Implement terraform state locking in S3 backends #2467
Comments
dms1981
added
enhancement
|
Initial PR put in place for review |
|
I think this is now in place for the core-vpc code and needs to be tested. The above has been edited to list all the environments that have a backend.tf which probably need to be amended. |
|
core-vpc and core-security completed (individual PRs) (e.g. #2552) |
|
Changes made for the above but I am now going through them to see which do not work. bichard7 is the first culprit, and I will remove them from the list above and try to take them out of the PR |
|
Non-working items to remove from PR bichard7 - Error refreshing state: InvalidObjectState: The operation is not valid for the object's storage class Sprinkler has been left in place but it indicates it will destroy 9 items |
|
plan on core-sandbox indicates it will destroy 10 items so this is being left out. |
|
Has been applied |
User Story
As a Modernisation Platform Engineer
I need to implement backend locking of the terraform statefile
So that only one agent can modify the statefile at any given time
User Type(s)
Value
Without state file locking, it's possible for two jobs to access the statefile at the same time, leading to the creation of terraform statefile versions which are not in agreement with each other. In the case of a new account creation, this can lead to a state where terraform jobs cannot successfully run due to missing information.
Also, given our approach to work where many hands can be busy at one time, state file locking is an ideal solution to prevent any problems with clashing workflows.
Questions / Assumptions / Hypothesis
Proposal
We should implement a DynamoDB table and the necessary configuration elements specified by Hashicorp in the S3 backend type documentation
##Environments
Definition of done
Reference
How to write good user stories
Backend type: S3
The text was updated successfully, but these errors were encountered: