Hi, I need some 2nd opinion on my problem with setup of Terraform and AWS accounts
Environment: separate AWS accounts per environment, assume DEV and PRD
What I would like to achieve:
Deploy resources for DEV account and PRD account and store state in S3 backend (each state should be stored in relevant ENV, so DEV state is in DEV account, PRD state is in PRD account)
I tried already with workspaces but it happens that workspace is disappearing occasionally and I’m getting lost the setup I did.
Now I am trying to set state infrastructure in separate directory to deploy S3 backet and DynamoDb for state Lock first and then use it from /terraform directory with other resources. This seems complex and over complicated
I have seen also terragrunt, which is speaking shortly: prepare resources as module and then build some directories per env with .hcl configs
I have no option for cross-account AWS role for devops role to store state in another devops AWS account.
What is the best approach to achieve the goal? I spent some time on that already but solution seems to be still far away.