You can setup remote backends which support locking (e.g. Azure storage, Amazon S3, etc..) that way it's automatic.

You can see a list on the left-hand side here: https://developer.hashicorp.com/terraform/language/settings/...

We use Atlantis [0] for CI/CD automation of Terraform pull requests to a centralized repository. It's pretty good too, especially for a self-hosted solution. I can't see how Terraform Cloud's costs would be justifiable for us without a custom contract.

[0] https://www.runatlantis.io/

At my last gig we built a bespoke version of this on top of our CI provider. Now i'm a technical co-founder in a startup and this is something I haven't quite solved yet, and this looks like exactly what we're after. Thanks!

How does this work? I thought the terraform state file was the single source of truth - if people are applying terraform 'manually' I assume that means on their local device? Are people sharing around the state file but don't have a central location for a lock file? Apologises if this seems obvious...

My assumption is that they're still using a remote backend for state, but they haven't set it up to use the locking features of the backend.

For example, I've use S3 as my Terraform backend for years, but I've never bothered to set up the locking feature, which uses DynamoDB.

In a small team that deploys Terraform changes rarely, you may never encounter the problems solved by using locking. Maybe good communication and a Slack channel works well enough for you.

As others said, we checked the state file into git. It was up to you to ensure you pulled after taking a lock.

One can just commit the lock file to Git or use any backend (like S3, HTTP, ...) to share the lock file.

StackOverflow famously manages database migrations this way; you post a message in a shared channel and get the next revision number.