Terraform has 3 things at all times:
1. HCL Code → what you WANT
2. State File → what Terraform THINKS exists
3. Real AWS Infra → what ACTUALLY exists
Terraform's job: make #3 match #1 — but it can only see #3 through #2.
The state file (terraform.tfstate) stores: resource IDs, attributes, dependencies.
Only needed in specific situations:
| Situation | Command |
|---|---|
| Renamed resource in HCL | state mv |
| Moved resource into a module | state mv |
| Stop managing a resource (keep it in AWS) | state rm |
| Existing AWS resource not in state | terraform import |
| Normal config changes (AMI, tags, type) | Just apply — no state cmd needed |
Lists all resources Terraform is currently managing.
terraform state list
Output:
aws_instance.app
aws_security_group.app
aws_vpc.main
Shows full details of a specific resource in state.