Skills
skills/armanzeroeight/fastagent-plugins/terraform-state-manager

terraform-state-manager

SKILL.md

Terraform State Manager

This skill provides safe workflows for Terraform state operations and troubleshooting.

When to Use

Use this skill when:

  • Importing existing infrastructure into Terraform
  • Moving resources to different addresses (renaming)
  • Removing resources from state without destroying them
  • Migrating state between backends (local to S3, etc.)
  • Recovering from state corruption or conflicts
  • Splitting or merging state files

Critical Safety Rules

ALWAYS follow these rules when working with state:

  1. Backup first: Create state backup before any operation
  2. Plan after: Run terraform plan after state changes to verify
  3. One at a time: Make incremental changes, not bulk operations
  4. Test in non-prod: Practice state operations in dev/test first
  5. Version control: Commit code changes with state operations

Common Operations

1. Import Existing Resources

Workflow:

# Step 1: Write the resource configuration in .tf file
# Step 2: Import the resource
terraform import <resource_address> <resource_id>

# Step 3: Verify with plan (should show no changes)
terraform plan

Example - Import AWS S3 Bucket:

# 1. Add to main.tf
resource "aws_s3_bucket" "existing" {
  bucket = "my-existing-bucket"
}

# 2. Import
terraform import aws_s3_bucket.existing my-existing-bucket

# 3. Verify
terraform plan  # Should show: No changes

Tips:

  • Find resource ID format in provider docs
  • Import one resource at a time
  • Some resources require multiple imports (bucket + versioning + encryption)
  • Use terraform show to see imported attributes

2. Move Resources (Rename/Refactor)

Workflow:

# Move resource to new address
terraform state mv <source> <destination>

# Verify
terraform plan  # Should show: No changes

Example - Rename Resource:

# Before: aws_s3_bucket.bucket
# After:  aws_s3_bucket.main

terraform state mv aws_s3_bucket.bucket aws_s3_bucket.main

Example - Move to Module:

# Move resource into module
terraform state mv aws_instance.web module.web_server.aws_instance.main

Example - Move Between Modules:

terraform state mv module.old.aws_db_instance.main module.new.aws_db_instance.main

Tips:

  • Update .tf files to match new addresses before running plan
  • Use quotes for addresses with special characters
  • Move related resources together (e.g., bucket + bucket_policy)

3. Remove from State

Workflow:

# Remove resource from state (keeps actual resource)
terraform state rm <resource_address>

# Verify resource still exists in cloud
# Update .tf files to remove resource definition

Example - Remove Resource:

# Remove from Terraform management
terraform state rm aws_s3_bucket.temp

# Resource still exists in AWS, just not managed by Terraform

Use cases:

  • Handing off resource to another Terraform workspace
  • Removing accidentally imported resources
  • Decomissioning Terraform management of legacy resources

4. Migrate State Backend

Workflow for Local → S3:

# Step 1: Create S3 bucket and DynamoDB table for locking

# Step 2: Add backend configuration
terraform {
  backend "s3" {
    bucket         = "my-terraform-state"
    key            = "project/terraform.tfstate"
    region         = "us-east-1"
    encrypt        = true
    dynamodb_table = "terraform-locks"
  }
}

# Step 3: Initialize with migration
terraform init -migrate-state

# Step 4: Verify
terraform plan

Backend Migration Checklist:

  • Backup current state file
  • Create new backend resources (S3 bucket, etc.)
  • Update backend configuration in code
  • Run terraform init -migrate-state
  • Verify with terraform plan
  • Test state locking works
  • Update team documentation

5. List State Resources

View all resources in state:

# List all resources
terraform state list

# Show specific resource details
terraform state show aws_s3_bucket.main

# Output state as JSON
terraform show -json

Troubleshooting

State Lock Issues

# If state is locked and shouldn't be
terraform force-unlock <lock-id>

# Only use if you're certain no other operation is running

State Drift Detection

# Check for drift between state and actual infrastructure
terraform plan -refresh-only

# Update state to match reality (doesn't change infrastructure)
terraform apply -refresh-only

Corrupted State Recovery

# Terraform keeps backups automatically
ls terraform.tfstate.backup

# Restore from backup
cp terraform.tfstate.backup terraform.tfstate

# Or restore from remote backend version history (S3 versioning)

Pre-Operation Checklist

Before any state operation:

  • Backup state file (cp terraform.tfstate terraform.tfstate.backup)
  • Ensure no other operations are running
  • Understand the exact command and its impact
  • Have rollback plan ready
  • Test in non-production first

Post-Operation Verification

After any state operation:

  • Run terraform plan (should show expected changes or no changes)
  • Verify resource still exists in cloud console
  • Check state file size is reasonable
  • Commit changes to version control
  • Document what was done and why
Weekly Installs
7
Repository
armanzeroeight/…-plugins
GitHub Stars
26
First Seen
Feb 4, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass
Installed on
claude-code7
opencode6
gemini-cli6
github-copilot6
codex6
amp5