Terraform Conventions

Owned by Victoria Guido
Last updated: Jul 14, 2022 by Joe Ferris
1 min read

We use Terraform to maintain infrastructure as code.

State Backends

On AWS, we use the S3 backend for Terraform state. We create a separate backend bucket for each AWS account. Terraform state should be encrypted using unique, customer-managed KMS keys. The key for each module's state should reflect that module's path within the infrastructure repository.

You can use the Terraform state backend Cloudformation template to create a secure Terraform state backend for each AWS account. When using Control Tower, you can use customizations for Control Tower to create a Terraform state backend as part of the baseline for each account.

The landing zone template repository comes with configuration for Terraform state backends.

Filenames

backend.tf

Configuration for the state backend

main.tf

Resources, data sources, modules, and locals

outputs.tf

Outputs

providers.tf

Configuration for Terraform providers

variables.tf

Variables

versions.tf

Required Terraform and provider versions

Formatting

All files should be formatted using terraform fmt.