A Terraform remote backend stores the state (eg using AWS S3) and, optionally, state locking (eg using AWS Dynamo).
The S3 bucket should have "Bucket Versioning" enabled.
The Dynamo table must have a partition key named "LockID" of type "String".
Note that 1 S3 bucket and 1 Dynamo table are shared among multiple applications (only the 'key' must be configured differently).
docs/main.tf
terraform {
required_version = ">=1.2, <1.3"
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 4.39.0"
}
random = {
source = "hashicorp/random"
version = "~> 3.4.3"
}
template = {
source = "hashicorp/template"
version = "~> 2.2.0"
}
}
}
provider "aws" {
region = "eu-west-1"
}
### Remote backend. {dev|fake} lines are marked with: //XXX
terraform {
backend "s3" {
bucket = "myAwsAccountAlias-tfstate-s3"
# Key {dev|fake} - Kep Key & env aligned //XXX
key = "dev/myapp.tfstate"
region = "eu-west-1"
dynamodb_table = "myAwsAccountAlias-tfstate-locks"
encrypt = true
}
}
locals {
#Env. {dev|fake} - Kep Key & env aligned //XXX
env = "dev"
ci = "myapp"
department = "mydepartment"
program = "myprogram"
}