すでに、terraform init,terraform applyは実行済みとします。

|- .terraform
|- terraform.tfstate
resource "aws_vpc" "main" {

  cidr_block = ""
  enable_dns_support = true
  enable_dns_hostnames = true

  tags = {
    "Name" = "mv-tfstate-vpc"
terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "4.1.0"

  # backend "s3" {
  #   bucket = "example-remote-backend-s3" # 仮の値を入れています
  #   key    = "mv-remote-state/terraform.tfstate"
  #   region = "ap-northeast-1"
  # }

provider "aws" {
  # Configuration options
  region = "ap-northeast-1"
  "version": 4,
  "terraform_version": "1.1.7",
  "serial": 5,
  "outputs": {},
  "resources": [
      "mode": "managed",
      "type": "aws_vpc",
      "name": "main",
      "provider": "provider[\"\"]",
      "instances": [
          "schema_version": 1,
          "attributes": {
            "arn": "arn:aws:ec2:ap-northeast-1:XXXXXXXXXXXX:vpc/vpc-XXXXXXXXXXXXXXXXX",
            "assign_generated_ipv6_cidr_block": false,
            "cidr_block": "",
            "default_network_acl_id": "acl-XXXXXXXXXXXXXXXXX",
            "default_route_table_id": "rtb-XXXXXXXXXXXXXXXXX",
            "default_security_group_id": "sg-XXXXXXXXXXXXXXXXX",
            "dhcp_options_id": "dopt-XXXXXXXXXXXXXXXXX",
            "enable_classiclink": false,
            "enable_classiclink_dns_support": false,
            "enable_dns_hostnames": true,
            "enable_dns_support": true,
            "id": "vpc-XXXXXXXXXXXXXXXXX",
            "instance_tenancy": "default",
            "ipv4_ipam_pool_id": null,
            "ipv4_netmask_length": null,
            "ipv6_association_id": "",
            "ipv6_cidr_block": "",
            "ipv6_cidr_block_network_border_group": "",
            "ipv6_ipam_pool_id": "",
            "ipv6_netmask_length": 0,
            "main_route_table_id": "rtb-XXXXXXXXXXXXXXXXX",
            "owner_id": "XXXXXXXXXXXX",
            "tags": {
              "Name": "mv-tfstate-vpc"
            "tags_all": {
              "Name": "mv-tfstate-vpc"
          "sensitive_attributes": [],
          "private": "XXXXXXXXXXXXXXXXXXXX"



後の手順でterraform initを行う際に、自動でterraform.tfstate.backupを作成されます。


takakuni@mv_tfstate % cp -p terraform.tfstate terraform.tfstate.manualbackup



terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "4.1.0"

   backend "s3" {
     bucket = "example-remote-backend-s3" # 仮の値を入れています
     key    = "mv-remote-state/terraform.tfstate"
     region = "ap-northeast-1"

provider "aws" {
  # Configuration options
  region = "ap-northeast-1"

terraform init

tfstateファイルをS3に送るため、再度terraform initを実行します。

余談ですが、terraform initを実行する前に、terraform planを行うと以下のように「terraform initを実行してね!」とエラーが発生します。

takakuni@mv_tfstate % terraform plan            
│ Error: Backend initialization required, please run "terraform init"
│ Reason: Initial configuration of the requested backend "s3"
│ The "backend" is the interface that Terraform uses to store state,
│ perform operations, etc. If this message is showing up, it means that the
│ Terraform configuration you're using is using a custom configuration for
│ the Terraform backend.
│ Changes to backend configurations require reinitialization. This allows
│ Terraform to set up the new configuration, copy existing state, etc. Please run
│ "terraform init" with either the "-reconfigure" or "-migrate-state" flags to
│ use the current configuration.
│ If the change reason above is incorrect, please verify your configuration
│ hasn't changed and try again. At this point, no changes to your existing
│ configuration or state have been made.

いざ、terraform init実行

注意すべきポイントは、「Do you want to copy existing state to the new backend?」と対話形式で聞かれているです。



takakuni@mv_tfstate % terraform init             

Initializing the backend...
Do you want to copy existing state to the new backend?
  Pre-existing state was found while migrating the previous "local" backend to the
  newly configured "s3" backend. No existing state was found in the newly
  configured "s3" backend. Do you want to copy this state to the new "s3"
  backend? Enter "yes" to copy and "no" to start with an empty state.

  Enter a value: yes

Successfully configured the backend "s3"! Terraform will automatically
use this backend unless the backend configuration changes.

Initializing provider plugins...
- Reusing previous version of hashicorp/aws from the dependency lock file
- Using previously-installed hashicorp/aws v4.1.0

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.


terraform planも問題なく実行できました。

takakuni@mv_tfstate % terraform plan
aws_vpc.main: Refreshing state... [id=vpc-XXXXXXXXXXXXXXXXX]

No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration and found no differences, so no changes are needed.


  • mv_tfstate/terraform.tfstate」は空ファイルになる
  • mv_tfstate/terraform.tfstate.backup」ファイルの作成
  • mv_tfstate/.terraform/terraform.tfstate」ファイルが作成
  • S3にtfstateファイルの作成


|- .terraform
||- terraform.tfstate # 新規作成
|- terraform.tfstate # ファイルは実在するが何も書き込まれていない
|- terraform.tfstate.backup # 新規作成
|- terraform.tfstate.manualbackup # オプションで作ったファイル



  • mv_tfstate/terraform.tfstate」は空ファイルになる
  • mv_tfstate/terraform.tfstate.backup」ファイルの作成
  • mv_tfstate/.terraform/terraform.tfstate」ファイルが作成
  • S3にtfstateファイルは作成されない
|- .terraform
||- terraform.tfstate # 新規作成
|- terraform.tfstate # ファイルは実在するが何も書き込まれていない
|- terraform.tfstate.backup # 新規作成
|- terraform.tfstate.manualbackup # オプションで作ったファイル



以下のterraform state pushtfstateファイルを復旧します。

# 「terraform.tfstate.backup」または、「terraform.tfstate.manualbackup」
takakuni@mv_tfstate % terraform state push terraform.tfstate.backup
takakuni@mv_tfstate % terraform  plan

aws_vpc.main: Refreshing state... [id=vpc-XXXXXXXXXXXXXXXXX]

No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration and found no differences, so no changes are needed.





    "version": 3,
    "serial": 1,
    "backend": {
        "type": "s3",
        "config": {
            "access_key": null,
            "acl": null,
            "assume_role_duration_seconds": null,
            "assume_role_policy": null,
            "assume_role_policy_arns": null,
            "assume_role_tags": null,
            "assume_role_transitive_tag_keys": null,
            "bucket": "example-remote-backend-s3",
            "dynamodb_endpoint": null,
            "dynamodb_table": null,
            "encrypt": null,
            "endpoint": null,
            "external_id": null,
            "force_path_style": null,
            "iam_endpoint": null,
            "key": "mv-remote-state/terraform.tfstate",
            "kms_key_id": null,
            "max_retries": null,
            "profile": null,
            "region": "ap-northeast-1",
            "role_arn": null,
            "secret_key": null,
            "session_name": null,
            "shared_credentials_file": null,
            "skip_credentials_validation": null,
            "skip_metadata_api_check": null,
            "skip_region_validation": null,
            "sse_customer_key": null,
            "sts_endpoint": null,
            "token": null,
            "workspace_key_prefix": null
        "hash": XXXXXXXXXX
    "modules": [
            "path": [
            "outputs": {},
            "resources": {},
            "depends_on": []


# 間違えて削除
takakuni@mv_tfstate % rm -f .terraform/terraform.tfstate

# terraform planが通らなくなる
takakuni@mv_tfstate % terraform plan
│ Error: Backend initialization required, please run "terraform init"
│ Reason: Initial configuration of the requested backend "s3"
│ The "backend" is the interface that Terraform uses to store state,
│ perform operations, etc. If this message is showing up, it means that the
│ Terraform configuration you're using is using a custom configuration for
│ the Terraform backend.
│ Changes to backend configurations require reinitialization. This allows
│ Terraform to set up the new configuration, copy existing state, etc. Please run
│ "terraform init" with either the "-reconfigure" or "-migrate-state" flags to
│ use the current configuration.
│ If the change reason above is incorrect, please verify your configuration
│ hasn't changed and try again. At this point, no changes to your existing
│ configuration or state have been made.# terraform initの再実行
takakuni@mv_tfstate % terraform init 

Initializing the backend...

Successfully configured the backend "s3"! Terraform will automatically
use this backend unless the backend configuration changes.

Initializing provider plugins...
- Reusing previous version of hashicorp/aws from the dependency lock file
- Using previously-installed hashicorp/aws v4.1.0

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

# terraform planが通る
takakuni@mv_tfstate % terraform plan
aws_vpc.main: Refreshing state... [id=vpc-XXXXXXXXXXXXXXXXX]

No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration and found no differences, so no changes are needed.





S3からローカルへ移行する場合のterraform initではterraform.tfstate.backupが作成されないため、やってて損はない気がします。

takakuni@mv_tfstate % terraform state pull > terraform.tfstate.manualbackupformS3




terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "4.1.0"

  # backend "s3" {
  #   bucket = "example-remote-backend-s3" # 仮の値を入れています
  #   key    = "mv-remote-state/terraform.tfstate"
  #   region = "ap-northeast-1"
  # }

provider "aws" {
  # Configuration options
  region = "ap-northeast-1"

terraform initの実行

terraform planを実行すると、「terraform initを実行してね!」と怒られます。

takakuni@mv_tfstate % terraform plan
│ Error: Backend initialization required, please run "terraform init"
│ Reason: Unsetting the previously set backend "s3"
│ The "backend" is the interface that Terraform uses to store state,
│ perform operations, etc. If this message is showing up, it means that the
│ Terraform configuration you're using is using a custom configuration for
│ the Terraform backend.
│ Changes to backend configurations require reinitialization. This allows
│ Terraform to set up the new configuration, copy existing state, etc. Please run
│ "terraform init" with either the "-reconfigure" or "-migrate-state" flags to
│ use the current configuration.
│ If the change reason above is incorrect, please verify your configuration
│ hasn't changed and try again. At this point, no changes to your existing
│ configuration or state have been made.



takakuni@mv_tfstate % terraform init -migrate-state

Initializing the backend...
Terraform has detected you're unconfiguring your previously set "s3" backend.
Do you want to copy existing state to the new backend?
  Pre-existing state was found while migrating the previous "s3" backend to the
  newly configured "local" backend. No existing state was found in the newly
  configured "local" backend. Do you want to copy this state to the new "local"
  backend? Enter "yes" to copy and "no" to start with an empty state.

  Enter a value: yes

Successfully unset the backend "s3". Terraform will now operate locally.

Initializing provider plugins...
- Reusing previous version of hashicorp/aws from the dependency lock file
- Using previously-installed hashicorp/aws v4.1.0

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
# terraform planで差分確認
takakuni@tfstate % terraform plan     
aws_vpc.main: Refreshing state... [id=vpc-XXXXXXXXXXXXXXXXX]

No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration and found no differences, so no changes are needed.







