PDF

Terraform State Management with Megaport Resources

This topic describes the Terraform state file and recommended practices for using it to map your configuration files to the Megaport services deployed on your network.

What is Terraform state?

Terraform stores information about resources you have created in a state file, called terraform.tfstate.

This file is automatically created after running the terraform apply command. It provides a snapshot of your infrastructure managed by Terraform at a specific point in time. It is created in the same directory where Terraform is deployed. We recommend monitoring terraform.tfstate regularly.

The main purposes of the Terraform state file are:

• Mapping real-world resources – The state file keeps track of the real-world infrastructure resources that Terraform has created and is managing. It logs information about their configurations, IDs, and dependencies.

• Source of truth – The state file is the source of truth about your current infrastructure. When you run the terraform apply command, it compares your configuration files with the state file to determine what changes need to be made.

• Tracking metadata – The state file stores metadata that Terraform uses internally, such as the Terraform version used to create the state and resource dependencies.

For more information about the Terraform state file, see State (HashiCorp).

Understanding Terraform state for Megaport resources

Terraform state is a crucial component that maps your configuration files to the Megaport resources deployed on your network. When you run the terraform apply command, Terraform creates a state file, terraform.tfstate, that tracks all resources it manages, their configurations, and interdependencies.

What does the Megaport Terraform Provider state file contain?

For Megaport resources, the state file tracks information such as:

• Resource IDs and UIDs
• Port configurations
• VXC settings
• MCR router configurations
• Partner connections
• Location information

Key state management concepts

• Importing existing resources – If you already have Megaport services configured through the Portal, use the terraform import command to bring them under Terraform management:

  Example 1: Import an existing Port

  terraform import megaport_port.my_port "example-uid-41d4-a716-446655440000"
  

  Example 2: Import an existing VXC

  terraform import megaport_vxc.my_vxc "example-uid-426f-9247-bb680e5fe0c8"
  

  For more information, see Importing Existing Production Services.

• Preventing accidental deletions – To protect production services:

  • Always run the terraform plan command before applying changes.
  • Consider using the -target flag to limit scope of changes.
  • Add lifecycle blocks to prevent critical resource destruction. For more information, see Manage resource lifecycle (HashiCorp).

     resource "megaport_port" "production_port" {
     # Port configuration...
  
     lifecycle {
     prevent_destroy = true
     }
  }
  

• State file storage for team environments – By default, Terraform stores state information locally.

  For Terraform state file storage in team environments, using a remote storage space is recommended for collaboration, version control, and security.

  • Use remote state storage (Terraform Cloud, S3, and so on).
  • Enable state locking to prevent concurrent modifications.
  • Consider encrypting state files as they contain sensitive information.

• State file maintenance – Occasionally, you might need to use some commands, for example:

  • terraform state list to see all managed resources.
  • terraform state show to examine a specific resource.
  • terraform state rm to remove a resource from state without destroying it.

• Handling state drift – Terraform’s state file keeps track of all the infrastructure it manages. Manually changing these resources outside of Terraform can cause the state file to become inaccurate, a situation known as drift.

  If Terraform’s record of your infrastructure doesn’t match reality, it will try to fix the discrepancies, potentially leading to the unintended deletion or recreation of your resources. For more information, see Manage resource drift (HashiCorp).

  If changes are made to Megaport resources outside of Terraform:

  • Use the terraform refresh command to update the state with the current resource configurations.
  • Consider running the terraform plan command regularly to detect unauthorized changes.

Recommended practices

We recommend you follow these practices for optimal results with Terraform:

• Back up your state file regularly – Losing it is irreversible.
• Version control your configuration files – However, never save state files containing sensitive data such as credentials. For more information, see Sensitive Data in State (HashiCorp).
• Modularize complex configurations – This approach improves resource management by promoting a more organized and reusable structure.
• Lock Megaport services in the Portal – Terraform state is the source of truth for resource management. To prevent conflicting changes to production services in the Portal and Terraform, locking production services is recommended. For more information, see Locking Megaport Services.

For more information, see Learn Terraform recommended practices (HashiCorp).

Helpful references

• terraform plan command (HashiCorp)
• State (HashiCorp)
• Target resources (HashiCorp)
• Manage resource lifecycle (HashiCorp)
• Manage resource drift (HashiCorp)
• Sensitive Data in State (HashiCorp)
• Learn Terraform recommended practices (HashiCorp)