// the find
ozbillwang/terraform-best-practices
Terraform Best Practices for AWS users
A README-only collection of Terraform best practices for AWS, with a few small working HCL examples (S3 backend, Lambda). Aimed at teams new to Terraform who need opinionated defaults on state management, environment isolation, and module structure. Not a library — nothing to install.
The S3 partial-backend pattern with per-environment `.conf` files is a genuine time-saver and solves a real pain point that trips up beginners. The layering advice (VPC, app, DB as separate state roots) is correct and matches how production setups actually look. The pointer to `terraform-docs` for auto-generating module READMEs is practical and often overlooked. Including the `terraform_remote_state` data source pattern with a concrete HCL snippet beats most blog posts on the topic.
Last updated December 2024 but still references Terraform 0.12/0.13 upgrade paths that are noise for anyone starting today on 1.x. The IAM policy example uses wildcard `*` on nearly every service including `iam:*`, which contradicts the section header ('minimum permissions') — that policy is effectively admin. Workspaces are presented without the standard caveat that using them for environment isolation is actively discouraged by HashiCorp for production; Terragrunt or separate state roots are the right answer, which this doc mentions but doesn't prioritize. No coverage of `moved` blocks, `check` blocks, or the native `terraform test` framework beyond a one-line mention.