Implement State File Separation for Infrastructure Components #78
Description
Why Not Workspaces
- Less explicit dependency management
- Higher risk of accidental state modifications
- Harder to manage different configurations per component
- More difficult to handle concurrent modifications
Proposed Structure
terraform/
├── environments/
│ └── staging/
│ ├── core/ # VPC, IAM, EKS (required first)
│ ├── apps/ # ArgoCD, other k8s deployments
│ └── data/ # RDS, S3, ElastiCache (future)
Changes Required
New Files
- staging/core/main.tf
- Move VPC, EKS from current staging/main.tf
- Add data outputs for apps/data dependencies
- staging/core/outputs.tf
output "eks_cluster_endpoint" {}
output "vpc_id" {}
output "private_subnets" {}- staging/apps/main.tf
- Move ArgoCD configuration
- Add data sources for core dependencies:
data "terraform_remote_state" "core" {
backend = "s3"
config = {
bucket = "your-bucket"
key = "staging/core/terraform.tfstate"
}
}- staging/data/main.tf (future)
- Similar core dependency pattern
- Separate state for databases/storage
Modified Files
- Move provider configs to each component
- Update backend configurations for state separation
- Update module references to use remote state data
Dependencies
graph TD
Core --> Apps
Core --> Data
- Core must be deployed first
- Apps and Data can be deployed independently
- Each component gets its own terraform.tfstate
Migration Steps
- Backup current state
- Create new S3 backend paths
- Move resources to new structure
- Import existing resources to new states
- Update CI/CD for separate apply stages
Future Considerations
- IAM roles/policies in core
- Networking components isolated in core
- Monitoring stack could be separate component
- Consider secrets management separation