Reusable Terraform module that creates a Terraform Remote Backend via AWS S3 and AWS DynamoDB.
This repository contains Terraform configuration files that create various AWS resources, such as an S3 bucket, a DynamoDB table, and KMS keys. These resources are configured to store your terraform TFSTATE files.
Ensure Terraform is available on your local system and that the AWS CLI has the appropriate credentials put in place.
To view examples of how you can leverage this tfstate-backend Module, please see the examples directory.
make testwill execute the tests the same way they run in CImake run-pre-commit-hookswill run linting and formatting checks and will fix most errors automatically.
If opening a PR, opening it in draft status will prevent the CI tests from running automatically. This will prevent executing tests that generate real AWS resources on every push until the PR is ready to review.
make testwill execute the tests the same way they run in CImake run-pre-commit-hookswill run linting and formatting checks and will fix most errors automatically.
If opening a PR, opening it in draft status will prevent the CI tests from running automatically. This will prevent executing tests that generate real AWS resources on every push until the PR is ready to review.
| Name | Version |
|---|---|
| terraform | >= 1.0.0 |
| aws | >= 4.47 |
| local | >= 2.1 |
| Name | Version |
|---|---|
| aws | >= 4.47 |
| local | >= 2.1 |
| Name | Source | Version |
|---|---|---|
| s3_bucket | terraform-aws-modules/s3-bucket/aws | v3.13.0 |
| Name | Type |
|---|---|
| aws_dynamodb_table.dynamodb_terraform_state_lock | resource |
| aws_kms_key.dynamo | resource |
| aws_kms_key.objects | resource |
| aws_s3_bucket_logging.logging | resource |
| aws_s3_bucket_policy.backend_bucket | resource |
| aws_s3_bucket_versioning.versioning | resource |
| local_file.terraform_backend_config | resource |
| aws_partition.current | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| admin_arns | ARNs of IAM users or roles that can administer the bucket. An empty list will allow all principals to administer the bucket. | list(string) |
[] |
no |
| bucket_prefix | S3 Bucket Prefix | string |
n/a | yes |
| create_backend_file | (Optional, Default:true) If true, creates a backend.tf file automatically | bool |
true |
no |
| dynamodb_table_name | DynamoDB Table Name | string |
n/a | yes |
| force_destroy | (Optional, Default:false ) A boolean that indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable. | bool |
false |
no |
| permissions_boundary | (Optional) The ARN of the policy that is used to set the permissions boundary for the role. | string |
"" |
no |
| region | AWS Region | string |
n/a | yes |
| tags | (Optional) A mapping of tags to assign kms and bucket resources. | map(string) |
{} |
no |
| versioning_enabled | Enable versioning on the S3 bucket | bool |
true |
no |
| Name | Description |
|---|---|
| tfstate_bucket_id | Terraform State Bucket Name |
| tfstate_dynamodb_table_name | Terraform State DynamoDB Table Name |