This module creates an AWS S3 bucket for usage as terraform or opentofu state backend. A DynamoDB table is also created to manage state locks.
For further information about the AWS S3 state backend check out the official documentation for terraform and opentofu.
module "state_storage" {
source = "$SOURCE"
version = "$VERSION"
bucket_name = "my-unique-bucket-name" # All other variables are optional
}| Name | Version |
|---|---|
| terraform | >= 1.7.0 |
| aws | >= 5.40.0 |
| Name | Version |
|---|---|
| aws | >= 5.40.0 |
| Name | Type |
|---|---|
| aws_dynamodb_table.terraform_locks | resource |
| aws_s3_bucket.terraform_state | resource |
| aws_s3_bucket_lifecycle_configuration.terraform_state | resource |
| aws_s3_bucket_policy.terraform_state_policy | resource |
| aws_s3_bucket_public_access_block.terraform_state | resource |
| aws_s3_bucket_server_side_encryption_configuration.terraform_state | resource |
| aws_s3_bucket_versioning.terraform_state | resource |
| aws_caller_identity.current | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| bucket_name | Name of the state bucket that will be created | string |
n/a | yes |
| dynamodb_encryption_key | ARN of the KMS key used to encrypt the dynamodb table used for state locking. If not set the default dynamodb key will be used. | string |
null |
no |
| dynamodb_table_name | Name of the dynamodb table used for state locking. Defaults to bucket name if not set | string |
null |
no |
| dynamodb_tags | Map of strings containing tag keys and values for the dynamodb table | map(string) |
{} |
no |
| s3_encryption_key | ARN of the KMS key used to encrypt the state bucket. If not set the default s3 key will be used | string |
null |
no |
| s3_tags | Map of strings containing tag keys and values for the state bucket | map(string) |
{} |
no |
| Name | Description |
|---|---|
| dynamodb_table | Map containing name and ARN of the dynamodb table |
| s3_bucket | Map containing name and ARN of the state bucket |