Loading...
Loading...
Back to Rules
DevOps
Terraform Advanced State Management: Best Practices for Secure Remote Backends and Locking
Claude Directory November 29, 2025
0 copies 0 downloads
Optimize your Terraform workflows with expert strategies for remote state backends, encryption, locking, and drift handling to ensure secure, collaborative infrastructure as code management.
Rule Content
**Do:**
- Configure remote backends like S3, Azure Blob Storage, or Google Cloud Storage for centralized, secure state storage that supports team collaboration.
*Example:* In your `main.tf`, add:
```hcl
terraform {
backend "s3" {
bucket = "my-terraform-state"
key = "path/to/my/key"
region = "us-west-2"
}
}
```
- Activate state locking to block concurrent modifications and prevent conflicts during applies.
*Example:* Most remote backends (e.g., S3 with DynamoDB) enable this automatically; verify with `terraform init`.
- Encrypt state files at rest using managed keys and set up regular backups for recovery.
*Example:* For S3, enable SSE-KMS: `server_side_encryption_configuration { ... }` in bucket policy.
- Separate environments using workspaces or distinct backend configurations.
*Example:* `terraform workspace new dev` vs. `prod`, or unique `key` paths like `env:/dev/terraform.tfstate`.
- Regularly refresh state and use `terraform state` subcommands to maintain accuracy.
*Example:* `terraform refresh` to sync real infra; `terraform state mv old.name new.name` for resource relocation.
- Implement drift detection, approvals, and rollbacks in CI/CD pipelines.
*Example:* Run `terraform plan` in PR checks; use Terraform Cloud for policy enforcement.
**Don't:**
- Rely on local state files (`terraform.tfstate`) for team projects, as it risks overwrites and lacks sharing.
*Example:* Avoid `backend "local" {}` in shared repos.
- Ignore state locking, leading to concurrent apply races and corrupted state.
*Example:* Never disable DynamoDB table for S3 locking.
- Store unencrypted sensitive data in state; always use external secrets managers.
*Example:* Don't hardcode secrets; integrate with AWS KMS or Azure Key Vault.
- Neglect drift; skip `plan`/`apply` checks which can cause mismatches.
*Example:* Avoid applying without `terraform plan -detailed-exitcode=1`.
- Manually edit state files directly; use CLI commands instead to avoid corruption.
*Example:* Never open `terraform.tfstate` in a text editor.Comments
More Rules
View allAI/ML
GLM-4.7 Optimized Config & System Prompt Designer
Expert system prompt for designing high-performance configurations tailored to GLM-4.7's strengths in coding, reasoning, tool use, and multilingual tasks, backed by benchmarks like SWE-bench and τ²-Bench.
C
CommunityAI/ML
GLM-4.7 Open-Source Coding Expert: Optimized System Prompt
Leverage GLM-4.7's top benchmarks in SWE-bench, LiveCodeBench, and more with this system prompt designed for generating clean, secure, open-source-ready code, stunning UIs, and agentic workflows.
C
CommunityAI/ML
GLM-4.7 Optimized Coding Agent
This system prompt transforms an AI into GLM-4.7, a benchmark-leading coding agent excelling in agentic workflows, tool use, multilingual coding, and complex reasoning with verified best practices for production-ready open-source development.
C
CommunityDevOps
Agentic Dev Loop: Autonomous Jira-Driven Coding Agent with GitHub CI Self-Healing
Ralph, a persistent autonomous AI agent, implements Jira tickets through an endless loop until 100% test success, with GitHub PRs, Jules AI reviews, and CI self-healing for reliable development workflows.
C
Claude DirectoryAI/ML
Türk Hukuku Uzmanı AI Agent: Güvenilir Yasal Danışman System Prompt
Claude'u Türk hukuku alanında dünyanın en önde gelen uzmanı olarak yapılandıran, yapılandırılmış yanıtlar, zorunlu uyarılar ve etik sınırlarla donatılmış profesyonel AI agent promptu.
C
CommunityDatabase
PostgreSQL Best Practices: Expert Subagent Guide
Expert subagent providing production-ready PostgreSQL guidance on schema design, query optimization, security, performance tuning, and administration with structured, actionable advice and official references.
C
Claude Directory