Releases: cloudposse/terraform-aws-tfstate-backend
Releases · cloudposse/terraform-aws-tfstate-backend
v0.35.0
Use `templatefile` @nitrocode (#94)
what
- Use
templatefile
why
template_fileis a deprecated data source
references
- Closes #34
Contributors
nitrocode
Assets 2
v0.34.0
Allow bucket and dynamodb to be optional @nitrocode (#95)
what
- Allow bucket and dynamodb to be optional
why
- So the other properties of the module can be utilized without these resources created
references
- Closes #72
commands
terraform plan -var-file=fixtures.us-east-2.tfvars -var="bucket_enabled=false"
Terraform will perform the following actions:
# module.tfstate_backend.data.template_file.terraform_backend_config[0] will be read during apply
# (config refers to values not yet known)
<= data "template_file" "terraform_backend_config" {
+ id = "5a980e8fb70fc8f005fdb482ab13ecfd59fb1b29ba860fddf0d9237096940026"
+ rendered = <<~EOT
terraform {
required_version = ">= 0.12.2"
backend "s3" {
region = "us-east-2"
bucket = ""
key = "terraform.tfstate"
dynamodb_table = "eg-test-terraform-tfstate-backend-lock"
profile = ""
role_arn = ""
encrypt = "true"
}
}
EOT
+ template = <<~EOT
terraform {
required_version = ">= ${terraform_version}"
backend "s3" {
region = "${region}"
bucket = "${bucket}"
key = "${terraform_state_file}"
dynamodb_table = "${dynamodb_table}"
profile = "${profile}"
role_arn = "${role_arn}"
encrypt = "${encrypt}"
}
}
EOT
+ vars = {
+ "bucket" = ""
+ "dynamodb_table" = "eg-test-terraform-tfstate-backend-lock"
+ "encrypt" = "true"
+ "profile" = ""
+ "region" = "us-east-2"
+ "role_arn" = ""
+ "terraform_state_file" = "terraform.tfstate"
+ "terraform_version" = "0.12.2"
}
}
# module.tfstate_backend.aws_dynamodb_table.with_server_side_encryption[0] will be created
+ resource "aws_dynamodb_table" "with_server_side_encryption" {
+ arn = (known after apply)
+ billing_mode = "PROVISIONED"
+ hash_key = "LockID"
+ id = (known after apply)
+ name = "eg-test-terraform-tfstate-backend-lock"
+ read_capacity = 5
+ stream_arn = (known after apply)
+ stream_label = (known after apply)
+ stream_view_type = (known after apply)
+ tags = {
+ "Attributes" = "lock"
+ "Name" = "eg-test-terraform-tfstate-backend-lock"
+ "Namespace" = "eg"
+ "Stage" = "test"
}
+ tags_all = {
+ "Attributes" = "lock"
+ "Name" = "eg-test-terraform-tfstate-backend-lock"
+ "Namespace" = "eg"
+ "Stage" = "test"
}
+ write_capacity = 5
+ attribute {
+ name = "LockID"
+ type = "S"
}
+ point_in_time_recovery {
+ enabled = true
}
+ server_side_encryption {
+ enabled = true
+ kms_key_arn = (known after apply)
}
}
Plan: 1 to add, 0 to change, 0 to destroy.terraform plan -var-file=fixtures.us-east-2.tfvars -var="dynamodb_enabled=false"
Terraform will perform the following actions:
# module.tfstate_backend.data.template_file.terraform_backend_config[0] will be read during apply
# (config refers to values not yet known)
<= data "template_file" "terraform_backend_config" {
+ id = (known after apply)
+ rendered = (known after apply)
+ template = <<~EOT
terraform {
required_version = ">= ${terraform_version}"
backend "s3" {
region = "${region}"
bucket = "${bucket}"
key = "${terraform_state_file}"
dynamodb_table = "${dynamodb_table}"
profile = "${profile}"
role_arn = "${role_arn}"
encrypt = "${encrypt}"
}
}
EOT
+ vars = {
+ "bucket" = (known after apply)
+ "dynamodb_table" = ""
+ "encrypt" = "true"
+ "environment" = null
+ "name" = null
+ "namespace" = null
+ "profile" = ""
+ "region" = "us-east-2"
+ "role_arn" = ""
+ "stage" = null
+ "terraform_state_file" = "terraform.tfstate"
+ "terraform_version" = "0.12.2"
}
}
# module.tfstate_backend.aws_s3_bucket.default[0] will be created
+ resource "aws_s3_bucket" "default" {
+ acceleration_status = (known after apply)
+ acl = "private"
+ arn = (known after apply)
+ bucket = "eg-test-terraform-tfstate-backend"
+ bucket_domain_name = (known after apply)
+ bucket_regional_domain_name = (known after apply)
+ force_destroy = true
+ hosted_zone_id = (known after apply)
+ id = (known after apply)
+ policy = jsonencode(
{
+ Statement = [
+ {
+ Action = "s3:PutObject"
+ Condition = {
+ StringNotEquals = {
+ s3:x-amz-server-side-encryption = [
+ "AES256",
+ "aws:kms",
]
}
}
+ Effect = "Deny"
+ Principal = {
+ AWS = "*"
}
+ Resource = "arn:aws:s3:::eg-test-terraform-tfstate-backend/*"
+ Sid = "DenyIncorrectEncryptionHeader"
},
+ {
+ Action = "s3:PutObject"
+ Condition = {
+ Null = {
+ s3:x-amz-server-side-encryption = [
+ "true",
]
}
}
+ Effect = "Deny"
+ Principal = {
+ AWS = "*"
}
+ Resource = "arn:aws:s3:::eg-test-terraform-tfstate-backend/*"
+ Sid = "DenyUnEncryptedObjectUploads"
},
+ {
+ Action = "s3:*"
+ Condition = {
+ Bool = {
+ aws:SecureTransport = [
+ "false",
]
}
}
+ Effect = "Deny"
+ Principal = {
+ AWS = "*"
}
+ Resource = [
+ "arn:aws:s3:::eg-test-terraform-tfstate-backend/*",
+ "arn:aws:s3:::eg-test-terraform-tfstate-backend",
]
+ Sid = "EnforceTlsRequestsOnly"
},
]
+ Version = "2012-10-17"
}
)
+ region = (known after apply)
+ request_payer = (known after apply)
+ tags = {
+ "Name" = "eg-test-terraform-tfstate-backend"
+ "Namespace" = "eg"
+ "Stage" = "test"
}
+ tags_all = {
+ "Name" = "eg-test-terraform-tfstate-backend"
+ "Namespace" = "eg"
+ "Stage" = "test"
}
+ website_domain = (known after apply)
+ website_endpoint = (known after apply)
+ server_side_encryption_configuration {
+ rule {
+ apply_server_side_encryption_by_default {
+ sse_algorithm = "AES256"
}
}
}
+ versioning {
+ enabled = true
+ mfa_delete = false
}
}
# module.tfstate_backend.aws_s3_bucket_public_access_block.default[0] will be created
+ resource "aws_s3_bucket_public_access_block" "default" {
+ block_public_acls = true
+ block_public_policy = true
+ bucket = (known after apply)
+ id = (known after apply)
+ ignore_public_acls = true
+ restrict_public_buckets = true
}
Plan: 2 to add, 0 to change, 0 to destroy.Contributors
nitrocode
Assets 2
v0.33.1
🚀 Enhancements
Contributors
nitrocode
Assets 2
v0.33.0
context.tf updated to v0.24.1, minimum required Terraform version bumped to 0.13.0 when needed, readme updated @maximmi (#86)
what
- update context.tf to v0.24.1
- minimum required Terraform version bumped to 0.13.0
- readme updated, Bridgecrew compliance badges added
why
- It allows for setting the letter case of tag names and labels, back compatibility with context v0.22.0 and below
- we have dropped support for Terraform 0.12
- To be able see and fix the recommendations from Bridgecrew so we can position our modules as standards compliant
v0.32.1
🤖 Automatic Updates
Update context.tf @cloudpossebot (#83)
what
This is an auto-generated PR that updates the context.tf file to the latest version from cloudposse/terraform-null-label
why
To support all the features of the context interface.
v0.32.0
minimum required Terraform version bumped to 0.13.0, context.tf updated, readme updated @maximmi (#85)
what
- update context.tf to v0.23.0
- minimum required Terraform version bumped to 0.13.0
- readme updated, Bridgecrew compliance badges added
why
- It allows for setting the letter case of tag names and labels
- we have dropped support for Terraform 0.12
- To be able see and fix the recommendations from Bridgecrew so we can position our modules as standards compliant
v0.31.1
🤖 Automatic Updates
Update README.md and docs @cloudpossebot (#84)
what
This is an auto-generated PR that updates the README.md and docs
why
To have most recent changes of README.md and doc from origin templates