
Terraform tracks every piece of infrastructure it manages in a state file. If that file is lost, corrupted, or modified by two runs at once, Terraform loses the map between your configuration and what actually exists in the cloud. Keeping it secure, available, and versioned matters as much as the configuration itself.
Scalr handles this with a managed backend that stores state, encrypts it, and keeps a version history. You can also point a workspace at an external backend if you'd rather store state elsewhere. This post walks through both paths and the related features around import, export, and customer-owned storage.
When you use the Scalr-managed backend, state files are encrypted at rest with AES-256, which protects infrastructure data from unauthorized access. Scalr also versions state files automatically, so you can inspect previous versions and revert to a prior state when you need to.
If two operations hit the same Terraform state at once, you can end up with corruption and conflicts. So when you use the Scalr-managed backend, Scalr locks the state automatically.
plan or apply) starts in a Scalr workspace, Scalr locks the state file.This locking mechanism is a built-in feature of the Scalr backend.
Scalr allows users to employ other backends supported by Terraform if the Scalr-managed backend is not preferred.
terraform import?Scalr supports the terraform import command. This function allows users to bring existing infrastructure, not initially created by Terraform, under Terraform management. The state of these imported resources can be stored in Scalr's managed backend or a configured external backend. The state is accessible for inspection and management.
On the Enterprise plan, Scalr offers the option to store state in a customer-owned storage bucket while still utilizing the Scalr backend's management features.
This approach provides:
This option can be used to meet specific compliance, data sovereignty, or data governance requirements.
terraform state pull and Other Methods?Terraform state data managed by Scalr can be accessed or exported through several methods:
terraform state pull command can be used to retrieve the current state file to a local machine.The Scalr-managed backend encrypts state, keeps a version history, and locks state during runs. If that doesn't fit your needs, you can disable it per workspace and point Terraform at an external backend instead. On the Enterprise plan you can also keep Scalr's management features while the state itself lives in a bucket you own. Which option works best depends on how your team handles infrastructure as code and what your compliance requirements are.
