Collaboration

  • Use remote state and state locking
    • For certain backends like AWS S3, enable versioning to make it easier to recover your state if needed
  • Agree on naming convention
  • Use meaningful tags to easily identify resources: environment, owner, project keys are must
    • You can also add cloud-custdodian for components which are out of terrarfom/IaC tools, which could automatically tag your manually created resources with Owner Creator based on CloudTrail events

Don’t reinvent the wheel

Use existing shared and community modules. As a common sense, it’s highly recommended to reuse matured modules such as VPC. Look for these modules in Terraform Registry

Explicit definition

  • Keep your providers, modules versioned properly
  • Keep each module in a separate repo. Usually it depends on project size, and we can use monorepo or single modules repo as well.

Avoid variables hard-coding

Check if you can get the value of an attribute via a data source instead of setting it explicitly. For example, instead of finding our AWS account id from the console and setting it in terraform.tfvars as

aws_account_id=”99999999999”

we can get it from a data source

data "aws_caller_identity" "current" {}
locals {
    account_id    = data.aws_caller_identity.current.account_id
}

Automate