Terraform State Locking - Major Update

Author

Govardhana M K
February 03, 2025

In partnership with

TechOps Examples

Hey — It's Govardhana MK 👋

Along with a use case deep dive, we identify the remote job opportunities, top news, tools, and articles in the TechOps industry.

👋 Before we begin... a big thank you to today's sponsor WRITER

Writer RAG tool: build production-ready RAG apps in minutes

RAG in just a few lines of code? We’ve launched a predefined RAG tool on our developer platform, making it easy to bring your data into a Knowledge Graph and interact with it with AI. With a single API call, writer LLMs will intelligently call the RAG tool to chat with your data.

Integrated into Writer’s full-stack platform, it eliminates the need for complex vendor RAG setups, making it quick to build scalable, highly accurate AI workflows just by passing a graph ID of your data as a parameter to your RAG tool.

IN TODAY'S EDITION

🧠 Use Case

  • Terraform State Locking - Major Update

🚀 Top News

👀 Remote Jobs

📚️ Resources

📢 Reddit Threads

🛠️ TOOL OF THE DAY

Reloader - A Kubernetes controller to watch changes in ConfigMap and Secrets and do rolling upgrades on Pods with their associated Deployment, StatefulSet, DaemonSet and DeploymentConfig.

🧠 USE CASE

Terraform State Locking - Major Update

Some of you may have already noticed, Terraform 1.10.0 introduced built in state locking via Amazon S3, eliminating the need for DynamoDB for state management.

A game changing feature, I should say.

If you manage Terraform at scale, now’s the time to plan a smooth migration to the new locking mechanism.

Why do I say so ?

No Extra Setup – You don’t need to deal with a separate DynamoDB table just for locking.

Saves Money – Dropping DynamoDB means cutting down on unnecessary costs.

Easy Migration – Terraform lets you use both DynamoDB and S3 locking at the same time, so you can switch over smoothly.

Better Security – S3 Object Lock can enforce retention policies, giving you extra protection.

How to Transition to S3 State Locking?

Enable S3 Object Lock – When creating your Terraform state bucket, enable Object Lock (note: this is irreversible after activation).

Modify Terraform Backend Configuration

From (Using DynamoDB for State Locking)

terraform {
  backend "s3" {
    bucket         = "tf-state-bucket"
    key            = "state/terraform.tfstate"
    region         = "us-east-1"
    encrypt        = true
    dynamodb_table = "state-lock-table"  
  }
}

To (Using S3 Lock Directly)

terraform {
  backend "s3" {
    bucket         = "tf-state-bucket"
    key            = "state/terraform.tfstate"
    region         = "us-east-1"
    encrypt        = true
    use_lockfile   = true 
  }
}

Test in Dev/Staging – Deploy the updated configuration in a non-production environment to validate the changes.

Migrate Production – Once confident, phase out DynamoDB and rely solely on S3 Object Lock.

Monitor & Optimize – Use AWS CloudTrail and Terraform logs to monitor state lock behavior.

Note: when using S3 Object Lock, upgrade to Terraform 1.10.1 to avoid MD5 header issues (Terraform 1.10.1 Changelog)

For Further Reading:

To strengthen your Terraform expertise, I am giving away my ‘Terraform Basics to Advanced in One Guide’ for FREE for a limited time.

(Usually, you need 10 referrals to grab this visually intuitive 71-page PDF)

I run a DevOps and Cloud consulting agency and have helped 17+ businesses, including Stanford, Hearst Corporation, CloudTruth, and more.

What people say after working with me: Genuine testimonials

When your business needs my services, book a free 1:1 business consultation.

You may even like:

Looking to promote your company, product, service, or event to 35,000+ TechOps Professionals? Let's work together.