Backend (terraform)

Introduction

A Terraform remote backend stores the state (eg using AWS S3) and, optionally, state locking (eg using AWS Dynamo).

• The S3 bucket should have "Bucket Versioning" enabled.

• The Dynamo table must have a partition key named "LockID" of type "String".

Reference

• Terraform backend S3

https://www.terraform.io/language/settings/backends/s3

Sample: Using AWS S3 and Dynamo

Note that 1 S3 bucket and 1 Dynamo table are shared among multiple applications (only the 'key' must be configured differently).

docs/main.tf

terraform {

required_version = ">=1.2, <1.3"

required_providers {

aws = {

source = "hashicorp/aws"

version = "~> 4.39.0"

}

random = {

source = "hashicorp/random"

version = "~> 3.4.3"

}

template = {

source = "hashicorp/template"

version = "~> 2.2.0"

}

}

}

provider "aws" {

region = "eu-west-1"

}

### Remote backend. {dev|fake} lines are marked with: //XXX

terraform {

backend "s3" {

bucket = "myAwsAccountAlias-tfstate-s3"

# Key {dev|fake} - Kep Key & env aligned //XXX

key = "dev/myapp.tfstate"

region = "eu-west-1"

dynamodb_table = "myAwsAccountAlias-tfstate-locks"

encrypt = true

}

}

locals {

#Env. {dev|fake} - Kep Key & env aligned //XXX

env = "dev"

ci = "myapp"

department = "mydepartment"

program = "myprogram"

}