This project provides a CDK construct bootstrapping an AWS account with a S3 Bucket and a DynamoDB table as Terraform state backend.
Terraform doesn't come shipped with a cli command bootstrapping the account for State Storage and Locking
like AWS CDK provides with cdk bootstrap
.
While bootstrapping the AWS Organization and Accounts this construct may be used to create:
- S3 Bucket with blocked public access, versioned, encrypted by SSE-S3
- DynamoDB Table with pay per request, continuous backups using point-in-time recovery, encrypted by AWS owned key
- IAM Policy with read/write access to the created S3 Bucket and DynamoDB Table
See API.md
npm install @pepperize/cdk-terraform-state-backend
or
yarn add @pepperize/cdk-terraform-state-backend
pip install pepperize.cdk-terraform-state-backend
dotnet add package Pepperize.CDK.TerraformStateBackend
<dependency>
<groupId>com.pepperize</groupId>
<artifactId>cdk-terraform-state-backend</artifactId>
<version>${cdkTerraformStateBackend.version}</version>
</dependency>
import { App, Stack } from "aws-cdk-lib";
import { TerraformStateBackend } from "@pepperize/cdk-terraform-state-backend";
const app = new App();
const stack = new Stack(app, "stack", {
env: {
account: "123456789012",
region: "us-east-1",
},
});
// When
new TerraformStateBackend(stack, "TerraformStateBackend", {
bucketName: "terraform-state-backend",
tableName: "terraform-state-backend",
});
terraform {
backend "s3" {
bucket = "terraform-state-backend-123456789012-us-east-1"
dynamodb_table = "terraform-state-backend-123456789012"
key = "path/to/my/key"
region = "us-east-1"
}
}