What are common Terraform anti-patterns and pitfalls?
Answer
Common Terraform anti-patterns to avoid: Storing secrets in state unencrypted: always encrypt remote backend and restrict access. Monolithic state file: one state for entire company infrastructure — blast radius is enormous; split by layer and team. No state locking: allows concurrent apply corruption. Manual changes to Terraform-managed resources: causes drift and confusion. count for non-homogeneous resources: causes destructive index shifts; use for_each. Hard-coded values: credentials, region, account IDs in .tf files; use variables and environment-specific configs. Missing version constraints: provider and module versions unpinned; next init may break everything. Committed terraform.tfvars with secrets: sensitive values in Git history. No destroy protection: databases without prevent_destroy. Using provisioners for everything: breaks idempotency. Missing tagging strategy: impossible to track cost and ownership without consistent tags. No testing: applying to prod without validate, tflint, checkov, or plan review.
Previous
What is Terraform's approach to secret management with Vault?
Next
How does Terraform handle provider authentication in different environments?
More Terraform / IaC Questions
View all →- Advanced What is Terraform's provider development and custom providers?
- Advanced What is Policy as Code with Sentinel in Terraform?
- Advanced How does Terraform handle dependencies between resources?
- Advanced What is the Terraform CDK (CDKTF)?
- Advanced What are advanced Terraform state management operations?