Module that allows you to provision a cross-region remote backend for AWS.
- S3 cross-region replication
- Denies object deletion
- Enforces encryption in transit and at rest
Create a main.tf file and copy paste the below code.
provider "aws" {
region = "eu-central-1"
}
provider "aws" {
alias = "replica"
region = "eu-west-1"
}
module "remote_backend" {
source = "github.com/binxio/terraform-aws-remote-state-module"
bucket_name = "my-remote-state-bucket"
dynamodb_table_name = "my-state-lock-table"
tags = {
"Key" = "Value"
}
providers = {
aws = aws
aws.replica = aws.replica
}
}Run terraform plan followed by terraform apply, this will create the S3 buckets and DynamodDB table.
Once that's done we need to migrate the terraform.tfstate file that's created locally.
Create a provider.tf file and copy paste the below code.
terraform {
backend "s3" {
bucket = "my-remote-state-bucket"
dynamodb_table = "my-state-lock-table"
key = "your/state/path"
region = "eu-central-1"
encrypt = true
}
}
Run terraform init -migrate-state followed by a yes, this will migrate the terraform.tfstate to the S3 bucket (remote backend).
You can now safely remove the terraform.tfstate and terraform.tfstate.backup.
| Name | Version |
|---|---|
| terraform | >= 1.0.0 |
| aws | >= 3.72.0 |
| Name | Version |
|---|---|
| aws | 3.72.0 |
| aws.replica | 3.72.0 |
No modules.
| Name | Type |
|---|---|
| aws_dynamodb_table.dynamodb_table | resource |
| aws_iam_policy.replica_policy | resource |
| aws_iam_role.replica_role | resource |
| aws_iam_role_policy_attachment.replica_policy | resource |
| aws_s3_bucket.remote_replica_state | resource |
| aws_s3_bucket.remote_state | resource |
| aws_s3_bucket_public_access_block.remote_replica_state | resource |
| aws_s3_bucket_public_access_block.remote_state | resource |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| bucket_name | A name for the S3 bucket. | string |
n/a | yes |
| dynamodb_table_name | A name for the DynamoDB table. | string |
n/a | yes |
| tags | A set of tags that should be attached to the resources. | map(any) |
{} |
no |
| Name | Description |
|---|---|
| dynamodb_table_arn | The ARN of the DynamoDB table. |
| remote_replica_state_bucket_arn | The ARN of the S3 remote replica state bucket. |
| remote_state_bucket_arn | The ARN of the S3 remote state bucket. |
| replica_role_arn | The ARN of the replication role attached to the remote state bucket. |
If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag "enhancement".
Module managed by Bruno Schaatsbergen.
Apache 2 Licensed. See LICENSE.