Skip to Content
Cloud & Infrastructure 6 min. read

Terraform State Management: Remote State, Locking, and Workspaces

The Terraform state is the most critical file in your infrastructure. Best practices for secure, scalable state management.

devRocks Team · 01. March 2026 · Aktualisiert: 21. May 2026
Terraform State AWS S3 Infrastructure
Terraform State Management: Remote State, Locking, and Workspaces

Why State Management Is Critical

The Terraform state maps your HCL configuration to real cloud resources. If the state is lost or becomes inconsistent, Terraform can no longer manage your infrastructure.

Remote State: S3 + DynamoDB

Local state works for individuals, but in teams, you need remote state.

  • S3 Backend: Store state in a versioned, encrypted S3 bucket.
  • DynamoDB Locking: Prevents two team members from running apply simultaneously.
  • Encryption: Server-side encryption (SSE-S3 or SSE-KMS) for state at rest.

State Structure

  • One State per Environment: Separate state files for dev, staging, and production, a failed apply in dev must not affect production.
  • Workspaces vs. Directories: Workspaces share code with different state files. Directories provide stronger isolation. We prefer directories for production.
  • State Granularity: Networking, compute, and application in separate states, reduces blast radius and plan times.

Emergency Procedures

  • State Backup: Enable S3 versioning, every apply automatically creates a backup.
  • Import: terraform import to adopt existing resources into the state.
  • State Surgery: terraform state rm and terraform state mv for refactoring, always with a prior backup.

Questions About This Topic?

We are happy to advise you on the technologies and solutions described in this article.

Get in Touch

Seit über 25 Jahren realisieren wir Engineering-Projekte für Mittelstand und Enterprise.

Weitere Artikel aus „Cloud & Infrastructure“

Outsourcing Platform Operations - When It’s Worth It
Cloud & Infrastructure 7 min.

Outsourcing Platform Operations - When It’s Worth It

Outsourcing Platform Operations: When it Makes Sense for Medium-Sized Businesses, What Risks to Consider, and How to Successfully Execute Handover and Operations.

22. May 2026
AWS Summit Hamburg 2026: What Agentic AI, OpenAI on Bedrock, and the European Sovereign Cloud Mean for SMEs
Cloud & Infrastructure 9 min.

AWS Summit Hamburg 2026: What Agentic AI, OpenAI on Bedrock, and the European Sovereign Cloud Mean for SMEs

Our impressions from the AWS Summit Hamburg 2026 – the key AI announcements regarding Bedrock, AgentCore, and the European Sovereign Cloud, and what Northern German companies should take away from them.

20. May 2026
Introducing Infrastructure as Code with Plan
Cloud & Infrastructure 7 min.

Introducing Infrastructure as Code with Plan

Introducing Infrastructure as Code: This is how companies reduce errors, accelerate releases, and create a scalable cloud foundation.

17. May 2026

Frequently Asked Questions

Terraform State Management is crucial because the state maps the HCL configuration to the actual cloud resources. A lost or inconsistent state can cause Terraform to no longer manage the infrastructure correctly.
To set up Remote State, you can use an S3 backend to store your state in a versioned and encrypted S3 bucket. Additionally, DynamoDB should be used for locking to prevent multiple team members from making changes simultaneously.
Directories provide stronger isolation as they are completely separate from each other, while workspaces share the same code with different state files. It is advisable to use directories for production environments to avoid possible errors in other environments.
To secure your Terraform State, you can enable S3 versioning, which automatically creates a backup on each apply. It is also advisable to perform regular manual backups, especially before major changes.
State Surgery refers to editing the Terraform state with commands like 'terraform state rm' or 'terraform state mv'. These procedures should only be used after backing up the state to ensure the integrity of the infrastructure is not compromised.

Didn't find an answer?

Get in touch