Terraform 6 of 10: Terraform State using AWS Cloud9
Background
This tutorial deals with Terraform State. AWS Cloud9 is the environment.
1 of 10. Open the Terraform documentation for "random_password"
Terraform Registry > Providers > Utility > Random > Documentation > Resources > random_password
2 of 10. Open your AWS Cloud9 environment
3 of 10. Run "terraform init"
Per the documentation, "A backend defines where Terraform stores its state data files."
terraform init
4 of 10. Update "resources.tf"
Remove existing content, and make it look like the below. It should be a random password generator. Then, we want to "terraform init", "terraform plan" and "terraform apply". Pause a moment before hitting "yes", and you will notice that a lock.info file is created.
resource "random_password" "password" {
length = 16
special = true
}
terraform init
terraform plan
terraform apply
5 of 10. "terraform show" and "terraform show -json"
Because the random_password is a sensitive value, you won't see it in the "terraform show" output, but you can find it in the "terraform show -json" output. This is expected behavior, per the documentation for the "terraform show" command. Note that the "show" command is simply showing human readabout output from a file. If a file isn't specified, then it assumes the "state" file by default. You may want to secure your state file, now that you know your secrets are stored in plain text in the state file. Recommendation is a remote state file.
terraform show
terraform show -json
6 of 10. Update "outputs.tf" to try to view the password output value.
Terraform should encounter an error.
output "password" {
value = random_password.password.result
}
terraform apply
7 of 10. Update "outputs.tf" per the advice of the error message, and try again.
Terraform should display that it is a sensitive value.
output "password" {
value = random_password.password.result
sensitive = true
}
terraform apply
8 of 10. Update "resources.tf" to create a shorter password.
This should force "re-creation" of the password.
resource "random_password" "password" {
length = 8
special = true
}
terraform apply
9 of 10. View the terraform.tftstate and the terraform.tfstate.backup, comparing the two files.
You should see the prior version of the password in the backup file.
10 of 10. Cleanup
Destroy the resource you created.
terraform destroy
Reference
Comments
Post a Comment