- Use version control (e.g., Git) for all Terraform configurations
- Create a new branch for proposed changes
- Ensure you're working with the latest version of the main branch
- Update Terraform and provider versions to the latest stable releases
- Follow established naming conventions and code structure
- Use consistent formatting (run
terraform fmt) - Implement and update automated tests for your Terraform code
- Conduct peer code reviews before merging changes
- Run
terraform validateto check for configuration errors - Execute
terraform planand carefully review the proposed changes - Save the plan output to a file for later application
- Have a team member review the plan output (explore automation for this review, potentially a LLM)
- Ensure changes align with the intended modifications
- Verify that critical resources are not being unintentionally modified or destroyed (Keep a list of critical resources)
- Use Terraform workspaces to manage different environments (dev, staging, prod)
- Apply changes to lower environments (e.g., dev, staging) before production
- Implement and respect change freeze periods for critical environments
- Use
terraform applywith the saved plan file to ensure consistency - Monitor the apply process closely for any unexpected behavior
- Verify that the changes were applied correctly in the AWS console
- Run relevant integration or smoke tests (Add tests for all previous failures)
- Monitor affected systems and applications for any issues
- Document the changes and update relevant documentation (Have a Correct of Errors process in place)
- Regularly audit and clean up unused resources (Have usage dashboards for all systems at a tier level)
- Implement and maintain a disaster recovery plan
- Conduct regular training sessions on Terraform best practices
- Use Terraform Cloud or a CI/CD pipeline for automated checks and applies
- Implement strong IAM policies and use least privilege access
- Regularly review and update your Terraform modules and configurations