A more insidious problem can develop outside of version control - when developers apply terraform changes to the remote state outside of the CD mechanism, e.g. from their personal laptop. The next time the CD Pipeline will run, it will detect these changes, and possibly overwrite them, depending on what exists in version control already, and depending on if the developer merged his changes properly. My approach to this problem is to disallow terraform apply outside of official CI/CD tooling and with approvals (if necessary). At minimum, the developer who notices the unauthorized changes in the CD pipeline will be very confused, and at worst overwrite critical changes on accident.
Thanks for the information. I have one question. Does devops guys will write the Terraform code or any specific people who will be writing in the state file and pushing it to repository??? Just loke developers do
A more insidious problem can develop outside of version control - when developers apply terraform changes to the remote state outside of the CD mechanism, e.g. from their personal laptop. The next time the CD Pipeline will run, it will detect these changes, and possibly overwrite them, depending on what exists in version control already, and depending on if the developer merged his changes properly. My approach to this problem is to disallow terraform apply outside of official CI/CD tooling and with approvals (if necessary).
At minimum, the developer who notices the unauthorized changes in the CD pipeline will be very confused, and at worst overwrite critical changes on accident.
Thank you!
Thanks for the information. I have one question. Does devops guys will write the Terraform code or any specific people who will be writing in the state file and pushing it to repository??? Just loke developers do
Mostly DevOps people (whoever owns the Cloud Infrastructure in a company)