/digitalocean-spaces-terraform-backend

Demonstrates how to use DigitalOcean Spaces as a Terraform Backend

Primary LanguageHCL

DigitalOcean Spaces as a Terraform Backend

Demonstrates how to use DigitalOcean Spaces as a Terraform Backend.

DigitalOcean Spaces are S3 compatible, making the large ecosystem of S3 tools and libraries available.

Prerequisites

  • Create a Space via the DigitalOcean console or CLI
  • A Spaces Access Key and Secret
  • The aws cli installed
  • Optional: A DigitalOcean personal access token (used to create an example Droplet)

Setup

We can use the S3 Terraform Backend to instead point to our Space.

The required keys are endpoint, key, and bucket.

  • endpoint: Available in the Settings of your Space.
  • key: path and name of .tfstate file that will be written
  • bucket: the name of your Space
terraform {
  backend "s3" {
    endpoint                    = "sfo2.digitaloceanspaces.com"
    key                         = "terraform.tfstate"
    bucket                      = "rappiddev-terraform-remote-state"
    region                      = "us-west-1"
    skip_requesting_account_id  = true
    skip_credentials_validation = true
    skip_get_ec2_platforms      = true
    skip_metadata_api_check     = true
  }
}

Authentication

Terraform uses the standard .aws/credentials file to authenticate to the S3 backend. This is created by the aws cli.

We can use named profiles to create one to access DigitalOcean Spaces.

aws configure --profile digitalocean

You can tell the aws cli (and the terraform command by extension) which profile to use by setting the AWS_PROFILE environment variable.

export AWS_PROFILE=digitalocean

Verify it's set:

echo $AWS_PROFILE

Initialize Backend

Once your named profile is configured and your shell knows which profile to use, Terraform can initialize.

terraform init

If all goes well you should see:

Terraform has been successfully initialized!

Optional: Create a Droplet

Set environment variable DIGITALOCEAN_TOKEN with a DigitalOcean Personal Access Token:

export DIGITALOCEAN_TOKEN="YOUR API TOKEN"

Add your SSH key fingerprint to variables.tf. Your key must be added in the DigitalOcean console.

ssh-keygen -E md5 -lf ~/.ssh/id_rsa.pub | awk '{print $2}'

Copy everything except the initial MD5: and paste it into the variable.

Create a $5/month Ubuntu Droplet:

terraform plan
terraform destroy

To get the IP of the Droplet:

terraform output ip

To SSH into the Droplet:

ssh root@<ip>

To delete the Droplet:

terraform destroy