![[The AI Show Episode 144]: ChatGPT’s New Memory, Shopify CEO’s Leaked “AI First” Memo, Google Cloud Next Releases, o3 and o4-mini Coming Soon & Llama 4’s Rocky Launch](https://www.marketingaiinstitute.com/hubfs/ep%20144%20cover.png)
![[DEALS] The All-in-One Microsoft Office Pro 2019 for Windows: Lifetime License + Windows 11 Pro Bundle (89% off) & Other Deals Up To 98% Off](https://www.javacodegeeks.com/wp-content/uploads/2012/12/jcg-logo.jpg){kind=logo}
![Is this too much for a modular monolith system? [closed]](https://i.sstatic.net/pYL1nsfg.png)
_Andreas_Prott_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
![What features do you get with Gemini Advanced? [April 2025]](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2024/02/gemini-advanced-cover.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1)
![Apple Shares Official Trailer for 'Long Way Home' Starring Ewan McGregor and Charley Boorman [Video]](https://www.iclarified.com/images/news/97069/97069/97069-640.jpg)
![Apple Watch Series 10 Back On Sale for $299! [Lowest Price Ever]](https://www.iclarified.com/images/news/96657/96657/96657-640.jpg)
![EU Postpones Apple App Store Fines Amid Tariff Negotiations [Report]](https://www.iclarified.com/images/news/97068/97068/97068-640.jpg)
![Apple Slips to Fifth in China's Smartphone Market with 9% Decline [Report]](https://www.iclarified.com/images/news/97065/97065/97065-640.jpg)
Terraform State Locking
In my previous post, I mentioned that the next step would be setting up a VPC. But before I do that, I realized I skipped an important foundational piece: Terraform state locking. Terraform generates a state file to keep track of the resources it manages. This file is crucial, and to prevent corruption during simultaneous updates, Terraform can lock it when applying changes. This ensures that your plan is based on the latest state and avoids conflicting modifications — especially important when collaborating or working across environments. For this setup, I’ll be using S3 to store the state. The last time I worked extensively with Terraform, I used DynamoDB for state locking. However, it seems that functionality is being deprecated — and now S3 supports locking on its own, which is a welcome simplification. Here’s the plan: Define the S3 bucket in Terraform Apply the configuration to create the bucket Configure Terraform to use this bucket for remote state storage I created an s3.tf file with the configuration shown below. I'm using paulb- as a prefix to help ensure the bucket name is globally unique. Following Terraform’s best practices, I’ve also enabled versioning on the bucket to better protect state history. Let me know if you'd like help rewriting the code section next, or styling this as a blog post! resource "aws_s3_bucket" "tf_state" { bucket = "paulb-devops-toolkit-terraform-state" } resource "aws_s3_bucket_versioning" "tf_state" { bucket = aws_s3_bucket.tf_state.id versioning_configuration { status = "Enabled" } } I also decided to tag all the AWS resources which I will generate for this project. To do so, I will set the tag in the AWS provider configuration, so I won't have to set it in every resource configuration. provider "aws" { shared_config_files = ["/Users/paulbenetis/.aws/config"] shared_credentials_files = ["/Users/paulbenetis/.aws/credentials"] profile = "default" default_tags { tags = { Project = "devops-toolkit" } } } Now I just need to create a plan which I will apply to create the bucket with versioning enabled. terraform plan And now to create the resources defined in the plan. > terraform apply aws_s3_bucket.tf_state: Creating... aws_s3_bucket.tf_state: Creation complete after 3s [id=paulb-devops-toolkit-terraform-state] aws_s3_bucket_versioning.tf_state: Creating... aws_s3_bucket_versioning.tf_state: Creation complete after 2s [id=paulb-devops-toolkit-terraform-state] Now I can check the status of this new resource. terraform state show aws_s3_bucket.tf_state The bucket is created as expected, and also has the default tag! ... tags_all = { "Project" = "devops-toolkit" } ... Now I just need to assign this bucket as the backend of state storage and locking. I am adding a new block to the terraform block in main.tf. terraform { ... backend "s3" { bucket = "paulb-devops-toolkit-terraform-state" key = "tfstate" region = "us-east-1" use_lockfile = true } ... } Now I will apply this new configuration and start storing the state remotely in s3! > terraform init Initializing the backend... Do you want to copy existing state to the new backend? Pre-existing state was found while migrating the previous "local" backend to the newly configured "s3" backend. No existing state was found in the newly configured "s3" backend. Do you want to copy this state to the new "s3" backend? Enter "yes" to copy and "no" to start with an empty state. Enter a value: yes Successfully configured the backend "s3"! Terraform will automatically use this backend unless the backend configuration changes. Initializing provider plugins... - Reusing previous version of hashicorp/aws from the dependency lock file - Using previously-installed hashicorp/aws v5.95.0 Terraform has been successfully initialized! My Terraform state is now successfully stored in the S3 bucket!
In my previous post, I mentioned that the next step would be setting up a VPC. But before I do that, I realized I skipped an important foundational piece: Terraform state locking.
Terraform generates a state file to keep track of the resources it manages. This file is crucial, and to prevent corruption during simultaneous updates, Terraform can lock it when applying changes. This ensures that your plan is based on the latest state and avoids conflicting modifications — especially important when collaborating or working across environments.
For this setup, I’ll be using S3 to store the state. The last time I worked extensively with Terraform, I used DynamoDB for state locking. However, it seems that functionality is being deprecated — and now S3 supports locking on its own, which is a welcome simplification.
Here’s the plan:
- Define the S3 bucket in Terraform
- Apply the configuration to create the bucket
- Configure Terraform to use this bucket for remote state storage
I created an s3.tf file with the configuration shown below. I'm using paulb- as a prefix to help ensure the bucket name is globally unique. Following Terraform’s best practices, I’ve also enabled versioning on the bucket to better protect state history.
Let me know if you'd like help rewriting the code section next, or styling this as a blog post!
resource "aws_s3_bucket" "tf_state" {
bucket = "paulb-devops-toolkit-terraform-state"
}
resource "aws_s3_bucket_versioning" "tf_state" {
bucket = aws_s3_bucket.tf_state.id
versioning_configuration {
status = "Enabled"
}
}
I also decided to tag all the AWS resources which I will generate for this project. To do so, I will set the tag in the AWS provider configuration, so I won't have to set it in every resource configuration.
provider "aws" {
shared_config_files = ["/Users/paulbenetis/.aws/config"]
shared_credentials_files = ["/Users/paulbenetis/.aws/credentials"]
profile = "default"
default_tags {
tags = {
Project = "devops-toolkit"
}
}
}
Now I just need to create a plan which I will apply to create the bucket with versioning enabled.
terraform plan
And now to create the resources defined in the plan.
> terraform apply
aws_s3_bucket.tf_state: Creating...
aws_s3_bucket.tf_state: Creation complete after 3s [id=paulb-devops-toolkit-terraform-state]
aws_s3_bucket_versioning.tf_state: Creating...
aws_s3_bucket_versioning.tf_state: Creation complete after 2s [id=paulb-devops-toolkit-terraform-state]
Now I can check the status of this new resource.
terraform state show aws_s3_bucket.tf_state
The bucket is created as expected, and also has the default tag!
...
tags_all = {
"Project" = "devops-toolkit"
}
...
Now I just need to assign this bucket as the backend of state storage and locking. I am adding a new block to the terraform block in main.tf.
terraform {
...
backend "s3" {
bucket = "paulb-devops-toolkit-terraform-state"
key = "tfstate"
region = "us-east-1"
use_lockfile = true
}
...
}
Now I will apply this new configuration and start storing the state remotely in s3!
> terraform init
Initializing the backend...
Do you want to copy existing state to the new backend?
Pre-existing state was found while migrating the previous "local" backend to the
newly configured "s3" backend. No existing state was found in the newly
configured "s3" backend. Do you want to copy this state to the new "s3"
backend? Enter "yes" to copy and "no" to start with an empty state.
Enter a value: yes
Successfully configured the backend "s3"! Terraform will automatically
use this backend unless the backend configuration changes.
Initializing provider plugins...
- Reusing previous version of hashicorp/aws from the dependency lock file
- Using previously-installed hashicorp/aws v5.95.0
Terraform has been successfully initialized!
My Terraform state is now successfully stored in the S3 bucket!
