Chapter Ten

Collaboration and Automation

Taking Terraform off the laptop: shared locked state, a CI pipeline that plans on every pull request and applies on merge, the human approval gate, managed run platforms, drift detection, and cost estimation before the bill.

6 topics

Everything so far assumed one person running apply from a terminal. A team breaks that assumption in three ways at once: two people can write the same state, nobody can see what someone else applied, and a console hotfix made during an incident silently diverges from the code. This chapter is about the machinery that makes Terraform safe with more than one person and more than one environment.

The spine of it is a CI pipeline running against shared, locked, remote state. Every pull request runs plan and posts it for review; merge runs apply against the exact plan that was reviewed; credentials come from OIDC-assumed roles, never stored keys. Around that spine sit the supporting disciplines — a deliberate approval gate, the build-versus-buy call on HCP Terraform, scheduled drift detection, and a dollar figure on every plan before it merges.

Topics in This Chapter

The production S3 backend: bucket with versioning and KMS encryption, native S3 locking versus the legacy DynamoDB table, the bootstrapping chicken-and-egg, and one state per boundary.

Terraform in CI/CD

The canonical pipeline: fmt and validate and plan on every PR, apply gated on merge, plan artifacts applied exactly, and OIDC role assumption instead of static AWS keys.

Plan/Apply Approval Workflows

The human gate that makes automation safe: reading a plan as a diff, what to scrutinize in destroy and replace lines, keeping the plan-to-apply window short, and stricter rules for production.

HashiCorp's managed service for remote state, runs, approvals, a private registry, and Sentinel policy — what it gives you over self-built S3 plus CI, and how to make the build-versus-buy call.

PlatformManaged

Drift Detection and Reconciliation

The gap between state and reality: what causes drift, scheduled refresh-only detection, the revert-versus-accept decision, and reducing console access to stop drift at the source.

OperationsState

Cost Estimation

Putting a dollar figure on a plan with Infracost: the monthly cost delta as a PR comment, thresholds that flag large increases, and the usage-based costs an estimate cannot fully predict.