Skip to main content Miguel Hernández

S3 Native State Locking in Terraform

TL;DR
Terraform 1.11 introduces S3-native state locking, eliminating the need for DynamoDB-based locks.

Traditionally, Terraform used DynamoDB-based locking to prevent concurrent state modifications when using an S3 backend. With Terraform 1.11, S3-native state locking is now generally available, allowing users to manage state locks directly through S3 without relying on DynamoDB.

This change simplifies state management by reducing dependencies and improving performance. While you can still use DynamoDB for migration purposes, Terraform recommends migrating to the new S3-native state locking mechanism.

Enabling S3 Native State Locking

To enable S3-native state locking, update your backend configuration to include the use_lockfile argument:

hcl code snippet start

terraform {
  backend "s3" {
    bucket       = "my-terraform-state-bucket"
    key          = "state/terraform.tfstate"
    region       = "us-east-1"    
    use_lockfile = true # Enables S3-native state locking
  }
}

hcl code snippet end

Once enabled, Terraform will automatically handle state locking via (sidenote: Don't forget to update the required IAM permissions.) , preventing simultaneous operations on the state file.

Note
If you’re currently using DynamoDB for state locking, you can enable both S3 and DynamoDB locking simultaneously to ensure a smooth transition. However, DynamoDB-based locking will be removed in a future minor release, so it’s best to migrate fully to S3-native locking as soon as possible.