backend/s3: Support DynamoDB, IAM, and STS endpoint configurations
This change enables a few related use cases: * AWS has partitions outside Commercial, GovCloud (US), and China, which are the only endpoints automatically handled by the AWS Go SDK. DynamoDB locking and credential verification can not currently be enabled in those regions. * Allows usage of any DynamoDB-compatible API for state locking * Allows usage of any IAM/STS-compatible API for credential verification
This commit is contained in:
parent
e8f9fad0e3
commit
9a3b02cd6c
|
@ -44,6 +44,13 @@ func New() backend.Backend {
|
||||||
DefaultFunc: schema.EnvDefaultFunc("AWS_DEFAULT_REGION", nil),
|
DefaultFunc: schema.EnvDefaultFunc("AWS_DEFAULT_REGION", nil),
|
||||||
},
|
},
|
||||||
|
|
||||||
|
"dynamodb_endpoint": {
|
||||||
|
Type: schema.TypeString,
|
||||||
|
Optional: true,
|
||||||
|
Description: "A custom endpoint for the DynamoDB API",
|
||||||
|
DefaultFunc: schema.EnvDefaultFunc("AWS_DYNAMODB_ENDPOINT", ""),
|
||||||
|
},
|
||||||
|
|
||||||
"endpoint": {
|
"endpoint": {
|
||||||
Type: schema.TypeString,
|
Type: schema.TypeString,
|
||||||
Optional: true,
|
Optional: true,
|
||||||
|
@ -51,6 +58,20 @@ func New() backend.Backend {
|
||||||
DefaultFunc: schema.EnvDefaultFunc("AWS_S3_ENDPOINT", ""),
|
DefaultFunc: schema.EnvDefaultFunc("AWS_S3_ENDPOINT", ""),
|
||||||
},
|
},
|
||||||
|
|
||||||
|
"iam_endpoint": {
|
||||||
|
Type: schema.TypeString,
|
||||||
|
Optional: true,
|
||||||
|
Description: "A custom endpoint for the IAM API",
|
||||||
|
DefaultFunc: schema.EnvDefaultFunc("AWS_IAM_ENDPOINT", ""),
|
||||||
|
},
|
||||||
|
|
||||||
|
"sts_endpoint": {
|
||||||
|
Type: schema.TypeString,
|
||||||
|
Optional: true,
|
||||||
|
Description: "A custom endpoint for the STS API",
|
||||||
|
DefaultFunc: schema.EnvDefaultFunc("AWS_STS_ENDPOINT", ""),
|
||||||
|
},
|
||||||
|
|
||||||
"encrypt": {
|
"encrypt": {
|
||||||
Type: schema.TypeBool,
|
Type: schema.TypeBool,
|
||||||
Optional: true,
|
Optional: true,
|
||||||
|
@ -252,7 +273,10 @@ func (b *Backend) configure(ctx context.Context) error {
|
||||||
CredsFilename: data.Get("shared_credentials_file").(string),
|
CredsFilename: data.Get("shared_credentials_file").(string),
|
||||||
Profile: data.Get("profile").(string),
|
Profile: data.Get("profile").(string),
|
||||||
Region: data.Get("region").(string),
|
Region: data.Get("region").(string),
|
||||||
|
DynamoDBEndpoint: data.Get("dynamodb_endpoint").(string),
|
||||||
|
IamEndpoint: data.Get("iam_endpoint").(string),
|
||||||
S3Endpoint: data.Get("endpoint").(string),
|
S3Endpoint: data.Get("endpoint").(string),
|
||||||
|
StsEndpoint: data.Get("sts_endpoint").(string),
|
||||||
SecretKey: data.Get("secret_key").(string),
|
SecretKey: data.Get("secret_key").(string),
|
||||||
Token: data.Get("token").(string),
|
Token: data.Get("token").(string),
|
||||||
SkipCredsValidation: data.Get("skip_credentials_validation").(bool),
|
SkipCredsValidation: data.Get("skip_credentials_validation").(bool),
|
||||||
|
|
|
@ -172,6 +172,9 @@ The following configuration options or environment variables are supported:
|
||||||
* `workspace_key_prefix` - (Optional) The prefix applied to the state path
|
* `workspace_key_prefix` - (Optional) The prefix applied to the state path
|
||||||
inside the bucket. This is only relevant when using a non-default workspace.
|
inside the bucket. This is only relevant when using a non-default workspace.
|
||||||
This defaults to "env:"
|
This defaults to "env:"
|
||||||
|
* `dynamodb_endpoint` / `AWS_DYNAMODB_ENDPOINT` - (Optional) A custom endpoint for the DynamoDB API.
|
||||||
|
* `iam_endpoint` / `AWS_IAM_ENDPOINT` - (Optional) A custom endpoint for the IAM API.
|
||||||
|
* `sts_endpoint` / `AWS_STS_ENDPOINT` - (Optional) A custom endpoint for the STS API.
|
||||||
* `skip_credentials_validation` - (Optional) Skip the credentials validation via the STS API.
|
* `skip_credentials_validation` - (Optional) Skip the credentials validation via the STS API.
|
||||||
* `skip_get_ec2_platforms` - (Optional) Skip getting the supported EC2 platforms.
|
* `skip_get_ec2_platforms` - (Optional) Skip getting the supported EC2 platforms.
|
||||||
* `skip_region_validation` - (Optional) Skip validation of provided region name.
|
* `skip_region_validation` - (Optional) Skip validation of provided region name.
|
||||||
|
|
Loading…
Reference in New Issue