Is it possible to manage statefile in terraform cloud, so that I can update the existing resources?

Say I have created my infrastructure using terraform cloud. This step is done in a run and hence we have a statefile which is stored in terraform cloud workspace.

Now, I need to update the resources that were created in the above run (For eg, I need to modify the ingress endpoint of any k8s service). Incase of cli, it is possible by terraform apply command, which will just compare with the existing state of the resources and update the configuration.

But to do the same using terraform cloud, if I modify the code and do git push, a new run is getting triggered which will not do the expected task. So, is there any way to manage the state of a run, so that I can modify the configuration of existing resources which were created out of terraform cloud and update those resources.

Hi @soundarya!

Can you say more about what exact commands you would expect to run to achieve your goal in the CLI-only approach you mentioned, and what result you’d expect from each of them?

Hopefully then I or someone else can show mechanisms in Terraform Cloud that you could use to get the same or a similar result.

Thanks!

1 Like

Sure @apparentlymart. Thanks for your response. Let me post the exact steps and commands I follow in CLI with the outputs below:

Consider my terraform stack code will deploy the following, It will

  1. Create AWS-EKS with 1 nodegroup and 3 nodes.
  2. Deploy consul-vault server in the created EKS cluster.
  3. Enable vault secret engines in the deployed vault.

Initially, I will comment the code to enable vault secret engine because it will not workout without initializing the vault which cannot be automated with terraform. So I will run the command “terraform init” and “terraform apply” for the first 2 steps. Then, I will initialize the vault manually by exec into the vault pod.

Once done with that, I will uncomment the enable vault secret engine terraform code and do “terraform apply” again. As a whole, all the three steps will be done in CLI without any issue.

Now, I need to do this using terraform cloud. Hope you got the idea, if not please let me know.

You can do exactly what you said above with Terraform Cloud - it’s just that when you speak of commenting and uncommenting, you actually have to commit those actions to Git and push to the repository linked to your Terraform Cloud workspace.

There are ways this process can be adjusted to make it more elegant than commenting and uncommenting, but I don’t want to overcomplicate this answer at this stage, as this paragraph in your original post makes me worry there’s an important misunderstanding to clear up first:

Yes, when you modify the code and do git push, a new run will be triggered. This is normal and expected, and will do the expected task, assuming the change in Git describes the task you expect.

Once a run has executed, you can’t go back and manage the same run to run again - all updates are handled by creating new runs.

1 Like

Thanks @maxb for your response.

So, using terraform cloud, we cannot update the configuration of resources that are already created. Am I right?

For example, after creating few resources using terraform cli, if we update the configuration in terraform and do “terraform apply”, it will modify the resource with the new configuration. This cannot be achieved with terraform cloud if I am not wrong. Please confirm.

I don’t understand how you got that from my words - that’s not true at all.

Terraform Cloud is a hosted environment which literally runs terraform apply for you - it’s running the very same code you are locally, so can do all the same kinds of things.