Locking state files with Terragrunt
Let's say you have your application template and a team of five people working on it. One Monday morning you decide to change a minor thing, such as the security group, and at the same time your colleague, sitting in a room next to you, decides to change a disk size for instances. Being confident that you are the only ones running the terraform apply
 command at this moment, you both do terraform apply
, push
changed state
file to the git
repository (or to remote storage like S3), and end up in a total disaster.
If your state
file is stored in git,
then you will meet the merge
conflict: not too bad, you can try to resolve it by hand, and you still can see who changed what. If you use a remote backend for the state
file, then things are going south. Which state
file is now inside the remote storage? And where do changes of another Terraform run go?
It is dangerous to work on the same state file in a team because there is no locking out of the box. You could...