Module that allows you to provision a cross-region remote backend for AWS.
- S3 cross-region replication
- Denies object deletion
- Enforces encryption in transit and at rest
Create a main.tf
file and copy paste the below code.
provider "aws" {
region = "eu-central-1"
}
provider "aws" {
alias = "replica"
region = "eu-west-1"
}
module "remote_backend" {
source = "github.com/binxio/terraform-aws-remote-state-module"
bucket_name = "my-remote-state-bucket"
dynamodb_table_name = "my-state-lock-table"
tags = {
"Key" = "Value"
}
providers = {
aws = aws
aws.replica = aws.replica
}
}
Run terraform plan
followed by terraform apply
, this will create the S3 buckets and DynamodDB table.
Once that's done we need to migrate the terraform.tfstate
file that's created locally.
Create a provider.tf
file and copy paste the below code.
terraform {
backend "s3" {
bucket = "my-remote-state-bucket"
dynamodb_table = "my-state-lock-table"
key = "your/state/path"
region = "eu-central-1"
encrypt = true
}
}
Run terraform init -migrate-state
followed by a yes
, this will migrate the terraform.tfstate
to the S3 bucket (remote backend).
You can now safely remove the terraform.tfstate
and terraform.tfstate.backup
.
Name | Version |
---|---|
terraform | >= 1.0.0 |
aws | >= 3.72.0 |
Name | Version |
---|---|
aws | 3.72.0 |
aws.replica | 3.72.0 |
No modules.
Name | Type |
---|---|
aws_dynamodb_table.dynamodb_table | resource |
aws_iam_policy.replica_policy | resource |
aws_iam_role.replica_role | resource |
aws_iam_role_policy_attachment.replica_policy | resource |
aws_s3_bucket.remote_replica_state | resource |
aws_s3_bucket.remote_state | resource |
aws_s3_bucket_public_access_block.remote_replica_state | resource |
aws_s3_bucket_public_access_block.remote_state | resource |
Name | Description | Type | Default | Required |
---|---|---|---|---|
bucket_name | A name for the S3 bucket. | string |
n/a | yes |
dynamodb_table_name | A name for the DynamoDB table. | string |
n/a | yes |
tags | A set of tags that should be attached to the resources. | map(any) |
{} |
no |
Name | Description |
---|---|
dynamodb_table_arn | The ARN of the DynamoDB table. |
remote_replica_state_bucket_arn | The ARN of the S3 remote replica state bucket. |
remote_state_bucket_arn | The ARN of the S3 remote state bucket. |
replica_role_arn | The ARN of the replication role attached to the remote state bucket. |
If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag "enhancement".
Module managed by Bruno Schaatsbergen.
Apache 2 Licensed. See LICENSE.