Block Public Access

Step 2: Add Backend Configuration

Create a backend.tf file:

# Configure the AWS Provider
terraform {
  required_providers {
    aws = {
      source = "hashicorp/aws"
      version = "~> 6.0"
    }
  }
}

provider "aws" {
  # Configuration options
    region = "us-east-1"
}

# backend configuration
terraform {
  backend "s3" {
    bucket         = "terraform-state-bucket-amit-123456789"
    key            = "dev/terraform.tfstate"
    region         = "us-east-1"
    use_lockfile  = "true"
    encrypt        = true
  }
}
Enter fullscreen mode Exit fullscreen mode

🔎 What Each Parameter Means:

  • bucket → name of your S3 bucket
  • key → S3 path to your tfstate file
  • region → bucket region
  • encrypt → server-side encryption
  • use_locking → avoids simultaneous terraform apply

Step 3: Initialize Backend
Run:

terraform init
Enter fullscreen mode Exit fullscreen mode


Terraform will migrate your local state into S3:

“Successfully configured the backend ‘s3’!”

This video from Piyush Sachdeva gives a clear and practical explanation of how Terraform manages its state file and why moving that state to an AWS S3 backend is important for real-world projects. He walks through the risks of keeping state locally, the benefits of using a remote backend, and the exact steps to set it up using S3.

🔗 Connect With Me

If you enjoyed this post or want to follow my #30DaysOfAWSTerraformChallenge journey, feel free to connect with me here:

💼 LinkedIn: Amit Kushwaha

🐙 GitHub: Amit Kushwaha

📝 Hashnode / Amit Kushwaha

🐦 Twitter/X: Amit Kushwaha

Top comments (0)