Terraform State Management
Overview
This page describes Sym's recommendation on how to manage Terraform state for your configurations.
terraform-aws-tfstate-backend
We recommend utilizing CloudPosse's open-source module terraform-aws-tfstate-backend
which stores your Terraform state in an S3 bucket and manages the Terraform state lock with DynamoDB.
When using this module, Terraform state is available to anyone with access to the S3 bucket, allowing multiple engineers to apply Terraform configuration, and ensuring that Terraform state in the case of catastrophic laptop failure.
Example Configuration
data "aws_caller_identity" "current" {}
# You cannot create a new backend by simply defining this and then
# immediately proceeding to "terraform apply". The S3 backend must
# be bootstrapped according to the simple yet essential procedure in
# https://github.com/cloudposse/terraform-aws-tfstate-backend#usage
module "terraform_state_backend" {
source = "cloudposse/tfstate-backend/aws"
version = "0.38.1"
namespace = "sym"
name = "tfstate"
attributes = [data.aws_caller_identity.current.account_id]
terraform_backend_config_file_path = ""
terraform_backend_config_file_name = "backend.tf"
terraform_state_file = "prod/terraform.tfstate"
force_destroy = false
}
Please visit the official CloudPosse repository for more detailed documentation and examples.
Updated 3 days ago