This project provides a CDK construct bootstrapping an AWS account with a S3 Bucket and a DynamoDB table as Terraform state backend.
Terraform doesn't come shipped with a cli command bootstrapping the account for State Storage and Locking
like AWS CDK provides with cdk bootstrap
While bootstrapping the AWS Organization and Accounts this construct may be used to create:
- S3 Bucket with blocked public access, versioned, encrypted by SSE-S3
- DynamoDB Table with pay per request, continuous backups using point-in-time recovery, encrypted by AWS owned key
- IAM Policy with read/write access to the created S3 Bucket and DynamoDB Table
npm install @pepperize/cdk-terraform-state-backend
yarn add @pepperize/cdk-terraform-state-backend
pip install pepperize.cdk-terraform-state-backend
dotnet add package Pepperize.CDK.TerraformStateBackend
import { App, Stack } from "aws-cdk-lib";
import { TerraformStateBackend } from "@pepperize/cdk-terraform-state-backend";
const app = new App();
const stack = new Stack(app, "stack", {
env: {
account: "123456789012",
region: "us-east-1",
// When
new TerraformStateBackend(stack, "TerraformStateBackend", {
bucketName: "terraform-state-backend",
tableName: "terraform-state-backend",
terraform {
backend "s3" {
bucket = "terraform-state-backend-123456789012-us-east-1"
dynamodb_table = "terraform-state-backend-123456789012"
key = "path/to/my/key"
region = "us-east-1"