#terraform - July 2025

I am reviewing cloudposse-terraform-components/aws-tfstate-backend: This component is responsible for provisioning an S3 Bucket and DynamoDB table that follow security best practices for usage as a Terraform backend to see how my organization can use it to refactor/improve how we manage remote state and I have a few questions:
1. We currently have a terraform script that deploys s3 and dynamoDB to a centralized account with IAM role. Is that how the component expected to be used or is it meant to be used decentralized (e.g. deployed to the same account the terraform is ran)?
2. Would it make more sense to use the component and define a remote state pointing to a s3 bucket that is either created manually or via Cloudformation? we are looking to reduce manual work.

v1.13.0-alpha20250702
1.13.0-alpha20250702 (July 02, 2025)
NEW FEATURES:

The new command terraform stacks exposes some stack operations through the cli. The available subcommands depend on the stacks plugin implementation. Use terraform stacks -help to see available commands. (#36931)

ENHANCEMENTS:


Filesystem functions are now checked for consistent...

How much effort would it be to migrate a relatively small S3-backed terragrunt setup to atmos?

Hi Hope this is the right place to ask this, I'm looking for an example implementation of extending the CIDR range of the terraform-aws-vpc module. In the code base I"m working on the previous engineer had deployed the primary VPC then for the CIDR extension they had called the VPC module a second time to extend the CIDR range and deploy subnets. Is this the general method to use to extend CIDRs for the VPC module? Is there any example of using this functionality?

Join us for "Office Hours" every Wednesday 01:30PM (PST, GMT-7) via Zoom.

This is an opportunity to ask us questions on terraform and get to know others in the community on a more personal level. Next one is Jul 16, 2025 01:30PM.

👉️ Register for Webinar

#office-hours (our channel)

v1.13.0-alpha20250708
1.13.0-alpha20250708 (July 08, 2025)
NEW FEATURES:

The new command terraform stacks exposes some stack operations through the cli. The available subcommands depend on the stacks plugin implementation. Use terraform stacks -help to see available commands. (#36931)

ENHANCEMENTS:


Filesystem functions are now checked for consistent...

v1.13.0-beta1
1.13.0-beta1 (July 09, 2025)
NEW FEATURES:

The new command terraform stacks exposes some stack operations through the cli. The available subcommands depend on the stacks plugin implementation. Use terraform stacks -help to see available commands. (#36931)

ENHANCEMENTS:


Filesystem functions are now checked for consistent results...

Hi! I noticed the gitops component is marked as deprecated, but it’s still referenced in some of the docs. What’s the current recommended approach for GitOps workflows?

where would I add the vars to increase the timouts for a componenet for eks?

Hello! Trying to understand how Backend Type: s3 | Terraform | HashiCorp Developer works since DynamoDB was deprecated for state locking. I am using Terraform 1.11.4 and just ran a plan and there was no mention of state locking. Is the new mechanism only employed during applies?

Join us for "Office Hours" every Wednesday 01:30PM (PST, GMT-7) via Zoom.

This is an opportunity to ask us questions on terraform and get to know others in the community on a more personal level. Next one is Jul 23, 2025 01:30PM.

👉️ Register for Webinar

#office-hours (our channel)

v1.14.0-alpha20250716
1.14.0-alpha20250716 (July 16, 2025)
EXPERIMENTS:
Experiments are only enabled in alpha releases of Terraform CLI. The following features are not yet available in stable releases.

The experimental "deferred actions" feature, enabled by passing the -allow-deferral option to terraform plan, permits count and for_each arguments in module, resource, and data blocks to have unknown values and allows providers to react more flexibly to unknown values.

Previous Releases
For information on prior...

does anyone here know of a good module for sagemaker? my team is asking about it and wanting to start using it but I do not see any prebuilt ones I can use from the main ones I would trust to use.

Join us for "Office Hours" every Wednesday 01:30PM (PST, GMT-7) via Zoom.

This is an opportunity to ask us questions on terraform and get to know others in the community on a more personal level. Next one is Jul 30, 2025 01:30PM.

👉️ Register for Webinar

#office-hours (our channel)

Hey folks, when it comes to provisioning Terraform/OpenTofu within CI, we rely on GitHub Actions within GitOps framework (i.e., plan on PR open/update > review change proposal > apply on PR merge with the approved plan-file).

To that end, whether to apply before or after merge had remained a contentious debate up until the last year, when we transitioned to using Merge Queues. It seems to feature the best of both worlds:

• The apply happens on the main branch if it executes successfully (like apply-after-merge).
• Otherwise, the PR remains open for further changes/fixes (like apply-before-merge).
Really keen to hear your thoughts and feedback on this blog post (and LinkedIn). Almost goes without saying, there's a fully functioning GitHub Action workflow linked for anyone wanting to give it a try. (edited)

Anyone else considering OpenTofu? OpenTofu 1.10.0 vs Terraform Which Infrastructure as Code Tool to Choose?
https://youtu.be/6XpvRanBC0U

v1.13.0-beta2
1.13.0-beta2 (July 23, 2025)
NEW FEATURES:

The new command terraform stacks exposes some stack operations through the cli. The available subcommands depend on the stacks plugin implementation. Use terraform stacks -help to see available commands. (#36931)

ENHANCEMENTS:


Filesystem functions are now checked for consistent results...

v1.14.0-alpha20250724
1.14.0-alpha20250724 (July 24, 2025)
ENHANCEMENTS:

terraform test: expected diagnostics will be included in test output when running in verbose mode" (#37362)

EXPERIMENTS:
Experiments are only enabled in alpha releases of Terraform CLI. The following features are not yet available in stable releases.

The experimental "deferred...

already got a 1.14 alpha release, and 1.13 isn't even out of beta yet! the --allow-deferral option looks to be a big deal...!

Hi everyone,
I’ve built a small CLI tool called tfcount in Go to make terraform plan (and terragrunt plan) outputs easier to understand.

What it does:
Instead of just showing the total number of changes, tfcount breaks them down by resource type (like aws_instance, aws_s3_bucket, etc.), making large plans easier to review.

GitHub & Installation:
https://github.com/harshagr64/tfcount

Try it out and let me know what you think — any feedback, issues, or contributions are welcome! Thanks!

Hello Everyone,
For those who use TF infrastructure provisioning what's your TF module patching strategy?

Join us for "Office Hours" every Wednesday 01:30PM (PST, GMT-7) via Zoom.

This is an opportunity to ask us questions on terraform and get to know others in the community on a more personal level. Next one is Aug 06, 2025 01:30PM.

👉️ Register for Webinar

#office-hours (our channel)

I have a list of question about how Cloud Posse and others are managing all their terraform module repos? I assume you have a template repo for when you create a new repo. But how do you then keep them in sync?
• How do you keep the aws provider up to date across all repos?
• How do you keep the tflint rules, pre-commit steps the same in all repos?
• How do you monitor and report on tf resources that are flagged to be depreciated?

v1.13.0-beta3
1.13.0-beta3 (July 30, 2025)
NEW FEATURES:

The new command terraform stacks exposes some stack operations through the cli. The available subcommands depend on the stacks plugin implementation. Use terraform stacks -help to see available commands. (#36931)

ENHANCEMENTS:


Filesystem functions are now checked for consistent results...

Does anyone run their own gitlab-runner? I am using https://github.com/cattle-ops/terraform-aws-gitlab-runner but I always seem to have random problems. I was looking into docker-autoscaler rather than using docker+machine as I do now, but even that is in beta and has some open issues with many problems it seems. Wonder if anyone has this working flawlessly if its some settings I might have missed or misconfigured?