terraform.tfstate dynamodb and S3
Most basic setup to have when working with terraform is - Where to store terraform statefile and avoid all hassles!
Some issues you run into:
- Access to tfstate: Needs access to same terraform statefile across the team to work with infra setup. Hence, statefiles are to be storedin shared location. Will use S3 bucket
- Locking: It causes problems when multiple team members are executing terraform at the same time. You would want to avoidrace conditions, conflicts and unintended statefile corruptions. DynamoDB at rescue here!
- Isolation: How are you going to isolate these states for different environment to avoid accidental deployments in prod or env?Its best practice to segregate statefile storage based on //<product/combined components like infrasetup/services>/terraform.tfstateOfcourse this is just a suggestion, you do you!
- secrets: You would want to safely store these files as it containes all your infra secrets! Don't have to tell you more what happenswhen secrets gets leaked. Will talk about this more in later posts
Setup
Creates resource S3 and DynamoDB
I usually create these resources manually if it is just one time create and forget!
Store terraform.tfstate
To tell your terraform to store statefiles at what path and in what bucket.
https://github.com/ashwiniag/k8s_terraform_metrics/blob/main/templates/provider.tf
Initiate
terraform init -backend-config="key=terraform/ashwiniag-dragon/infra/terraform.tfstate"
