Terraformcloud~30 mins

State locking with DynamoDB in Terraform - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

State locking with DynamoDB

📖 Scenario: You are setting up Terraform to manage your cloud infrastructure safely. To avoid multiple people changing the infrastructure at the same time, you want to use a locking mechanism. DynamoDB can help by locking the Terraform state file during changes.

🎯 Goal: Create a DynamoDB table for Terraform state locking and configure Terraform backend to use it.

📋 What You'll Learn

Create a DynamoDB table named exactly terraform-lock-table

Set the primary key attribute to LockID of type string

Enable server-side encryption for the table

Configure Terraform backend to use the DynamoDB table terraform-lock-table for state locking

Use an S3 bucket named exactly terraform-state-bucket for storing the Terraform state

💡 Why This Matters

🌍 Real World

Terraform state locking prevents multiple users from applying changes simultaneously, avoiding conflicts and corrupted state. DynamoDB is a common choice for locking because it is fast and reliable.

💼 Career

Cloud engineers and DevOps professionals use Terraform with state locking to manage infrastructure safely and collaborate effectively in teams.

Progress0 / 4 steps

Create DynamoDB table resource

Create a Terraform resource called aws_dynamodb_table named terraform_lock_table with the table name terraform-lock-table. Set the attribute LockID as a string type hash key.

Terraform

# Your code here to create the DynamoDB table resource

Need a hint?

Use resource "aws_dynamodb_table" "terraform_lock_table" {} with name, hash_key, and attribute blocks.

Enable server-side encryption

Add server-side encryption to the aws_dynamodb_table.terraform_lock_table resource by setting server_side_encryption block with enabled = true.

Terraform

resource "aws_dynamodb_table" "terraform_lock_table" {
  name           = "terraform-lock-table"
  billing_mode   = "PAY_PER_REQUEST"
  hash_key       = "LockID"

  attribute {
    name = "LockID"
    type = "S"
  }

  # Add server-side encryption block here
  # Your code here
}

Need a hint?

Add server_side_encryption { enabled = true } inside the DynamoDB resource.

Configure Terraform backend with S3 and DynamoDB

Add a terraform block with a backend "s3" configuration. Set bucket to terraform-state-bucket, key to terraform.tfstate, region to us-east-1, and dynamodb_table to terraform-lock-table.

Terraform

resource "aws_dynamodb_table" "terraform_lock_table" {
  name           = "terraform-lock-table"
  billing_mode   = "PAY_PER_REQUEST"
  hash_key       = "LockID"

  attribute {
    name = "LockID"
    type = "S"
  }

  server_side_encryption {
    enabled = true
  }
}

terraform {
  backend "s3" {
    # Your code here
  }
}

Need a hint?

Use terraform { backend "s3" { ... } } with the exact bucket, key, region, and dynamodb_table values.

Add AWS provider configuration

Add a Terraform provider "aws" block with region = "us-east-1" to configure the AWS provider.

Terraform

resource "aws_dynamodb_table" "terraform_lock_table" {
  name           = "terraform-lock-table"
  billing_mode   = "PAY_PER_REQUEST"
  hash_key       = "LockID"

  attribute {
    name = "LockID"
    type = "S"
  }

  server_side_encryption {
    enabled = true
  }
}

terraform {
  backend "s3" {
    bucket         = "terraform-state-bucket"
    key            = "terraform.tfstate"
    region         = "us-east-1"
    dynamodb_table = "terraform-lock-table"
  }
}

# Add AWS provider configuration below
# Your code here

Need a hint?

Add provider "aws" { region = "us-east-1" } at the top of your Terraform file.