top of page
Search

No More DynamoDB: Native S3 Locking Now Available in Terraform 1.11 and Later

  • 7 days ago
  • 3 min read

Table of Contents:

Overview

For years, terraform users have used AWS S3 to store remote state and relied on a DynamoDB table for state locking to avoid conflicts during concurrent operations. With the latest Terraform release, native state locking in S3 is now fully supported—eliminating the need to manage a separate DynamoDB table. This simplifies backend configuration and reduces the overhead of maintaining extra AWS resources.


In this article, we’ll break down what this update means, how to migrate from DynamoDB-based locking to S3 native locking, and what Terraform users should keep in mind during the transition.


What is Terraform State Locking?

State locking prevents multiple Terraform processes from making simultaneous changes to the state file, helping avoid conflicts and potential data corruption. Traditionally, when using an S3 backend, this required configuring a separate DynamoDB table to manage the lock—an effective but operationally complex solution.


With the latest release, Terraform now natively supports state locking directly in S3, removing the need for a DynamoDB table while still providing reliable and secure locking.



Why Switch to S3 Native State Locking?

  1. Simplified Backend Setup

    Eliminates the need to create and manage a separate DynamoDB table, reducing overall configuration complexity.

  2. Reduced AWS Costs

    No more DynamoDB read/write capacity charges—leading to potential savings on your AWS bill.

  3. Easy Migration

    Existing state files remain unaffected. A simple configuration update is all that’s needed and Terraform manages the transition seamlessly.

  4. Better State Management

    Leverages Amazon S3’s built-in locking capabilities to maintain consistency—without relying on extra AWS services.


How to Transition to S3 Native State Locking?

  • Current Setup Using DynamoDB for Locking

    In the past, a standard S3 backend configuration with DynamoDB-based locking looked like this:

terraform {
  backend "s3" {
    bucket         = "anantacloud-tfstate-bucket"
    key            = "us-east-1/dev/vpc/terraform.tfstate"
    region         = "us-east-1"
    dynamodb_table = "anantacloud-tfstate-locking" # Legacy state lock
    encrypt        = true
  }
}

  • Updated Configuration (S3 Native Locking)

    To switch to S3 native state locking, simply update the backend configuration as follows:

terraform {
  backend "s3" {
    bucket         = "anantacloud-tfstate-bucket"
    key            = "us-east-1/dev/vpc/terraform.tfstate"
    region         = "us-east-1"
    use_lockfile   = true # New S3 native locking!
    encrypt        = true
  }
}

Following the update, Terraform will automatically handle state locking via Amazon S3, eliminating the need for DynamoDB or additional manual configurations. It will generate a locking file named terraform.tfstate.lock to secure the lock.


Key Considerations Before Migrating

Before switching to S3 native state locking, keep the following in mind:

  • Terraform Version: Make sure you're using Terraform 1.x or later, as native S3 locking is only supported in newer versions.

  • Existing Locks: If your state is currently locked via DynamoDB, Terraform will automatically release the lock once the DynamoDB configuration is removed.

  • IAM Permissions: Confirm that your IAM user or role has the necessary permissions to use S3 state locking. Specifically, ensure the policy includes:

{
  "Effect": "Allow",
  "Action": [
    "s3:GetObject",
    "s3:PutObject",
    "s3:DeleteObject"
  ],
  "Resource": "arn:aws:s3:::anantacloud-tfstate-bucket/*"
}
We highly recommend to test the migration in a non-production environment first to verify the locking mechanism works as expected

The Future of State Locking in Terraform

As Terraform continues to emphasize simplicity and automation, the introduction of native S3 state locking marks a significant evolution. HashiCorp has already signaled plans to deprecate DynamoDB-based locking in future versions, making it wise to begin testing and migrating now.


Adopting S3 native state locking offers a cleaner, more cost-effective approach to managing Terraform state—eliminating the need for DynamoDB and reducing overall complexity.


Conclusion

Native S3 state locking is a major improvement for Terraform users. With a small backend configuration change, you can transition smoothly and prepare your infrastructure for the future.


If you haven’t already, start experimenting with native locking in your development environment—and simplify your state management by moving on from DynamoDB.





Comments

Rated 0 out of 5 stars.
No ratings yet
Add a rating
average rating is 4 out of 5, based on 150 votes, Recommend it

Subscribe For Updates

Stay updated with the latest cloud insights and best practices, delivered directly to your inbox.

91585408_VEC004.jpg
Collaborate and Share Your Expertise To The World!
Ananta Cloud welcomes talented writers and tech enthusiasts to collaborate on blog. Share your expertise in cloud technologies and industry trends while building your personal brand. Contributing insightful content allows you to reach a broader audience and explore monetization opportunities. Join us in fostering a community that values your ideas and experiences.
business-professionals-exchanging-handshakes.png
bottom of page