Terraform Cloud et backends distants : collaborer sans friction

Le backend Terraform est le composant le plus critique de votre workflow IaC.

Terraform Cloud : le backend manage

terraform {
  cloud {
    organization = "mon-org"
    workspaces {
      name = "production-infra"
    }
  }
}

Avantages : zero infrastructure a gerer, UI integree, RBAC natif. Inconvenients : vendor lock-in HashiCorp.

Backend S3 + DynamoDB : le standard AWS

terraform {
  backend "s3" {
    bucket         = "tfstate-monentreprise"
    key            = "prod/network/terraform.tfstate"
    region         = "eu-west-1"
    encrypt        = true
    dynamodb_table = "tfstate-lock"
  }
}

Organisation multi-environnements

tfstate/
|-- prod/
|   |-- network/terraform.tfstate
|   +-- compute/terraform.tfstate
|-- staging/
+-- dev/

Chaque couche a son propre etat. La couche compute lit les outputs de network via terraform_remote_state.

Proteger contre la destruction accidentelle

resource "aws_db_instance" "prod" {
  lifecycle {
    prevent_destroy = true
  }
}

Notre formation Terraform couvre la gestion d’etat avancee.