Localstack + tflocal for Dev
Localstack mocks AWS locally; tflocal is the Terraform wrapper.
Idea
tflocal runs Terraform against Localstack rather than real AWS. The dev loop pays no cloud cost; iteration is seconds not minutes; PR-time validation catches errors before they reach the real AWS apply.
- Local AWS mock as Terraform target. Localstack provides the AWS API surface; tflocal points Terraform at it instead of real AWS.
- Zero cloud spend per iteration. Blow away and recreate environments freely. The inner dev loop becomes risk-free.
- Seconds-not-minutes apply. No cross-region API calls; no per-resource provisioning latency. Inner dev loop accelerates dramatically.
- PR-time validation. tflocal-driven test on every PR catches obvious errors before the real-AWS apply window.
Limits
The mock has gaps. Some AWS services are not covered; some behaviours are simplified. Final validation still needs real AWS in staging because production fidelity is not guaranteed.
- Mock implementation gap. Some services not covered; some only partial. Check the Localstack support matrix per service.
- Behaviour simplification. Eventual consistency, IAM nuance, and rate-limit behaviour often differ from real AWS.
- Real-AWS staging gate. Per-deployment a real-AWS staging step. Catches the fidelity gap before production.
- Documented gap list per team. Known limitations documented. Catches the “works locally, breaks in staging” failure mode.
Integrate
The CI integration is where tflocal pays off. Pre-flight tests catch Terraform errors before the real-AWS apply window opens.
- CI pre-flight tests. Localstack-backed
terraform planplus apply on every PR. Fast feedback before real deploy. - Catches Terraform errors. Syntax, dependency, and resource-graph errors caught locally. Saves expensive real-AWS apply failures.
- Required-status check per PR. Named gate blocks broken Terraform from merging.
- Per-CI Localstack tear-down. Cleanup between test runs. Catches state pollution that would cause flaky tests.