Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Replace lock_table with dynamodb_table in S3 backend config #14949

Merged
merged 2 commits into from
May 30, 2017

Conversation

jbardin
Copy link
Member

@jbardin jbardin commented May 30, 2017

Since the DynamoDB table used by the S3 backend is no longer only used
for locks, rename it in the config to remove any confusion about it
being lock-specific.

Update the docs and add missing assume_role_policy, external_id, and session_name parameters too.

jbardin added 2 commits May 30, 2017 16:27
Since the DynamoDB table used by the S3 backend is no longer only used
for locks, rename it in the config to remove any confusion about it
being lock-specific.
Add dynamodb_table and deprecation notice on lock_table. Add missing
parameters for the S3 backends: assume_role_policy, external_id,
and session_name.
@jbardin jbardin merged commit 6a3a3b3 into master May 30, 2017
@jbardin jbardin deleted the jbardin/s3-config branch May 30, 2017 22:41
@josh-padnick
Copy link

@jbardin It looks like the docs now say that the DynamoDB table is used for "state locking and consistency." Can you clarify what kind of consistency operations are performed in DynamoDB?

@jbardin
Copy link
Member Author

jbardin commented Jun 8, 2017

Hi @josh-padnick,

The consistency check is fairly simple, when a state is stored an md5sum of the blob (md5 because that's what the pre-existing remote client interface already supported) is saved in the dynamodb table. When the state is fetched it's compared against the stored checksum, and if it doesn't match the client will try again for a short period of time before returning an error.

While the consistency check prevents against unexpected alterations to the state, the real goal is simply to avoid pulling a stale state due the eventual consistency delays in S3. Now that locks are available, users are more comfortable running terraform executions in close succession, and the propagation time within s3 has become much more apparent.

@josh-padnick
Copy link

Very interesting! Thanks for the explanation.

@maheshshekhar
Copy link

maheshshekhar commented Jun 19, 2017

i get error when using the dynamodb_table for the backend s3.
Error: Error configuring the backend "s3": No valid credential sources found for AWS Provider.

Note: Credetials have been configured in ~/.aws config and credentials file.

please let us know how we can go about this.

@ghost
Copy link

ghost commented Apr 8, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@ghost ghost locked and limited conversation to collaborators Apr 8, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants