We are planning to manage infrastructure across four AWS accounts: sandbox, dev, staging, and prod. Our goal is to develop and test infrastructure in the sandbox environment, then promote it through dev, staging, and finally to production.
We are thinking of using S3 as the backend for storing Terraform state files, with one bucket per account (e.g., a separate state bucket in each AWS account). Is this the recommended approach, or is there a more effective pattern for managing state across environments?
Additionally, we are using GitHub Actions for CI/CD, and we are open to incorporating Terraform workflows through it as part of our deployment pipeline.
Could you please advise on best practices for:
- Managing and promoting Terraform configurations across multiple AWS accounts/environments.
- Organizing S3 backends and state files for this type of multi-account structure.
- Integrating GitHub Actions in this workflow to safely and reliably apply changes through the pipeline.
Thank you for your guidance!