Follow me on Instagram for behind-the-scene content 😊 bit.ly/2F3LXYJ If you want to support this channel, please leave a like :) ▬▬▬▬▬▬ Learn more about Terraform? 🚀 ▬▬▬▬▬▬ Terraform explained in 15mins ► kzbin.info/www/bejne/ombOYpSflKx1eqc Complete Terraform Course for Beginners ► bit.ly/3OCoCPu Terraform in complete DevOps process ► bit.ly/3WtBARg ▬▬▬▬▬▬ T I M E S T A M P S ⏰ ▬▬▬▬▬▬ 0:00 - Intro 0:25 - Terraform State & State File - Best Practices around State 1:18 - BP 1: Manipulate state only through TF commands 1:46 - BP 2: Remote State 2:44 - BP 3: State Locking 3:43 - BP 4: Back up State File 4:23 - BP 5: Use 1 State per Environment 5:36 - BP 6: Host TF code in Git repository 6:56 - BP 7: CI for TF Code 7:39 - BP 8: Execute TF only in an automated build 8:28 - Wrap Up & More TF Resources ▬▬▬▬▬▬ Useful Links 🔗 ▬▬▬▬▬▬ ► Remote State: www.terraform.io/docs/language/state/remote.html ► State Locking: www.terraform.io/docs/language/state/locking.html

- Use remote state with versioning and locking; - Use workspace for multiple environments; - Use for_each instead of count if it's possible; - Never save TF state files in git, they can contain sensitive information in plain text format; - Use modules for code reuse (DIY); Thanks for a video :)

We are honored to sponsor this great video!

one of the best videos that actually shows how big orgs do it. Thanks

Thank you Nana. This is a handful for Terraform beginner developers. What I would add from my experience - creating only one state file for one environment can be an issue if the environment has a lot of resources. A bigger state means a much longer plan and apply (and very often more $$$ if someone uses CI/CD as SaaS), so my suggestion is to divide code into workspaces and use state files for each of them. Keep up to 50 resources per state.

Danke!

Hi Nana, I just wanted to give kudos to you for your Terraform course on Udemy. I finished it some weeks ago and I can use my new knowledge in my daily work.

- Use workspaces to better organize state files - Use pre-commit hooks to do basic Terraform fmt, linting before commiting changes

Nice video, you can also include -: Using of TF modules to follow DRY code practices. Use of terraform workflows to deploy similar type is multiple environments. Securing sensitive variable to output on console. Securing state files wherever kept.

I just love the way you present the information in your videos! Best videos out there

This env0 for both Terraform and DevOps as a whole looks and sounds so cool! Great information there Ms.Nana. Thank you so much!

One thing worth mentioning regarding tfstate and putting your terraform into version control is that you do not want to version control your .tfstate files. These can potentially contain secrets in plain text. The best thing to do in this case is switch to a remote storage method like s3 even if you're not part of a team, just to be on the safe side.

As a newbie to Terraform this is an excellent video, I wasn't aware as yet of most of these items so I've learnt a lot. I still don't know anything about CI/CD so that's my next visit in your library. Thanks

Hi Nana, you are awesome.the way you explain things is super easy. You know what, I became Devops expert only watching your videos.

Perfect timing!

Great job! Love your presentation style and have enjoyed many of your videos over the past year.

Your videos are few in thousands that I enjoy watching till the end.

Using terrform modules instead of repetative resources and pass the required input arguments to this module, this module can also be versioned and kept in git and use tags (with incremental versions eg: v0.1) to refer in the main code. This enhances our code to become better in terms of readability. Also, we have to hide the sensitive content in tf output vars ( if any) and donot hardcode sensitive protected info in tf code, instead handle them through CI ( store them as jenkins credentials ), write jpac to read it and pass it as CLI arg to tf commands as needed.

Yes I Got Best KZbin Channel For My DevOps Journey

Amazing best practices, one to add is to create names or identifiers dynamically for the resources that cannot be deployed multiple times, this way you can deploy IaC for features branches to test your changes before merging to the main branch

Love the content, and I’m happy to report that I’ve been following these best practices for several years now. Only thing I’d recommend is to use modules as a best practice. It’s just easier to manage components vs one file with all the resources.

Love your videos as always, concise, precise and crisp, thank you

Hi Nana, Thanks for the video. Terra grunt can be use for DRY your terraform configuration across multiple environments.

Thank you 🙏. Gonna give env0 a try!

Thx for sharing! How about a video on managing terraform modules? Or maybe how to separate out IaC for staging, production, and dev environments :)

Very good explanation now i have good idea about TF State. Thanks

Terraform modules also one of the best practice to share other terraform users for quick start/update without reinventing or duplicating the terraform code

Always like, and Already Subscribed with opening bell icon 😅

great video Nana, Love all of these

Hello Nana. Another best practice it's trying to avoid throwing resources to the main files in all the environments that's has the same deployment. This should live in a separate versioned/tagged module allowing to have a standard way to deploy new environments.

I’m actually interested on how to test IaC code.

Great Best Practices Explanation! Really awesome explanation on how to utilize 1 state per environment and how to organize states!

Great video!

Just a quick tip regarding remote state. In my practice I'm using state separation per service as well, not just per env. For example, gke cluster or cloud SQL tf modules should store their state files within different folders. It could be easily configured in Terragrunt - backend.tf could be generated automatically with required configuration. Finally it will look like: /terraform/state/environment/service. Usage of terraform workspaces is not a good idea especially with distributed teams. IMHO.

THANK YOU!

Perfect Nana!

Stellar content! Can you discuss environment management strategies for Kubernetes workloads leveraging the GitOps model? 🙏🏽

Thanks for this video Nana. One thing I was expecting in this was to organise terraform code in reusable modules.

It is a very good practice to set default_tags on aws infrastructure. And also to create a resource group to group easily all cloud resources by filtering on some tags.

No, when using Amazon S3 as a backend for state file storage, the default state locking mechanism does not automatically utilize DynamoDB, so your statement at 3:27 is not correct.

Hi Nana, great tutorial. Is there a way to get notify when someone in the team execute a terraform plan?

Thank you

Nice video. I'm surprised you didn't mention Terragrunt though.

hey, one question regarding the state file for each environment, since I'm creating a state file for each env, is it best practice for all to be in the same bucket with different directories or different buckets? and regarding the dynamodb, should be one db for the state files?

Thanks for this great video. I would also add the use of Terraform Workspace to separate different environments as best practice. Thoughts?

Nice video, if you remake please include more about secrets management and what files you don't want to commit to any public repositories.

Your explanations are concise and to the point. Keep creating these videos it helps a lot.

i love this video, thanks for sharing.

Very useful information 👌

Great content, I really appreciate your time. I am just curious, what tool do you use to animate your slides?

Great video as always. Can you tell me what application did you use for working on the animations in your video?

Awesome!!! Thank you Nana

Would request a tutorial series or bootcamp on MLOPS or AIOPS?

Hi Nana, could you share your source for the popularity statistic of IaC tools at 0:03? I've been looking for something similar for my Bachelors thesis. Thanks in advance

thank you Nanaaaaaaaaaaaa Glory to you

Hello Nana Great job as usual 👏 I think there is a another important point to discuss regarding Secrets in plain text Thank you 😊

Hi Nana! why are these courses not available in Udemy Business? :(

What do you use to make these nice presentations?

Can you please upload the video on Terraform vs Terragrunt

Hi Nana, may I ask which software are you using to edit such beautiful and interactive videos? Thanks a lot

Hi Nana, how do I upgrade argoCD version from 1.5.5 to 1.6? Looking forward to hearing from you

your youtube tutorials are very high-quality content, I wanted to purchase a course and i did for the terraform course, but for the DevOps course it's very expensive, could you consider please some discounts :)

Can You please cover What all topics to study for Hashicorp Terraform : Associate Exam

4:40 you didn’t say how to have multiple state files. I recommend you do it with work spaces.

Hi Nana, thank you for the great content you produce, what's your preferred choice for testing IaC (terraform in particular)? Thanks

DBAs at my work decided to remove 2 servers and keep number 3,4,5 only This was a problem to do it in TF as we use count and count was 5. If you changed count to 3 it would remove servers 4 and 5 So I had to amend the module we had and also change indexing inside the tfstate to make it work

i don't get the best practise having a terraform state file remotely. why not use git for that too in order to have "locking" or versioning and a pipeline to push that against a server? i don't see why use git for terraform code, but not for state files. maybe i am missing something

Does using a repository to host your terraform code eliminates the need to have a dedicated storage for the state file ? Or , we use repository to host only the code and after completing the pipelines the new changes will get the latest state and update it ? Thanks in advance ^^

Can anyone tell me how to get a software developer job as I am a fresher. And also learning the Devops bootcamp for further knowledge

It is perhaps obvious, but I think it's worth mentioning that auth tokens etc. should not be stored in variables file, but in terraform.tfvars. And this file should not be included in the source project.

I'm currently using a tool called atlantis, that should be an alternative to env0

Hi Nana, I am struggling to download the latest builded artifact from artifactory which is a war file basically, I have many artifacts on my artifactory repo and I need to download the latest builded one..can you is there any way to do it?unfortunately I’m not using the artifactory pro version which makes it more complicated to do.please help

Hello, Your explanation was simply superb and easy to understand as always. As mentioned in this video 4th best practice -> I am using GCS bucket and storing my terraform state file there after every terraform apply but unfortunately I have deleted GCS Bucket and now i have lost state file...Could you please let me know how can I create or get back the terraform state file. Any solution.

Great video thanks. Do you have some recommendation on how do we test terraform code in CI/CD pipeline?

How about secrets management?

@TechWorld with Nana you missed security best practises like storing secrets and also terragrunt.

Thank you Nana 😎 Since you are using Git, the development process must follow Gitflow, you must have branches for your dev, test and prod environments, and the state files must match those branches. This can be considered a best practice. But everything is learned in practice in a specific project.

Hello Nana, yet another great tutorial 👍 But I was just wondering why we couldn’t use git or another scm tool to store stats ?!? 🤔

Woahhhh .! My org follows all of these…

We didn’t speak about security of secrets!

Good but if you could make complete TERRAFORM video in which case studies to implement in different platforms of technical perspective

at the end why just dont use git with those state files?

Please make full course

Nana, are all these tips integrated with the boot camp?

great

Thanks but most are best practices everywhere else too. If anyone has been with the computer in a shared environment they would have used a few already especially the locking mechanism

Nice video but I think you missed the point with GitOps and Terraform, in order to implement GitOps, a tool like Crossplane instead of Terraform must be used (or at least create your own terraform tool)

I don't understand point 4 (backing up/versioning terraform state). Isn't the terraform state just supposed to be tracking the actual state of the deployed resources? If that's the case, and it gets nuked, am I not in the same position as I was in before I ran "terraform apply" or "terraform plan" for the first time? Can't I just run "terraform apply" again? Seems to me it's an easily-recomputable resource - so why back it up? (But maybe I'm missing something?) And as for versioning state... again, why? I don't see any use case for rewinding to older state (as you seem to suggest) - again (as I understand it) it's just supposed to be a reflection of the current actual deployed state, so rewinding would just make it inconsistent with reality. If you want to rewind your system state, that's what versioning your actual terraform code is for (and yes of course do that!): check out an old version of _that_ and plan/apply. The only purpose I can think of for versioning state is as a historical record for audit purposes (i.e. attesting that "this changed at this time"). But maybe I'm missing something...? Genuinely asking, as I'm relatively new to terraform. Everything else you're saying makes sense to me, so if there's something I'm missing here I'd love to know about it. Thanks!

Hey, could somebody please explain to me one thing? Why is it necessary to store `tfstate` file at all? An alternative: just query the provider about what infrastructure it has and use this response result instead of tfstate on the moment of code execution. It would require to implement a small number of additional API for providers, but it reduces so much complexity for the end users... I can see only one possible reason - it is difficult to perform locking, when N people simultaneously execute `terraform apply` without state file. But here comes the punchline - since Terraform does not provide this feature out of the box, you still have to enforce mutual exclusion yourself, this reason must not be the actual reason why was it not done! As I see it, querying state explicitly would solve all the complexity of maintaining this state shared between team members, which is a SIGNIFICANT complexity if you did not use static file storage in your project before. Literally, WHY???

What is the difference between a software engineer and programmer, even though they both write code

Why didn't you mention in 1st best practice nothing about terraform import, state list, state rm ?

hi..nana ..you can make one video for learners...write terraform script and deploy through ci/cd pipeline...please my request...madam .

I am a beginner and I learn HTML CSS and I want to be a Back End Developer ( Node js or Spring BooT ) Please reply me and Thanks 🥰

i'm not sure i understand about restoring previous versions of corrupted state files. if the state files represent the cloud resources, then using a previous version would mean it will not be in sync with what actually exists in the cloud? in regards to using your own TF repository, i have to say i object to that ,(even though it what we do) because in my opinion, tf code should reside in the SAME repo as the application code that uses it, this is because the commit should contain both the resource creation and the code that uses that resource. assume a developer needs to establish an event bridge, SQS, SNS and s3 bucket resources, his code would need to address and use them, which would require creating them in advance, which would require devops to do this process, making the developer wait till they are finished, (same goes for changing said resources ) thus making devops a bottle neck (yes i'm aware env0 is meant to solve this, but to me it seems kind of an over kill) additionally let's say i'm using a new syntax in terraform (like using dynamic blocks) which may not always work, the constant iteration of a build server deploy would THAT bottle neck as it would start queues on these changes. and lastly , i'm wondering, if i can combine localStack into this, buy somehow managing the code to be selectively executed on localstack container, (where i want only certain amount of resources created and override all endpoints to my own.

Another best practise is to use terraform modules, which will allow you to reuse your terraform across all your environments.

Best

Probably it's because of Terraform's approach, or because of some restrictions of targeted infrastructure, but solving parallel editing using locking is ridiculous, especially considering reinvention of the wheel; there is "code" in infrastructure as code, and nowadaysr the best solution to maintain the code is using source control.

How about terragrunt?

Wish to have an email connection ☺️ Also would like to know more about integrating CIs or env0 into PRs.

DRY with terragrunt, modules for reuse.