■ はじめに

通常、複数環境（dev/stage/prod）へ Terraform を使って
デプロイすることを考える

目次

案１：terraform init時にbackend-configオプションを使う
　１）コマンド例
案２：Workspaceを使う
　１）そもそも「Workspace」とは？
　２）コマンド例：Workspaceの作成
　３）コマンド例：Workspaceの切替
　４）設定値の切替例

案１：terraform init時にbackend-configオプションを使う

https://dev.classmethod.jp/articles/multiple-provisionings-with-terraform-backend-config-option/

の案。

１）コマンド例

# terraform init時にbackend-configオプションを使う
terraform init \
 -backend-config="bucket=your-prod-s3-bucket"\
 -backend-config="key=tf/prod/terraform.tfstate"

main.tf (修正版)

terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 3.27"
    }
  }

  required_version = ">= 0.14.9"

  backend "s3" {
    # bucket  = "your-s3-bucket"
    # key     = "tf/dev/terraform.tfstate"
    region  = "us-west-2"
    encrypt = true
  }

案２：Workspaceを使う

https://blog.gruntwork.io/how-to-manage-multiple-environments-with-terraform-using-workspaces-98680d89a03e

の案。

１）そもそも「Workspace」とは？

* 同一の tfファイル群を別の tfsate として扱うことができる機能
 => 複数のStateファイルを管理できるようになる

https://developer.hashicorp.com/terraform/language/state/workspaces

２）コマンド例：Workspaceの作成

# Step1: Workspace「dev」を新規作成
terraform workspace new dev
# Step2: デプロイ
terraform apply

terraform workspace new stage
terraform apply

terraform workspace new prod
terraform apply

３）コマンド例：Workspaceの切替

# Workspace 一覧表示
terraform workspace list
  default << default。これは削除できない
  dev
  stage
* prod

# devに切り替える場合
terraform workspace select dev

４）設定値の切替例

provider "aws" {
  region = "us-east-2"
}

locals {
  instance_types = {
    dev   = "t2.micro"
    stage = "t2.small"
    prod  = "m4.large"
  }
}
resource "aws_instance" "example" {
  ami           = "ami-0fb653ca2d3203ac1"
  instance_type = local.instance_types[terraform.workspace]
  tags = {
    Name = "example-server-${terraform.workspace}"
  }
}

補足

https://developer.hashicorp.com/terraform/cli/workspaces#when-not-to-use-multiple-workspaces

In particular, organizations commonly want to create a strong separation
 between multiple deployments of the same infrastructure
 serving different development stages or different internal teams.

In this case, the backend for each deployment often has different credentials
 and access controls.

CLI workspaces within a working directory use the same backend,
 so they are not a suitable isolation mechanism for this scenario.

参考文献

その他Tips
https://dev.classmethod.jp/articles/multiple-provisioning-with-terraform-module/
https://dev.classmethod.jp/articles/multiple-provisionings-with-terraform-and-directory-partition/
https://dev.classmethod.jp/articles/multiple-provisionings-with-terragrunt-run-all/

関連記事

Terraform ～ 環境構築編 ～
https://dk521123.hatenablog.com/entry/2023/04/05/000224
Terraform ～ 入門編 ～
https://dk521123.hatenablog.com/entry/2019/12/09/222057
Terraform ～ 基本編 ～
https://dk521123.hatenablog.com/entry/2023/05/03/000000
Terraform ～ AWS S3 ～
https://dk521123.hatenablog.com/entry/2023/04/09/104204
Terraform ～ AWS IAM ～
https://dk521123.hatenablog.com/entry/2023/04/12/214311
Terraform ～ AWS Glue ～
https://dk521123.hatenablog.com/entry/2023/04/08/220411
Terraform ～ AWS Secrets Manager ～
https://dk521123.hatenablog.com/entry/2023/04/11/152801
Terraform ～ Docker ～
https://dk521123.hatenablog.com/entry/2023/04/10/193239
Terraform ～ 特定リソースのみデプロイする ～
https://dk521123.hatenablog.com/entry/2023/04/20/172823