Stop Paying for DynamoDB Just to Lock Your Terraform State — Do This Instead

Amay JaiswalAmay Jaiswal
2 min read

𝗟𝗼𝘀𝗶𝗻𝗴 𝗺𝗼𝗻𝗲𝘆 by running a 𝑫𝒚𝒏𝒂𝒎𝒐𝑫𝑩 just to lock your 𝑻𝒆𝒓𝒓𝒂𝒇𝒐𝒓𝒎 𝒔𝒕𝒂𝒕𝒆? Now there’s a better way! 🫨
I remember staring at my 𝗔𝗪𝗦 𝗯𝗶𝗹𝗹, scratching my head: “Why am I paying for a whole database just to prevent two terraform apply commands from stepping on each other?” 😅 If you’ve felt the same pinch, here’s the good news: 𝗧𝗲𝗿𝗿𝗮𝗳𝗼𝗿𝗺 𝟭.𝟭𝟬+ lets S3 handle state locking all by itself—𝗻𝗼 𝗗𝘆𝗻𝗮𝗺𝗼𝗗𝗕 𝗿𝗲𝗾𝘂𝗶𝗿𝗲𝗱.

𝗪𝗵𝘆 𝘁𝗵𝗶𝘀 𝗺𝗮𝘁𝘁𝗲𝗿𝘀 (𝗶𝗻 𝗽𝗹𝗮𝗶𝗻 𝗘𝗻𝗴𝗹𝗶𝘀𝗵):

• 𝗙𝗲𝘄𝗲𝗿 𝗺𝗼𝘃𝗶𝗻𝗴 𝗽𝗮𝗿𝘁𝘀 → less to set up, secure, and troubleshoot.
• 𝗟𝗼𝘄𝗲𝗿 𝗰𝗼𝘀𝘁𝘀 → S3 versioning is free once enabled, versus DynamoDB read/write fees.
• 𝗣𝗲𝗮𝗰𝗲 𝗼𝗳 𝗺𝗶𝗻𝗱 → built‑in locking prevents accidental overwrites.

𝗛𝗲𝗿𝗲’𝘀 𝗵𝗼𝘄 𝘁𝗼 𝘀𝘄𝗶𝘁𝗰𝗵 𝗼𝘃𝗲𝗿, 𝘀𝘁𝗲𝗽 𝗯𝘆 𝘀𝘁𝗲𝗽:

𝟭. 𝗘𝗻𝗮𝗯𝗹𝗲 𝘃𝗲𝗿𝘀𝗶𝗼𝗻𝗶𝗻𝗴 𝗼𝗻 𝘆𝗼𝘂𝗿 𝗦𝟯 𝗯𝘂𝗰𝗸𝗲𝘁

• Head to the AWS Console
• Find your bucket (or create one)
• Under Properties, toggle Bucket Versioning to Enabled

𝟮. 𝗨𝗽𝗱𝗮𝘁𝗲 𝘆𝗼𝘂𝗿 𝗧𝗲𝗿𝗿𝗮𝗳𝗼𝗿𝗺 𝗯𝗮𝗰𝗸𝗲𝗻𝗱 𝗯𝗹𝗼𝗰𝗸

Open your main.tf (or wherever you configure your backend) and tweak it like this:

𝑡𝑒𝑟𝑟𝑎𝑓𝑜𝑟𝑚 {
𝑏𝑎𝑐𝑘𝑒𝑛𝑑 "𝑠3" {
𝑏𝑢𝑐𝑘𝑒𝑡 = "𝑚𝑦-𝑖𝑛𝑓𝑟𝑎-𝑠𝑡𝑎𝑡𝑒-𝑏𝑢𝑐𝑘𝑒𝑡"
𝑘𝑒𝑦 = "𝑖𝑛𝑓𝑟𝑎/𝑠𝑡𝑎𝑡𝑒/𝑡𝑒𝑟𝑟𝑎𝑓𝑜𝑟𝑚.𝑡𝑓𝑠𝑡𝑎𝑡𝑒"
𝑟𝑒𝑔𝑖𝑜𝑛 = "𝑢𝑠-𝑒𝑎𝑠𝑡-1"
𝑒𝑛𝑐𝑟𝑦𝑝𝑡 = 𝑡𝑟𝑢𝑒
𝗹𝗼𝗰𝗸𝗶𝗻𝗴 = 𝘁𝗿𝘂𝗲
}
}

– Notice that extra locking = true line? That’s the magic. ✨

𝟯. 𝗥𝘂𝗻 𝘁𝗲𝗿𝗿𝗮𝗳𝗼𝗿𝗺 𝗶𝗻𝗶𝘁

• Terraform will detect the change and migrate your state (if needed).
• You’ll see S3 take care of locking under the hood—no DynamoDB table required.

𝗔 𝗳𝗲𝘄 𝗳𝗿𝗶𝗲𝗻𝗱𝗹𝘆 𝗿𝗲𝗺𝗶𝗻𝗱𝗲𝗿𝘀:

• Make sure everyone on your team uses Terraform ≥1.10, or they’ll hit an error when use_lockfile is unknown.
• Check your IAM policies: grant s3:PutObject and s3:DeleteObject on the lock file prefix (same as your state).
• If you ever need to fall back, you can still add dynamodb_table = "your-lock-table", but it’s deprecated and best avoided.

#TerraformTips #AWSCommunity #CloudEngineering #DevOpsLife #InfrastructureAsCode #TerraformModules #IaC #CloudCostOptimization #S3Bucket #DevOpsTools #AWSInfra #TerraformState #DynamoDB #AWSSimplified #TechSimplified #BuildWithTerraform #DevOpsForAll #CloudBestPractices #OpenSourceTools #InfraMadeSimple #TerraformUpdate #CostEffectiveCloud #DevOpsOnAWS #HashiCorp #CloudAutomation

0
Subscribe to my newsletter

Read articles from Amay Jaiswal directly inside your inbox. Subscribe to the newsletter, and don't miss out.

TerraformAWS s3AWS DynamoDBterraform-state

Written by

Amay Jaiswal
Amay Jaiswal

AWS Cloud & DevOps Engineer | Cloud Computing | Linux | Terraform & CloudFormation | AWS (EC2, S3, Lambda, API Gateway, DynamoDB, IAM) | Docker | Jenkins | CI/CD Pipelines | MySQL | Java | Jira | Postman | Git/GitHub