2016-01-17 23:27:13 +01:00
|
|
|
---
|
|
|
|
layout: "remotestate"
|
|
|
|
page_title: "Remote State Backend: s3"
|
|
|
|
sidebar_current: "docs-state-remote-s3"
|
|
|
|
description: |-
|
|
|
|
Terraform can store the state remotely, making it easier to version and work with in a team.
|
|
|
|
---
|
|
|
|
|
|
|
|
# s3
|
|
|
|
|
|
|
|
Stores the state as a given key in a given bucket on [Amazon S3](https://aws.amazon.com/s3/).
|
|
|
|
|
|
|
|
-> **Note:** Passing credentials directly via config options will
|
|
|
|
make them included in cleartext inside the persisted state.
|
|
|
|
Use of environment variables or config file is recommended.
|
|
|
|
|
|
|
|
## Example Usage
|
|
|
|
|
|
|
|
```
|
|
|
|
terraform remote config \
|
|
|
|
-backend=s3 \
|
|
|
|
-backend-config="bucket=terraform-state-prod" \
|
|
|
|
-backend-config="key=network/terraform.tfstate" \
|
|
|
|
-backend-config="region=us-east-1"
|
|
|
|
```
|
|
|
|
|
|
|
|
## Example Referencing
|
|
|
|
|
|
|
|
```
|
|
|
|
resource "terraform_remote_state" "foo" {
|
|
|
|
backend = "s3"
|
|
|
|
config {
|
|
|
|
bucket = "terraform-state-prod"
|
|
|
|
key = "network/terraform.tfstate"
|
|
|
|
region = "us-east-1"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
```
|
|
|
|
|
|
|
|
## Configuration variables
|
|
|
|
|
|
|
|
The following configuration options / environment variables are supported:
|
|
|
|
|
|
|
|
* `bucket` - (Required) The name of the S3 bucket
|
|
|
|
* `key` - (Required) The path where to place/look for state file inside the bucket
|
|
|
|
* `region` / `AWS_DEFAULT_REGION` - (Optional) The region of the S3 bucket
|
|
|
|
* `endpoint` / `AWS_S3_ENDPOINT` - (Optional) A custom endpoint for the S3 API
|
|
|
|
* `encrypt` - (Optional) Whether to enable [server side encryption](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html)
|
|
|
|
of the state file
|
|
|
|
* `acl` - [Canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl)
|
|
|
|
to be applied to the state file.
|
|
|
|
* `access_key` / `AWS_ACCESS_KEY_ID` - (Optional) AWS access key
|
|
|
|
* `secret_key` / `AWS_SECRET_ACCESS_KEY` - (Optional) AWS secret key
|
2016-01-20 01:58:47 +01:00
|
|
|
* `kms_key_id` - (Optional) Set to to the ARN of a KMS Key to use that key to encrypt the state.
|