Merge pull request #29494 from magnetikonline/docs-s3-backend-dynamodb-partition-key

S3 backend documentation update - DynamoDB uses Partition keys, not primary keys - redux
This commit is contained in:
Laura Pacilio 2021-09-13 10:39:02 -04:00 committed by GitHub
commit dcf2d3c1ef
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 7 deletions

View File

@ -200,7 +200,7 @@ The following configuration is optional:
The following configuration is optional: The following configuration is optional:
* `dynamodb_endpoint` - (Optional) Custom endpoint for the AWS DynamoDB API. This can also be sourced from the `AWS_DYNAMODB_ENDPOINT` environment variable. * `dynamodb_endpoint` - (Optional) Custom endpoint for the AWS DynamoDB API. This can also be sourced from the `AWS_DYNAMODB_ENDPOINT` environment variable.
* `dynamodb_table` - (Optional) Name of DynamoDB Table to use for state locking and consistency. The table must have a primary key named `LockID` with type of `string`. If not configured, state locking will be disabled. * `dynamodb_table` - (Optional) Name of DynamoDB Table to use for state locking and consistency. The table must have a partition key named `LockID` with type of `String`. If not configured, state locking will be disabled.
## Multi-account AWS Architecture ## Multi-account AWS Architecture
@ -240,15 +240,15 @@ gain access to the (usually more privileged) administrative infrastructure.
Your administrative AWS account will contain at least the following items: Your administrative AWS account will contain at least the following items:
* One or more [IAM user](http://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html) * One or more [IAM user](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html)
for system administrators that will log in to maintain infrastructure in for system administrators that will log in to maintain infrastructure in
the other accounts. the other accounts.
* Optionally, one or more [IAM groups](http://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html) * Optionally, one or more [IAM groups](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html)
to differentiate between different groups of users that have different to differentiate between different groups of users that have different
levels of access to the other AWS accounts. levels of access to the other AWS accounts.
* An [S3 bucket](https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingBucket.html) * An [S3 bucket](https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingBucket.html)
that will contain the Terraform state files for each workspace. that will contain the Terraform state files for each workspace.
* A [DynamoDB table](http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/HowItWorks.CoreComponents.html#HowItWorks.CoreComponents.TablesItemsAttributes) * A [DynamoDB table](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/HowItWorks.CoreComponents.html#HowItWorks.CoreComponents.TablesItemsAttributes)
that will be used for locking to prevent concurrent operations on a single that will be used for locking to prevent concurrent operations on a single
workspace. workspace.
@ -266,7 +266,7 @@ administrative account described above.
Your environment accounts will eventually contain your own product-specific Your environment accounts will eventually contain your own product-specific
infrastructure. Along with this it must contain one or more infrastructure. Along with this it must contain one or more
[IAM roles](http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html) [IAM roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html)
that grant sufficient access for Terraform to perform the desired management that grant sufficient access for Terraform to perform the desired management
tasks. tasks.
@ -274,7 +274,7 @@ tasks.
Each Administrator will run Terraform using credentials for their IAM user Each Administrator will run Terraform using credentials for their IAM user
in the administrative account. in the administrative account.
[IAM Role Delegation](http://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html) [IAM Role Delegation](https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html)
is used to grant these users access to the roles created in each environment is used to grant these users access to the roles created in each environment
account. account.
@ -369,7 +369,7 @@ tend to require.
When running Terraform in an automation tool running on an Amazon EC2 instance, When running Terraform in an automation tool running on an Amazon EC2 instance,
consider running this instance in the administrative account and using an consider running this instance in the administrative account and using an
[instance profile](http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html) [instance profile](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html)
in place of the various administrator IAM users suggested above. An IAM in place of the various administrator IAM users suggested above. An IAM
instance profile can also be granted cross-account delegation access via instance profile can also be granted cross-account delegation access via
an IAM policy, giving this instance the access it needs to run Terraform. an IAM policy, giving this instance the access it needs to run Terraform.