Basic State Commands
เรียน
terraform state list,show,output,graph— commands ที่ใช้ดู state ทั่วไป
terraform state list
แสดง resource ทั้งหมดใน state:
$ terraform state list
aws_s3_bucket.data
aws_s3_bucket.logs
aws_instance.web
aws_security_group.web
data.aws_ami.ubuntu
module.network.aws_vpc.main
module.network.aws_subnet.public[0]
module.network.aws_subnet.public[1]
Filter by Pattern
# แสดงเฉพาะ S3 buckets
terraform state list "*s3*"
# แสดงเฉพาะ resource ใน module
terraform state list "module.network.*"
Count Resources
terraform state list | wc -l
terraform state show
ดูรายละเอียดของ resource:
$ terraform state show aws_s3_bucket.data
# aws_s3_bucket.data:
resource "aws_s3_bucket" "data" {
arn = "arn:aws:s3:::my-data-bucket"
bucket = "my-data-bucket"
bucket_domain_name = "my-data-bucket.s3.amazonaws.com"
bucket_regional_domain_name = "my-data-bucket.s3.ap-southeast-1.amazonaws.com"
force_destroy = false
hosted_zone_id = "Z3O0J2DXBE1FTB"
id = "my-data-bucket"
region = "ap-southeast-1"
request_payer = "BucketOwner"
tags = {
"Environment" = "prod"
}
tags_all = {
"Environment" = "prod"
}
}
ใช้ดู:
- ARN, ID ของ resource
- Attribute ทั้งหมด (รวม computed)
- Current state ตาม Terraform's view
ดู Module Resource
terraform state show 'module.network.aws_vpc.main'
ดูใน count / for_each
terraform state show 'aws_subnet.public[0]'
terraform state show 'aws_iam_user.team["alice"]'
terraform output
ดู output values:
# ดูทั้งหมด
$ terraform output
bucket_name = "my-data-bucket"
vpc_id = "vpc-12345"
# ดูตัวเดียว
$ terraform output bucket_name
"my-data-bucket"
# Raw (no quotes — เหมาะ shell)
$ terraform output -raw bucket_name
my-data-bucket
# JSON
$ terraform output -json
{
"bucket_name": {
"value": "my-data-bucket",
"type": "string"
}
}
Use Cases
# Pipe ไป ssh
ssh ec2-user@$(terraform output -raw web_public_ip)
# Save to file
terraform output -json > outputs.json
# Pass to script
DATABASE_URL=$(terraform output -raw db_url) ./deploy.sh
terraform graph
Generate dependency graph:
terraform graph
Output (DOT format):
digraph {
compound = "true"
newrank = "true"
subgraph "root" {
"[root] aws_instance.web (expand)" -> "[root] aws_subnet.public (expand)"
"[root] aws_subnet.public (expand)" -> "[root] aws_vpc.main (expand)"
}
}
Render เป็น Image
# Install graphviz
brew install graphviz
# Generate PNG
terraform graph | dot -Tpng > graph.png
# SVG
terraform graph | dot -Tsvg > graph.svg
Filter
# Plan graph (เฉพาะ resource ที่จะเปลี่ยน)
terraform graph -type=plan
# Apply graph
terraform graph -type=apply
# Validate graph
terraform graph -type=validate
terraform refresh
อัปเดต state ให้ตรงกับ reality:
terraform refresh
Deprecated in 0.15+
terraform refresh ยังใช้ได้ แต่แนะนำใช้:
terraform apply -refresh-only
จะแสดง diff ก่อน + ถาม confirm
terraform providers
แสดง providers ที่ใช้:
$ terraform providers
.
├── provider[registry.terraform.io/hashicorp/aws] ~> 5.0
├── provider[registry.terraform.io/hashicorp/random] ~> 3.5
└── module.network
└── provider[registry.terraform.io/hashicorp/aws] ~> 5.0
List Versions
terraform providers schema -json > schema.json
Lock Cross-Platform
terraform providers lock \
-platform=linux_amd64 \
-platform=darwin_arm64 \
-platform=darwin_amd64 \
-platform=windows_amd64
→ Update .terraform.lock.hcl ให้รองรับทุก platform
terraform version
$ terraform version
Terraform v1.9.8
on darwin_arm64
+ provider registry.terraform.io/hashicorp/aws v5.70.0
# JSON
terraform version -json
terraform console
REPL สำหรับทดสอบ expression:
$ terraform console
> upper("hello")
"HELLO"
> length([1, 2, 3])
3
> aws_s3_bucket.data.arn
"arn:aws:s3:::my-data-bucket"
> [for i in range(3) : "host-${i}"]
[
"host-0",
"host-1",
"host-2",
]
ใช้ทดสอบ HCL expression / function โดยไม่ต้อง apply
ออก: Ctrl+D หรือ exit
terraform fmt + validate (recap)
# Format
terraform fmt -recursive
# Format check (CI)
terraform fmt -check -recursive
# Validate
terraform validate
terraform get
Download modules (ทำใน terraform init แล้ว — ใช้แยกได้):
terraform get
terraform get -update # update modules
ตัวอย่าง: Quick Diagnostic
# 1. ดู resource ที่ manage
terraform state list
# 2. ดู resource ที่น่าสงสัย
terraform state show 'aws_instance.web'
# 3. ตรวจ drift
terraform plan -refresh-only
# 4. ดู output
terraform output
# 5. ดู provider
terraform providers
รวม commands ใน script
scripts/inspect.sh
#!/bin/bash
set -e
echo "=== State Inspection ==="
echo ""
echo "Total resources:"
terraform state list | wc -l
echo ""
echo "Resources by type:"
terraform state list | sed 's/\[.*\]//' | awk -F'.' '{print $1}' | sort | uniq -c
echo ""
echo "Outputs:"
terraform output
echo ""
echo "Drift check:"
terraform plan -refresh-only -no-color | grep -E '^\s*~|\s*-' | head -20
สรุป
| Command | หน้าที่ |
|---|---|
state list | List resources ใน state |
state show | ดู attributes ของ resource |
output | ดู output values |
graph | Dependency graph (DOT format) |
refresh (deprecated) | Update state จาก reality |
providers | List providers ที่ใช้ |
version | Version ของ Terraform + providers |
console | REPL ทดสอบ expression |
ต่อไป → Modify State