Immutable Cloud — basics
When AWS creates the default VPC, it:
- Creates a VPC with a size /16 IPv4 CIDR block (172.31.0.0/16). This provides up to 65,536 private IPv4 addresses.
- Creates a size /20 default subnet in each Availability Zone. This provides up to 4,096 addresses per subnet, a few of which are reserved for our use.
- Creates an internet gateway and connect it to your default VPC.
- Creates a main route table for your default VPC with a rule that sends all IPv4 traffic destined for the internet to the internet gateway.
- Creates a default security group and associate it with your default VPC.
- Creates a default network access control list (ACL) and associates it with your default VPC. Each subnet is automatically associated with the default network ACL
- Associate the default DHCP options set for your AWS account with your default VPC.
The State file keeps track of which resource configuration maps to which real world resource. The state also stores metadata about those resources such as the dependency order for creating the resources.
Ultimately you can think of Terraform state as just a big JSON array of your resources (because that’s pretty much what it is).
With a backend setup, state is pushed to a remote location and can be accessed by a whole team simultaneously.
However, running Terraform simultaneously could lead to bad outcomes with many machines manipulating the state file at the same time. And that’s why most backend configurations also support “locking”. With locking you can ensure only one person can run executions against the state file at once.