Module for storing remote state in an S3 bucket for Terraform

This module provisions a S3 bucket for remote state storage and a DynamoDB table for state locking.

The S3 bucket is created with versioning, server-side encryption, and logging enabled. Bucket access logs are stored in separate S3 bucket.

Usage

Create remote state

module "remote_state" {
  source = "https://github.com/dirgapeter/tf-remote.git?ref=0.0.1"

  project = "simple"
  environment = "dev"
}

See variables.tf for additional configurable variables.

Remote state usage

In outputs there is config_backend with generated terraform configuration.

output "config_backend" {
  description = "Backend configuration."
  value       = "${module.remote_state.config_backend}"
}

terraform output config_backend > backend.tf

After that terraform init must be execute to initialize backend.

For read-only access you can use output config_data:

terraform output config_data > backend_data.tf

Manual remote state usage

Note: Your backend configuration cannot contain interpolated variables. This is because this configuration is initialized prior to Terraform parsing these variables.

terraform {
  backend "s3" {
    region         = "eu-west-1"
    encrypt        = true
    bucket         = "simple-dev-tf-remote-state"
    key            = "terraform.tfstate"
    dynamodb_table = "simple-dev-tf-remote-state-lock"
  }
}

data "terraform_remote_state" "state" {
  backend "s3"
  config = {
    region         = "eu-west-1"
    encrypt        = true
    bucket         = "simple-dev-tf-remote-state"
    key            = "terraform.tfstate"
    dynamodb_table = "simple-dev-tf-remote-state-lock"
  }
}

Permissions

Two IAM groups are created. One for full access and one for read-only access.

Providers

Name	Version
aws	n/a

Inputs

Name	Description	Type	Default	Required
dynamodb_billing_mode	The DynamoDB billing mode. PAY_PER_REQUEST or PROVISIONED	`string`	`"PAY_PER_REQUEST"`	no
environment	Environment of the remote state. Also used as a prefix in names of related resources.	`string`	n/a	yes
logging_prefix	A prefix in names for logging bucket	`string`	`"logs/"`	no
manage_iam_role	Defines whether this module should generate and manage iam role for access	`bool`	`true`	no
manage_kms_keys	Defines whether this module should generate and manage its own kms keys	`bool`	`false`	no
manage_log_bucket	Defines whether this module should generate and manage its own s3 bucket for logging	`bool`	`true`	no
path	State file name, i.e. terraform	`string`	`"terraform"`	no
project	Project of the remote state. Also used as a prefix in names of related resources.	`string`	n/a	yes
suffix	A suffix in names with delimiter '-' included	`string`	`"-tf-remote-state"`	no
tags	A map of tags to add to all resources.	`map(string)`	`{}`	no

Outputs

Name	Description
bucket_id	n/a
config_backend	Terraform excerpt with state backend configuration.
config_data	Terraform data excerpt with state backend configuration.

License

MIT

dirgapeter / tf-remote Goto Github PK

tf-remote's Introduction

Module for storing remote state in an S3 bucket for Terraform

Usage

Create remote state

Remote state usage

Manual remote state usage

Permissions

Providers

Inputs

Outputs

License

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent