Terraform module which creates S3 backend resources on AWS.
Non-KMS provisioning will default to AES256
module "s3_backend" {
source = "github.com/synapsestudios/terraform-aws-s3-backend"
bucket_prefix = "my-terraform-state"
region = "us-west-2"
tags = {
Terraform = "true"
Environment = "dev"
}
}module "s3_backend" {
source = "github.com/synapsestudios/terraform-aws-s3-backend"
bucket_prefix = "my-terraform-state"
region = "us-west-2"
use_kms = true
principal_arns = [
"arn:aws:iam::123456789012:role/role-name",
"arn:aws:iam::123456789012:role/role-name"
]
tags = {
Terraform = "true"
Environment = "dev"
}
}No requirements.
| Name | Version |
|---|---|
| aws | n/a |
No modules.
| Name | Type |
|---|---|
| aws_dynamodb_table.this | resource |
| aws_kms_key.this | resource |
| aws_s3_bucket.this | resource |
| aws_s3_bucket.this-logs | resource |
| aws_s3_bucket_logging.this | resource |
| aws_s3_bucket_public_access_block.this | resource |
| aws_s3_bucket_public_access_block.this-logs | resource |
| aws_s3_bucket_server_side_encryption_configuration.this | resource |
| aws_s3_bucket_server_side_encryption_configuration.this-logs | resource |
| aws_s3_bucket_versioning.this | resource |
| aws_iam_policy_document.kms_policy | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| name_prefix | The name to give the bucket and Dynamo table where the statefile and locks will be stored (Must be 23 characters or less) | string |
n/a | yes |
| principal_arns | List of ARNs to grant access to the KMS key (if use_kms is true) | list(string) |
[] |
no |
| tags | Tags to apply to the resources | map(string) |
{} |
no |
| use_kms | Whether to use KMS encryption or not | bool |
false |
no |
| Name | Description |
|---|---|
| dynamo_table_name | The name of the dynamoDB table |
| kms_key_id | The provisioned KMS key id |
| s3_bucket_id | The name of the s3 terraform backend bucket |