Terraform Neutral Patterns (Context-Dependent)

Six patterns that are neither universally good nor bad โ€” they depend on organizational context, team size, and governance maturity. The Terraform skill presents these as explicit tradeoffs rather than recommendations.

1. Workspace-Centric Environment Split

locals {
  env = terraform.workspace
}

resource "aws_cloudwatch_log_group" "audit" {
  name = "/org/${local.env}/audit"
}

Tradeoff: Clean for workspace-managed workflows. Harder to reason about in ad-hoc CLI usage across many environments.

2. Single Repo with Many Modules

iac-repo/
  modules/
    network/
    identity/
    observability/
  environments/
    dev/
    prod/

Tradeoff: Easy discovery and shared standards. Larger blast radius for repo-level process changes.

3. Remote-State Bridge Across Stacks

data "terraform_remote_state" "platform" {
  backend = "gcs"
  config = {
    bucket = "infra-state-org"
    prefix = "platform/prod"
  }
}

Tradeoff: Quick integration path. Introduces coupling to producer stack internals.

4. Composite Module Owning Many Primitives

module "payments_platform" {
  source = "./modules/payments-platform"
}

Tradeoff: Simplifies root composition. Can become hard to evolve if internal boundaries are unclear.

5. Apply-Mode Native Tests in CI

run "database_contract" {
  command = apply
}

Tradeoff: Catches real runtime behavior. Increases cost and pipeline duration significantly.

6. Aggressive Precondition Usage

resource "aws_s3_bucket" "artifact" {
  bucket = var.bucket_name

  lifecycle {
    precondition {
      condition     = startswith(var.bucket_name, "org-")
      error_message = "Bucket names must start with org-."
    }
  }
}

Tradeoff: Protects conventions early and enforces naming standards. Too many strict checks can reduce module reuse across different org units.

results matching ""

    No results matching ""