Apply your configuration to create resources and then examine the state file.


In this lab you will

  • apply your configuration
  • create the resource group
  • view the state file

Starting point

Your files should currently look like this:


    terraform {
      required_providers {
        azurerm = {
          source  = "hashicorp/azurerm"
          version = "~>3.1"
    provider "azurerm" {
      features {}
      storage_use_azuread = true

    variable "resource_group_name" {
      description = "Name for the resource group"
      type        = string
      default     = "terraform-basics"
    variable "location" {
      description = "Azure region"
      type        = string
      default     = "West Europe"

    resource "azurerm_resource_group" "basics" {
      name     = var.resource_group_name
      location = var.location
  • terraform.tfvars

    location = "UK South"

    You may have set a different value for location.

terraform apply

  1. Apply the configuration

    terraform apply

    Running terraform apply will repeat the output of the terraform plan command.

    Type yes when prompted for approval.

    Example output:

    Terraform used the selected providers to generate the following execution
    plan. Resource actions are indicated with the following symbols:
      + create
    Terraform will perform the following actions:
      # azurerm_resource_group.basics will be created
      + resource "azurerm_resource_group" "basics" {
          + id       = (known after apply)
          + location = "uksouth"
          + name     = "terraform-basics"
    Plan: 1 to add, 0 to change, 0 to destroy.
    Do you want to perform these actions?
      Terraform will perform the actions described above.
      Only 'yes' will be accepted to approve.
      Enter a value: yes
    azurerm_resource_group.basics: Creating...
    azurerm_resource_group.basics: Creation complete after 0s [id=/subscriptions/2ca40be1-7e80-4f2b-92f7-06b2123a68cc/resourceGroups/terraform-basics]
    Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

    The resource group has been successfully created.

State files

Once Terraform has applied changes then it stores the current state as JSON in a file called terraform.tfstate.

  1. List the resources in the state file

    terraform state list

    Expected output:


    Note that the ident used for the Terraform resources is based in the resource type and the chosen name, i.e. azurerm_resource_group.basics. This needs to be unique for all resources in the state file.

  2. Display the attributes for a resource

    terraform state show azurerm_resource_group.basics

    Example output:

    # azurerm_resource_group.basics:
    resource "azurerm_resource_group" "basics"  {
        id       = "/subscriptions/2ca40be1-7e80-4f2b-92f7-06b2123a68cc/resourceGroups/terraform-basics"
        location = "uksouth"
        name     = "terraform-basics"
        tags     = {
            "source" = "terraform"
  3. View the state file

    jq . < terraform.tfstate

    Example output:

      "version": 4,
      "terraform_version": "1.1.7",
      "serial": 3,
      "lineage": "cc8db995-1d56-819c-9245-347f393a6ee1",
      "outputs": {},
      "resources": [
          "mode": "managed",
          "type": "azurerm_resource_group",
          "name": "basics",
          "provider": "provider[\"\"]",
          "instances": [
              "schema_version": 0,
              "attributes": {
                "id": "/subscriptions/2ca40be1-7e80-4f2b-92f7-06b2123a68cc/resourceGroups/terraform-basics",
                "location": "uksouth",
                "name": "terraform-basics",
                "tags": null,
                "timeouts": null
              "sensitive_attributes": [],

    The state file is in JSON format and includes more information used by Terraform to version resources and maintain dependencies.

    ⚠️ You should never modify the terraform.tfstate file directly. You can irrevocably corrupt the state file.


You applied the config and viewed the resource in the state file.

In later labs you will use remote state to protect the state file and enable locks so that multiple admins can use the remote state safely.

In the next lab you will add a resource to the config using the documentation.

Help us improve

Azure Citadel is a community site built on GitHub, please contribute and send a pull request

 Make a change