Terraform for Personal Projects:A Solo Engineer's Layered Architecture
Project Overview
A Solo Engineer's Layered Architecture
Project Overview
A colleague mentioned that building everything as a flat pile of Terraform modules wasn't the best approach. That sent me looking for something better.
Solo headaches
Even as a solo developer, hitting these walls is inevitable as complexity grows:
- Huge state files: They make planning slow and risky.
- Dependency loops: Without a hierarchy, changing one thing breaks another.
- Environment drift: When Dev doesn't match Prod, deployments fail.
- Self-inflicted errors: Accidentally deleting a global resource while tweaking a small app component.
How it works
I split my infrastructure into logical tiers. This makes it easier to reuse components across my projects and keeps specific concerns isolated so I don't break the foundation.
| Layer | Responsibility | Typical Resources | ||
| Foundation | The basics: billing and org structure. | Folders, billing accounts. | ||
| Network | Where traffic flows. | VPCs, Subnets, DNS. | ||
| Service | Common tools for everyone. | Databases, GKE, IAM. | ||
| Apps | Specific project resources. | Cloud Run, Pub/Sub. |
infrastructure/
├── modules/
│ ├── network/ # (Reusable VPC module)
│ └── database/ # (Reusable Cloud SQL module)
└── layers/
├── 00-bootstrap/ # Creates the State Bucket
├── 01-networking/ # Uses the bucket, builds VPC
└── 02-database/ # Uses the bucket, builds DB in VPC
Keeping state safe
I use a central bucket to ensure I can pick up where I left off from any machine.
- Cloud Storage: Versioned state files in GCS.
- State Locking: Prevents corruption if I accidentally run a script while another is finishing.
- Workspaces: Keeps Production and Staging completely separate.
Managing the flow
Data flows one way: down. Apps look at the Network, not the other way around.
- Remote Data: Layers pull info they need from lower-tier outputs.
- Clean Interfaces: Each layer only shows what's necessary (like VPC IDs).
- Decoupled: Update the base layers without redeploying your whole app stack.
The workflow
I use a disciplined workflow to keep my personal deployments professional and predictable.
- Plan first: I always review the execution plan before letting Terraform touch any live infrastructure.
- Promote slowly: Sandbox → Staging → Prod. No shortcuts.
- Consistency: Use the exact same modules across every environment.
The personal payoff
This approach simplifies my long-term maintenance:
- Stability: App failures won't take down your network.
- Efficiency: I can experiment on new apps without worrying about my core network or billing setup.
- Maintainability: Coming back to a project after months is easy with clear, decoupled layers.
- Growth: Spin up new regions or projects in minutes.
What's Next
This architecture is designed but not yet fully implemented. The layered approach looks clean on paper — the real test is whether the state management and decoupling hold up when I'm actually modifying live infrastructure across multiple projects. I'll document what breaks.