IaC State Management Discipline

Terraform state is precious and dangerous. The patterns that prevent corruption, drift, and lock contention.

Remote backend

S3 + DynamoDB, GCS + locking, or Terraform Cloud. Never local state in production.

Encryption at rest. Access tightly controlled.

Split state files

Per-environment state files. Per-major-component state files within an environment.

Splits limit blast radius. A corruption affects one component, not the world.

Detect drift

Terraform plan in CI on a schedule. Drift surfaces in dashboards.

Investigated promptly. Drift becomes harder to remediate the longer it sits.