Skip to content
/ terraform-aws-backend Public

Terraform module to provision Terraform state bucket, lock table and role

License

GPL-3.0 license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

cupel-co/terraform-aws-backend

BranchesTags

Repository files navigation

OpenTofu Module AWS Backend

Pipeline

Provision AWS resources for OpenTofu backend. Resources provisioned:

  • DynamoDB global table
  • IAM policy to access DynamoDB table
  • Primary bucket with replication to secondary
  • Secondary bucket with replication to primary
  • IAM policy to access primary and secondary buckets
  • KMS Key for encryption of state on the client side with policy that is limited to the arns specified in encryption_key_access_allowed_arns

Variables

Variables Description Default Example
dynamodb_name The name of the table, this needs to be unique within a region.
encryption_key_access_allowed_arns The arns that are allowed to use the encryption key
iam_prefix The prefix for IAM resources. The name must consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-_.. User names are not distinguished by case. For example, you cannot create users named both 'TESTUSER' and 'testuser'.
primary_bucket_name The name of the primary bucket. If omitted, OpenTofu will assign a random, unique name. Must be greater tha 9 and less than 64 characters in length.
secondary_bucket_name The name of the secondary bucket. If omitted, OpenTofu will assign a random, unique name. Must be greater tha 9 and less than 64 characters in length.
tags Tags to add to resources.

How to

Specify the module source and the provider information.

Sample

provider "aws" {
    alias = "primary"
    region = "ap-southeast-2"
    default_tags {
        tags = {
            Environment = "CICD"
            Owner       = "Platform"
            Project     = "OpenTofu State"
        }
    }
}

provider "aws" {
    alias = "secondary"
    region = "ap-southeast-4"
    default_tags {
        tags = {
            Environment = "CICD"
            Owner       = "Platform"
            Project     = "OpenTofu State"
        }
    }
}

module "backend" {
    source = "github.com/cupel-co/terraform-aws-backend?ref=v0.0.1"
    
    dynamodb_name = "OpenTofuLock"
    encryption_key_access_allowed_arns = [
        ""
    ]
    iam_prefix = "OpenTofu"
    primary_bucket_name = "cupel-OpenTofu-state-primary"
    secondary_bucket_name = "cupel-OpenTofu-state-secondary"
    tags = {
        CostCode = "123456"
    }
    providers = {
        aws.primary = aws.primary
        aws.secondary = aws.secondary
    }
}

About

Terraform module to provision Terraform state bucket, lock table and role

Topics

platform opentofu opentofu-modules opentofu-aws

Resources

Readme

License

GPL-3.0 license
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 6

v0.32.0 Latest
Sep 6, 2024
+ 5 releases

Packages

No packages published

Languages