I suggest you take a look at the hashicorp best-practices repo, which has quite a nice setup for dealing with different environments (similar to what James Woolfenden suggested).
We’re using a similar setup, and it works quite nicely. However, this best-practices repo assumes you’re using Atlas, which we’re not. We’ve created quite an elaborate Rakefile
, which basically (going by the best-practices repo again) gets all the subfolders of /terraform/providers/aws
, and exposes them as different builds using namespaces. So our rake -T
output would list the following tasks:
us_east_1_prod:init
us_east_1_prod:plan
us_east_1_prod:apply
us_east_1_staging:init
us_east_1_staging:plan
us_east_1_staging:apply
This separation prevents changes which might be exclusive to dev to accidentally affect (or worse, destroy) something in prod, as it’s a different state file. It also allows testing a change in dev/staging before actually applying it to prod.
Also, I recently stumbled upon this little write up, which basically shows what might happen if you keep everything together:
https://charity.wtf/2016/03/30/terraform-vpc-and-why-you-want-a-tfstate-file-per-env/