Terraform Remote Backend Using Azure Blob Storage

Setting Up a Remote Backend for Terraform Using Azure Storage

/ Leave a Comment / Azure, Cloud, DevOps / By

Terraform Remote State Using Azure Storage

Recently, I needed to set up a shared Terraform workflow where state could be safely stored and accessed by a team. I figured out how to use Azure Blob Storage as a remote backend for Terraform. Storing your Terraform state in a remote backend ensures consistency across teams and machines. This post walks you through setting up Azure Blob Storage as the backend.

1. Create Storage Account and Container

Run the following in your terminal. Adjust variables as needed.

# Set variables
RESOURCE_GROUP="tf-aks-rg"
STORAGE_ACCOUNT_NAME="tfstatestore$(openssl rand -hex 3)" # must be globally unique
CONTAINER_NAME="tfstate"
LOCATION="westus2"

# Create the storage account
az storage account create \
  --resource-group $RESOURCE_GROUP \
  --name $STORAGE_ACCOUNT_NAME \
  --sku Standard_LRS \
  --encryption-services blob \
  --kind StorageV2 \
  --location $LOCATION

# Get the storage account key
ACCOUNT_KEY=$(az storage account keys list \
  --resource-group $RESOURCE_GROUP \
  --account-name $STORAGE_ACCOUNT_NAME \
  --query '[0].value' -o tsv)

# Create the container
az storage container create \
  --name $CONTAINER_NAME \
  --account-name $STORAGE_ACCOUNT_NAME \
  --account-key $ACCOUNT_KEY

2. Configure Terraform to Use the Remote Backend

Create a file called backend.tf:

terraform {
  backend "azurerm" {
    resource_group_name  = "tf-aks-rg"
    storage_account_name = "<your-storage-account-name>"
    container_name       = "tfstate"
    key                  = "terraform.tfstate"
  }
}

Replace <your-storage-account-name> with the actual name.

3. Initialize Terraform

terraform init

You’ll be prompted:

Do you want to copy the existing state to the new backend? [yes]

Answer yes to migrate your local state to Azure.

4. Verify

  • Confirm that terraform.tfstate exists in the Azure container.
  • Your local state file (terraform.tfstate) should no longer be present or should be empty.

Next Step: Team Access

Make sure your team members have:

  • Read/write access to the storage account
  • Correct backend config in their Terraform project

Conclusion

This was my first time setting up a remote backend with Azure, and it turned out to be more straightforward than I expected. If you’re using Azure and want to avoid local state headaches, this set up works well.

Leave a Comment

Your email address will not be published. Required fields are marked *