Minimal Terraform Backend Plan (S3 + DynamoDB)

Why

• S3 stores shared Terraform state.
• DynamoDB provides state locking to prevent concurrent apply corruption.

This does not change runtime architecture (EC2/ECS stays the same).

1) Bootstrap once per environment

Create S3 bucket and DynamoDB lock table per env (dev, stage, prod):

• S3: kvary-terraform-state-<env>
• DynamoDB: kvary-terraform-locks-<env> with partition key LockID (String)

2) Backend config files

• backend.dev.hcl
• backend.stage.hcl
• backend.prod.hcl

Update bucket/table names if your naming differs.

3) Init examples

cd docs/80_chain/templates/terraform/ecs-kafka-orchestrator

terraform init -reconfigure -backend-config=backend.dev.hcl
terraform plan -var-file=dev.tfvars

terraform init -reconfigure -backend-config=backend.stage.hcl
terraform plan -var-file=stage.tfvars

terraform init -reconfigure -backend-config=backend.prod.hcl
terraform plan -var-file=prod.tfvars

4) Team rule

• Never run shared env applies with local backend.
• Always init with the matching backend.<env>.hcl before plan/apply.