Introduction:
TTerraform is an Infrastructure-as-Code (IaC) tool that manages infrastructure by comparing the current state of resources with the desired configuration defined in code. Changes are executed through the terraform plan and terraform apply workflow.
Terraform does not provide a native rollback capability. If a deployment introduces unintended changes, infrastructure must be restored by reverting configuration changes or recovering a previous state.
In environments using Terraform Enterprise (TFE), runs are executed within workspaces and state files are automatically versioned. This allows administrators to review previous runs and state versions to assist with infrastructure recovery when needed.
Problem:
Infrastructure administrators may encounter situations where a Terraform deployment introduces unintended changes or infrastructure instability.
These issues may occur due to:
Incorrect configuration changes committed to Terraform code
Failed or partially completed
terraform applyoperationsMisconfigured variables or module updates
State file inconsistencies or corruption
Infrastructure drift between the actual environment and Terraform state
Failed or unintended runs triggered in Terraform Enterprise workspaces
Common symptoms include:
Production infrastructure behaving unexpectedly after a Terraform deployment
terraform plandisplaying unexpected resource modifications or deletionsDeployment pipelines failing during Terraform runs
Inconsistent resource states between Terraform and the actual infrastructure
Failed or incomplete runs visible in the Terraform Enterprise run history
Since Terraform does not provide a built-in rollback mechanism, administrators must manually restore the infrastructure to a previous stable configuration using version control or state recovery methods.
In Terraform Enterprise environments, rollback can be facilitated by reverting configuration changes in the connected VCS repository or by restoring a previous state version within the workspace.
Solutions:
Reverting Terraform Configuration Using Version Control (Recommended)
The recommended rollback approach is to revert the Terraform configuration in the Version Control System (VCS) to the last known stable commit.
This approach ensures:
Infrastructure remains aligned with source-controlled code
Changes are auditable through commit history
Rollbacks can be performed safely within CI/CD pipelines
Configuration drift is minimized
After reverting the configuration, Terraform can be re-applied to restore the infrastructure to the desired state defined in the previous working configuration.
In Terraform Enterprise, when workspaces are connected to a VCS repository (such as GitHub, GitLab, or Bitbucket), reverting a commit in the repository will automatically trigger a new run in the workspace. This run will generate a new plan and apply the reverted configuration, effectively restoring infrastructure to the previous state.
Restoring a Previous Terraform State Version
If the Terraform state file becomes corrupted or significantly inconsistent with the deployed infrastructure, restoring a previous version of the state file may be required.
This option is available when Terraform uses a backend that supports state versioning, such as:
AWS S3 with versioning enabled
Azure Blob Storage
Google Cloud Storage
Terraform Cloud or Terraform Enterprise
Restoring a previous state version allows Terraform to regain a consistent representation of infrastructure resources.
In Terraform Enterprise, administrators can view and manage state versions directly from the workspace UI. Each run generates a new state snapshot, allowing teams to review and recover previous versions when necessary.
Note:
Restoring the state file without ensuring configuration alignment may cause Terraform to attempt unintended infrastructure modifications during subsequent runs.
Steps to Roll Back Terraform Configuration Using Git
Identify the last stable Terraform configuration commit
git log --oneline
Locate the commit associated with the last successful deployment.
Revert the problematic configuration change
git revert <commit_id>
This creates a new commit that reverses the changes introduced in the specified commit.
Push the reverted configuration to the remote repository
git push origin <branch-name>
If Terraform deployments are automated through CI/CD or connected to Terraform Enterprise VCS workspaces, this action may trigger a new Terraform run.
Review the Terraform execution plan
terraform plan
Confirm that the plan reflects the intended rollback changes.
Apply the rollback configuration
terraform apply
Terraform will update infrastructure resources to match the restored configuration.
In Terraform Enterprise, this process occurs through the workspace run workflow where the plan and apply stages are executed within the platform.
Steps to Restore a Previous Terraform State File
Identify the previous version of the Terraform state file in the backend storage system.
Download or restore the required version of the terraform.tfstate file.
Replace the current state file in the Terraform backend with the restored version.
Ensure that the Terraform configuration files match the infrastructure state represented by the restored state file.
Run a validation plan
terraform plan
Verify that the plan output does not contain unintended changes.
Once validated, proceed with normal Terraform operations.
In Terraform Enterprise, state versions can be reviewed within the workspace under the States tab, where administrators can download or inspect previous state snapshots for recovery purposes.
Key Points:
Terraform does not support a native rollback or undo command.
The safest rollback strategy is reverting Terraform configuration changes through version control systems such as Git.
Applying a previously stable configuration allows Terraform to restore infrastructure safely.
Terraform Enterprise automatically stores state versions for each run, providing additional recovery options.
State file versioning in remote backends provides an additional recovery mechanism.
Restoring state files should be performed cautiously to avoid configuration and infrastructure mismatches.
Implementing CI/CD pipelines and proper version control practices improves rollback reliability and infrastructure stability.
Reference:
https://developer.hashicorp.com/terraform/tutorials/cli/apply