Remote backend setup issues in 03-basics

[RafayAK]

The path to the key is not clear as the directory "03-basics/import-bootstrap/terraform.tfstate" does not exist during the aws bootstrap process:

terraform {
  #############################################################
  ## AFTER RUNNING TERRAFORM APPLY (WITH LOCAL BACKEND)
  ## YOU WILL UNCOMMENT THIS CODE THEN RERUN TERRAFORM INIT
  ## TO SWITCH FROM LOCAL BACKEND TO REMOTE AWS BACKEND
  #############################################################
  # backend "s3" {
  #   bucket         = "devops-directive-tf-state" # REPLACE WITH YOUR BUCKET NAME
  #   key            = "03-basics/import-bootstrap/terraform.tfstate"
  #   region         = "us-east-1"
  #   dynamodb_table = "terraform-state-locking"
  #   encrypt        = true
  # }

...

If we use the locally stored terraform.tfstate file while in the path 03-basics/aws-backend we can successfully create the remote s3 backend:

03-basics/aws-backend/ $ cat main.tf 
terraform {
  #############################################################
  ## AFTER RUNNING TERRAFORM APPLY (WITH LOCAL BACKEND)
  ## YOU WILL UNCOMMENT THIS CODE THEN RERUN TERRAFORM INIT
  ## TO SWITCH FROM LOCAL BACKEND TO REMOTE AWS BACKEND
  #############################################################
  # backend "s3" {
  #   bucket         = "devops-directive-tf-state" # REPLACE WITH YOUR BUCKET NAME
  #   key            = "terraform.tfstate"
  #   region         = "us-east-1"
  #   dynamodb_table = "terraform-state-locking"
  #   encrypt        = true
  # }

...
03-basics/aws-backend/ $ terraform init
03-basics/aws-backend/ $ terraform plan
03-basics/aws-backend/ $ terraform apply

# This works! 
  

Then the problem is how to use the aws-backend terraform.tfstate in the web-app terrform config? Doing terrform init and terrform plan with the following config while in the 03-basics/web-app directory shows that it will end up deleting the backend resources:

03-basics/web-app/ $ cat main.tf 

terraform {

    # assuems that the bootstapping process has been done already
    # bootstrapping with done in 03-basics/aws-bootstrap  
    backend "s3" {
        bucket         = "rafay-tf-state-bucket"
        key            = "terraform.tfstate"  # in the code the actual value is "03-basics/web-app/terraform.tfstate"
        region         = "us-east-1"
        dynamodb_table = "terraform-state-locking"
        encrypt        = true
    }

...

plan output

....
      + timezone                              = (known after apply)
      + username                              = "foo"
      + vpc_security_group_ids                = (known after apply)
    }

  # aws_dynamodb_table.terraform_locks will be destroyed
  # (because aws_dynamodb_table.terraform_locks is not in configuration)
  - resource "aws_dynamodb_table" "terraform_locks" {
      - arn                         = "arn:aws:dynamodb:us-east-1:761631971559:table/terraform-state-locking" -> null
      - billing_mode                = "PAY_PER_REQUEST" -> null
      - deletion_protection_enabled = false -> null
      - hash_key                    = "LockID" -> null
      - id                          = "terraform-state-locking" -> null
      - name                        = "terraform-state-locking" -> null
      - read_capacity               = 0 -> null
      - stream_enabled              = false -> null
      - table_class                 = "STANDARD" -> null
      - tags                        = {} -> null
      - tags_all                    = {} -> null
      - write_capacity              = 0 -> null

      - attribute {
          - name = "LockID" -> null
          - type = "S" -> null
        }

      - point_in_time_recovery {
          - enabled = false -> null
        }

      - ttl {
          - enabled = false -> null
        }
    }

...


  # aws_s3_bucket.terraform_state will be destroyed
  # (because aws_s3_bucket.terraform_state is not in configuration)
  - resource "aws_s3_bucket" "terraform_state" {
      - arn                         = "arn:aws:s3:::rafay-tf-state-bucket" -> null
      - bucket                      = "rafay-tf-state-bucket" -> null
      - bucket_domain_name          = "rafay-tf-state-bucket.s3.amazonaws.com" -> null
      - bucket_regional_domain_name = "rafay-tf-state-bucket.s3.us-east-1.amazonaws.com" -> null
      - force_destroy               = true -> null
      - hosted_zone_id              = "Z3AQBSTGFYJSTF" -> null
      - id                          = "rafay-tf-state-bucket" -> null
      - object_lock_enabled         = false -> null
      - region                      = "us-east-1" -> null
      - request_payer               = "BucketOwner" -> null
      - tags                        = {} -> null
      - tags_all                    = {} -> null

      - grant {
          - id          = "57126703ff6a17d5be2bb99b83d081c151f3364c56d1034085f2a0e0e792f925" -> null
          - permissions = [
              - "FULL_CONTROL",
            ] -> null
          - type        = "CanonicalUser" -> null
        }

      - server_side_encryption_configuration {
          - rule {
              - bucket_key_enabled = false -> null

              - apply_server_side_encryption_by_default {
                  - sse_algorithm = "AES256" -> null
                }
            }
        }

      - versioning {
          - enabled    = true -> null
          - mfa_delete = false -> null
        }
    }