Remote State & Locking

チーム開発の必須作法。ローカルにtfstateを置いてはいけない。

Backend
Stateファイルの保存場所。S3などを指定する「Remote Backend」が基本。

Best Practices

Remote Backend: Use S3 (AWS) or GCS (Google).
State Locking: Use DynamoDB to prevent race conditions.
Encryption: Encrypt state at rest (S3 SSE) and in transit.

S3 Backend Config

backend.tf
terraform {
  backend "s3" {
    bucket         = "my-terraform-state"
    key            = "prod/app.tfstate"
    region         = "us-east-1"
    encrypt        = true
    dynamodb_table = "terraform-lock" // Prevents simultaneous edits
  }
}