tfstate-backend
cloudposse/tfstate-backend/aws
Terraform module that provision an S3 bucket to store the terraform.tfstate file and a DynamoDB table to lock the state file to prevent concurrent modifications and state corruption.
Terraform module to provision an S3 bucket to store terraform.tfstate file and a DynamoDB table to lock the state file to prevent concurrent modifications and state corruption. The module supports the following: 1. Forced server-side encryption at rest for the S3 bucket 2. S3 bucket versioning to allow for Terraform state recovery in the case of accidental deletions and human errors 3. State locking and consistency checking via DynamoDB table to prevent concurrent operations 4. DynamoDB server-side encryption https://www.terraform.io/docs/backends/types/s3.html __NOTE:__ The operators of the module (IAM Users) must have permissions to create S3 buckets and DynamoDB tables when performing terraform plan and terraform apply __NOTE:__ This module cannot be used to apply changes to the mfa_del
| Name | Type | Description | Default |
|---|---|---|---|
| terraform_version | string | The minimum required terraform version | null |
| s3_replica_bucket_arn | string | The ARN of the S3 replica bucket (destination) | "" |
| dynamodb_enabled | bool | Whether to create the DynamoDB table. | true |
| namespace | string | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp' | null |
| attributes | list(string) | ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`, | [] |
| billing_mode | string | DynamoDB billing mode | "PAY_PER_REQUEST" |
| logging | list(object({ target_bucke | Destination (S3 bucket name and prefix) for S3 Server Access Logs for the S3 buc | [] |
| source_policy_documents | list(string) | List of IAM policy documents (in JSON format) that are merged together into the | [] |
| stage | string | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'bu | null |
| delimiter | string | Delimiter to be used between ID elements. Defaults to `-` (hyphen). Set to `""` | null |
| terraform_backend_config_file_name | string | (Deprecated) Name of terraform backend config file to generate | "terraform.tf" |
| permissions_boundary | string | ARN of the policy that is used to set the permissions boundary for the IAM repli | "" |
| name | string | ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'. Thi | null |
| block_public_acls | bool | Whether Amazon S3 should block public ACLs for this bucket | true |
| ignore_public_acls | bool | Whether Amazon S3 should ignore public ACLs for this bucket | true |
| restrict_public_buckets | bool | Whether Amazon S3 should restrict public bucket policies for this bucket | true |
| terraform_backend_config_template_file | string | (Deprecated) The path to the template used to generate the config file | "" |
| s3_state_lock_enabled | bool | Whether to create the S3 bucket. | false |
| sse_encryption | string | The server-side encryption algorithm to use. Valid values are `AES256`, `aws:kms | "AES256" |
| context | any | Single object for setting entire context at once. See description of individual | {
"additional_tag_map": {},
"attribu |
| … and 10 more inputs | |||
s3_bucket_domain_name — S3 bucket domain names3_bucket_id — S3 bucket IDs3_bucket_arn — S3 bucket ARNs3_replication_role_arn — The ARN of the IAM Role created for replication, if enabled.dynamodb_table_name — DynamoDB table namedynamodb_table_id — DynamoDB table IDdynamodb_table_arn — DynamoDB table ARNterraform_backend_config — Rendered Terraform backend config fileAzure landing zones Terraform module
Terraform supermodule for the Terraform platform engineering for Azure
Terraform module to deploy landing zone subscriptions (and much more) in Azure
Terraform Module to define a consistent naming convention by (namespace, stage,