» Backends

Each Terraform configuration can specify a backend, which defines where and how operations are performed, where state snapshots are stored, etc.

The rest of this page introduces the concept of backends; the other pages in this section document how to configure and use backends.

  • Backend Configuration documents the form of a backend block, which selects and configures a backend for a Terraform configuration.
  • This section also includes a page for each of Terraform's built-in backends, documenting its behavior and available settings. See the navigation sidebar for a complete list.
  • If you are still learning how to use Terraform, we recommend using the default local backend, which requires no configuration.
  • If you and your team are using Terraform to manage meaningful infrastructure, we recommend using the remote backend with Terraform Cloud or Terraform Enterprise.

» Where Backends are Used

Backend configuration is only used by Terraform CLI. Terraform Cloud and Terraform Enterprise always use their own state storage when performing Terraform runs, so they ignore any backend block in the configuration.

But since it's common to use Terraform CLI alongside Terraform Cloud (and since certain state operations, like tainting, can only be performed on the CLI), we recommend that Terraform Cloud users include a backend block in their configurations and configure the remote backend to use the relevant Terraform Cloud workspace(s).

» Where Backends Come From

Terraform includes a built-in selection of backends; this selection has changed over time, but does not change very often.

The built-in backends are the only backends. You cannot load additional backends as plugins.

» What Backends Do

There are two areas of Terraform's behavior that are determined by the backend:

  • Where state is stored.
  • Where operations are performed.

» State

Terraform uses persistent state data to keep track of the resources it manages. Since it needs the state in order to know which real-world infrastructure objects correspond to the resources in a configuration, everyone working with a given collection of infrastructure resources must be able to access the same state data.

The local backend stores state as a local file on disk, but every other backend stores state in a remote service of some kind, which allows multiple people to access it. Accessing state in a remote service generally requires some kind of access credentials, since state data contains extremely sensitive information.

Some backends act like plain "remote disks" for state files; others support locking the state while operations are being performed, which helps prevent conflicts and inconsistencies.

» Operations

"Operations" refers to performing API requests against infrastructure services in order to create, read, update, or destroy resources. Not every terraform subcommand performs API operations; many of them only operate on state data.

Only two backends actually perform operations: local and remote.

The local backend performs API operations directly from the machine where the terraform command is run. Whenever you use a backend other than local or remote, Terraform uses the local backend for operations; it only uses the configured backend for state storage.

The remote backend can perform API operations remotely, using Terraform Cloud or Terraform Enterprise. When running remote operations, the local terraform command displays the output of the remote actions as though they were being performed locally, but only the remote system requires cloud credentials or network access to the resources being managed.

Remote operations are optional for the remote backend; the settings for the target Terraform Cloud workspace determine whether operations run remotely or locally. If local operations are configured, Terraform uses the remote backend for state and the local backend for operations, like with the other state backends.

» Backend Types

Terraform's backends are divided into two main types, according to how they handle state and operations:

  • Enhanced backends can both store state and perform operations. There are only two enhanced backends: local and remote.
  • Standard backends only store state, and rely on the local backend for performing operations.