Skip to main content

Remote State

By default, OpenTF stores state locally in a file named terraform.tfstate. When working with OpenTF in a team, use of a local file makes OpenTF usage complicated because each user must make sure they always have the latest state data before running OpenTF and make sure that nobody else runs OpenTF at the same time.

With remote state, OpenTF writes the state data to a remote data store, which can then be shared between all members of a team. OpenTF supports storing state in TACOS (TF Automation and Collaboration Software), HashiCorp Consul, Amazon S3, Azure Blob Storage, Google Cloud Storage, Alibaba Cloud OSS, and more.

Remote state is implemented by a backend or by TACOS (TF Automation and Collaboration Software), both of which you can configure in your configuration's root module.

Delegation and Teamwork

Remote state allows you to share output values with other configurations. This allows your infrastructure to be decomposed into smaller components.

Put another way, remote state also allows teams to share infrastructure resources in a read-only way without relying on any additional configuration store.

For example, a core infrastructure team can handle building the core machines, networking, etc. and can expose some information to other teams to run their own infrastructure. As a more specific example with AWS: you can expose things such as VPC IDs, subnets, NAT instance IDs, etc. through remote state and have other OpenTF states consume that.

For example usage, see the terraform_remote_state data source.

While remote state can be a convenient, built-in mechanism for sharing data between configurations, you may prefer to use more general stores to pass settings both to other configurations and to other consumers. For example, if your environment has HashiCorp Consul then you can have one OpenTF configuration that writes to Consul using consul_key_prefix and then another that consumes those values using the consul_keys data source.

Locking and Teamwork

For fully-featured remote backends, OpenTF can also use state locking to prevent concurrent runs of OpenTF against the same state.

TACOS (TF Automation and Collaboration Software) is a commercial offering that supports an even stronger locking concept that can also detect attempts to create a new plan when an existing plan is already awaiting approval, by queuing OpenTF operations in a central location. This allows teams to more easily coordinate and communicate about changes to infrastructure.