How I structure Terraform for multi-project multi-account AWS
After managing infrastructure for 6+ projects across 4 accounts, here's the layout that works.
The structure
infrastructure/
├── accounts/
│ ├── prod/
│ │ ├── project-alpha/
│ │ └── project-beta/
│ └── staging/
│ ├── project-alpha/
│ └── project-beta/
├── modules/
│ ├── vpc/ ecs-service/ rds/ service-monitoring/ iam-oidc-github/
└── bootstrap/
├── state-backend/
└── oidc-provider/
Full project from modules (20 lines)
module "vpc" { source = "../../../modules/vpc"; vpc_cidr = "10.1.0.0/20"; ... }
module "alb" { source = "../../../modules/alb"; ... }
module "api_iam" { source = "../../../modules/ecs-iam"; service_name = "api"; ... }
module "api" { source = "../../../modules/ecs-service"; ... }
module "monitoring" { source = "../../../modules/service-monitoring"; ... }
Path-filtered CI/CD
on:
push:
branches: [main]
paths: ['infrastructure/accounts/prod/project-alpha/**']
Only runs Terraform for what changed. Not everything, every time.
Key rules
-
Accounts as top-level dirs:
terraform destroyin staging can't touch prod - One state file per project/environment: Never share state across projects
- Bootstrap is separate: State backend and OIDC are one-time setups
- Pin modules to git tags in prod
Step2Dev generates and manages this structure for every project you onboard.
What Terraform structure has worked best for your multi-account setup?
Top comments (0)