S3 + DynamoDB is the baseline. Good call moving off local state.
What actually saved us though was splitting state by environment and team ownership. One big monolithic state file becomes a nightmare when three teams need to deploy simultaneously. We went repo-per-team with their own backend config pointing to separate S3 buckets. Eliminates lock contention and makes blast radius predictable.
Also got tired of people manually running terraform destroy in prod. Now everything flows through CI/CD. GitHub Actions plan output gets reviewed, approve button triggers apply. Single source of truth, audit trail, no late night surprises.