Terraform Centralized State Management

Terraform Centralized State Management

Creating a Spring Boot Lambda on AWS

Learn how to build and deploy a simple spring boot based AWS lambda and then automate its deployment with Terraform.

full course
  1. Spring Boot Lambda Prerequisites
  2. Spring Boot Lambda Implementation
  3. Spring Boot Lambda API Implementation
  4. Terraform Setup and First Install
  5. Terraform Centralized State Management
  6. Automated Terraform Deploy Using Github Actions
  7. Confirming the Continuous Deployment Pipeline

As we saw in the last course Terraform will manage the state of your application, but by default it stores this locally. This is not ideal for us and will cause problems when we try to work with others or create a continuous deployment pipeline. Now we’ll create a way to store the state in AWS.

Create the State Peristance

We’ll be following the official terraform documentation from here.

First make a S3 bucket manually. Although we could use Terraform to create and manage this, it will cause us problems. Ideally, you would use a separate ‘infrastructure’ project to handle this (and other things like databases that you don’t want to accidentally rollback). That will be a separate effort and doing it manually for now will be sufficient.

Go to the AWS console and find the S3 service page.

Click Create bucket and set the minimum configuration. You only need to set a name, accept all of the other defaults.

Now go ahead and make a DynamoDB table. First navigate to DynamoDB in the console.

Click Create table. Add a name, but the primary key must be LockID exactly with a String type.

Uncheck Use default settings and change Read/write capacity mode to On-demand

Since we’re only using this for state management, we don’t expect to be using this table often enough to justify leaving a server up. I think there’s a free tier eligible DynamoDB, but I’m not sure how to configure it and I’m very scared about unexpected costs, so this works for me (but if you can figure out how to do it for free with the provisioned configuration I’d be glad to update the docs)

Update the Terraform Configuration

Make a new branch

$ git checkout -b cloud-state

Now we need to tell Terraform to use the cloud state management.

First, create some new variables in variables.tf

variable "s3_bucket" {
  default = "helloworld-lambda-state"
variable "s3_key" {
  default = "global/s3/terraform.tfstate"
variable "dynamo_lock" {
  default = "helloworld-lambda-state-lock"

Add these lines to main.tf (after the provider clause)

data "aws_caller_identity" "current" {}

terraform {
  backend "s3" {
    # Replace this with your bucket name!
    bucket = "helloworld-lambda-state"
    encrypt = true
    key = "global/s3/terraform.tfstate"
    region = "us-east-1"
    shared_credentials_file = "/Users/brian/.aws/bullyrook/credentials"
    # Replace this with your DynamoDB table name!
    dynamodb_table = "helloworld-lambda-state-lock"


This is going to tell terraform to look for (and create if necessary) the state managment in the bucket and table we just created. Additionally, we need to grant access to the bucket and link it to the role that we created previously.

Create the State

We’ll need to terraform init first

$ terraform init

and then apply

$ terraform apply
aws_lambda_permission.helloWorld-permission: Creation complete after 1s [id=terraform-20210724235555315200000002]
Releasing state lock. This may take a few moments...

Apply complete! Resources: 7 added, 0 changed, 0 destroyed.

and we should see it create our infrastructure and the state file in the bucket and a lock entry in the database

Let’s destroy everything first before we start the next step which will be creating a github action to build and deploy this lambda whenever we merge to main

$ terraform destroy

Commit and Merge

$ git status
$ git add .
$ git commit -m "state in aws configuration"
$ git push --set-upstream origin cloud-state
$ git checkout main
$ git merge cloud-state
$ git push

0 comments on “Terraform Centralized State ManagementAdd yours →

Leave a Reply

Your email address will not be published. Required fields are marked *