terraform-state
$
npx mdskill add TheBushidoCollective/han/terraform-stateManages Terraform state files, remote backends, and state locking for infrastructure coordination.
- Helps with tracking resource mappings and metadata in infrastructure deployments.
- Integrates with services like AWS S3 for remote state storage and DynamoDB for locking.
- Recommends actions based on Terraform commands for state manipulation and backend configuration.
- Presents results through command-line outputs and configuration examples in HCL or bash.
SKILL.md
.github/skills/terraform-stateView on GitHub ↗
---
name: terraform-state
user-invocable: false
description: Use when managing Terraform state files, remote backends, and state locking for infrastructure coordination.
allowed-tools: []
---
# Terraform State
Managing Terraform state files and remote backends.
## State Basics
Terraform state tracks resource mappings and metadata.
### Local State
```bash
# Default location
terraform.tfstate
terraform.tfstate.backup
```
### Remote State
```hcl
terraform {
backend "s3" {
bucket = "my-terraform-state"
key = "prod/terraform.tfstate"
region = "us-east-1"
encrypt = true
dynamodb_table = "terraform-locks"
}
}
```
## State Commands
```bash
# List resources
terraform state list
# Show resource
terraform state show aws_instance.web
# Move resource
terraform state mv aws_instance.web aws_instance.app
# Remove resource
terraform state rm aws_instance.old
# Pull state
terraform state pull > terraform.tfstate
# Push state
terraform state push terraform.tfstate
# Replace provider
terraform state replace-provider hashicorp/aws registry.terraform.io/hashicorp/aws
```
## Remote Backends
### S3 Backend
```hcl
terraform {
backend "s3" {
bucket = "terraform-state-bucket"
key = "path/to/terraform.tfstate"
region = "us-east-1"
encrypt = true
dynamodb_table = "terraform-state-lock"
# Optional: state locking
kms_key_id = "arn:aws:kms:us-east-1:123456789:key/..."
}
}
```
### Terraform Cloud
```hcl
terraform {
cloud {
organization = "my-org"
workspaces {
name = "my-workspace"
}
}
}
```
### Azure Backend
```hcl
terraform {
backend "azurerm" {
resource_group_name = "terraform-rg"
storage_account_name = "tfstate"
container_name = "tfstate"
key = "prod.terraform.tfstate"
}
}
```
## State Locking
Prevents concurrent modifications:
```hcl
# S3 + DynamoDB locking
terraform {
backend "s3" {
bucket = "my-terraform-state"
key = "terraform.tfstate"
region = "us-east-1"
dynamodb_table = "terraform-locks"
}
}
```
## Import Resources
```bash
# Import existing resource
terraform import aws_instance.web i-1234567890abcdef0
# Import with module
terraform import module.vpc.aws_vpc.main vpc-12345678
```
## Workspaces
```bash
# List workspaces
terraform workspace list
# Create workspace
terraform workspace new staging
# Switch workspace
terraform workspace select production
# Delete workspace
terraform workspace delete staging
```
## Best Practices
### Enable State Locking
Always use state locking to prevent concurrent modifications.
### Encrypt State
```hcl
backend "s3" {
encrypt = true
kms_key_id = "arn:aws:kms:..."
}
```
### Separate State Files
Use different state files for different environments:
```
states/
├── prod/terraform.tfstate
├── staging/terraform.tfstate
└── dev/terraform.tfstate
```
### Backup State
```bash
# Backup before dangerous operations
cp terraform.tfstate terraform.tfstate.backup.$(date +%Y%m%d_%H%M%S)
```
### Never Edit State Manually
Always use `terraform state` commands.
More from TheBushidoCollective/han
- absinthe-resolversUse when implementing GraphQL resolvers with Absinthe. Covers resolver patterns, dataloader integration, batching, and error handling.
- absinthe-schemaUse when designing GraphQL schemas with Absinthe. Covers type definitions, interfaces, unions, enums, and schema organization patterns.
- absinthe-subscriptionsUse when implementing real-time GraphQL subscriptions with Absinthe. Covers Phoenix channels, PubSub, and subscription patterns.
- act-docker-setupUse when configuring Docker environments for act, selecting runner images, managing container resources, or troubleshooting Docker-related issues with local GitHub Actions testing.
- act-local-testingUse when testing GitHub Actions workflows locally with act. Covers act CLI usage, Docker configuration, debugging workflows, and troubleshooting common issues when running workflows on your local machine.
- act-workflow-syntaxUse when creating or modifying GitHub Actions workflow files. Provides guidance on workflow syntax, triggers, jobs, steps, and expressions for creating valid GitHub Actions workflows that can be tested locally with act.
- ameba-configurationUse when configuring Ameba rules and settings for Crystal projects including .ameba.yml setup, rule management, severity levels, and code quality enforcement.
- ameba-custom-rulesUse when creating custom Ameba rules for Crystal code analysis including rule development, AST traversal, issue reporting, and rule testing.
- ameba-integrationUse when integrating Ameba into development workflows including CI/CD pipelines, pre-commit hooks, GitHub Actions, and automated code review processes.
- analyze-performanceAnalyze performance metrics and identify slow transactions in Sentry