Do I need a versioning of the tfstate file if my terraform configuration is versioned in git?

Question

I have a git repository with all my terraform declarations. The latest tfstate file get's uploaded into a backend (Azure Blob Storage) when the pipeline runs.

My question is: Do I really need to keep old versions of the tfstate file for restore options?

Because I think that whenever terraform apply in the pipeline would fail, I could just rollback my code to the last working version and run the pipeline again to run plan and apply, right?

In this case I don't understand what the differences are between my code declarations in my repo and the tfstate file are. Always assuming, that changes in the cloud provider only do happen via terraform.

Thanks

Answer 1

Versioning of the terraform state files protects against accidental deletion of the state file, or corruption of the state file. The versioning of the state file is not to track different versions of the state, it is to be able to restore the state file if something bad happens to it. Versioning is simply S3's way to create backups of a file.

If the file were accidently deleted in S3, then Terraform would have no knowledge of what resources it had created, and the next time you ran terraform apply it would try to recreate all those resources again. To fix that you would either need to restore a backup of the state file, or run terraform import many times to import every resource you have defined, which is a very tedious, manual process. Obviously in that scenario simply restoring the state file from backup is the best approach, so enabling object versioning in S3 so that you have backups of the state file is important.