Effectively emulating the old "terraform remote config" command (TF >= v0.9.0)
#!/usr/bin/env bash | |
# Say you have a S3 state with KMS on, with the appropriate variables | |
# configured below (these could also be parameterized but I wanted to | |
# make this gist as easy as possible to digest). Using this script | |
# (or a reasonable facsimile thereof), you can emulate the old | |
# "terraform remote config" command that existed in TF pre-v0.9 | |
# by creating a file with your config in your Terraform directory. | |
# This file should be ignored in source control! | |
# Your s3 bucket. | |
bucket_name="tfstate.example.internal" | |
# The path to your TF state in the bucket. | |
bucket_key="tf/test/ca-central-1.tfstate" | |
# The region your bucket is located in. | |
bucket_region="ca-central-1" | |
# The KMS key ID used to encrypt the buckets. | |
kms_key_id="ABCDEF0123456789" | |
# Your Terraform directory. | |
tf_dir="terraform" | |
# The path of the config file. This should be excluded in your source | |
# control! | |
remote_config_file="_remote_config.tf" | |
# Write out a TF config that contains all of the pertinent data in it. | |
# | |
# WARNING: Do not include credentials in this file! If you need credentials | |
# (ie: AWS creds when not using environment or instance profiles), supply | |
# them directly via "terraform init -backend-config= 'key=value'" command | |
# switches. This can be added to the init command below. | |
cat > "${remote_config_file}" <<EOS | |
# Automatically generated file - DO NOT EDIT! | |
# Ensure that this file is excluded from our source control! | |
terraform { | |
backend "s3" { | |
bucket = "${__s3_bucket}" | |
key = "${__current_key}" | |
region = "${aws_region}" | |
encrypt = "true" | |
kms_key_id = "${__key_alias}" | |
} | |
} | |
EOS | |
# OPTIONAL. Wipe the .terraform and terraform.tfstate artifacts to | |
# make sure that you are not prompted for migration, which may | |
# break runs when running non-interactively. Note - this may | |
# possibly blow away data - back up accordingly! Obviously remove | |
# this if you WANT state to be migrated/copied. | |
rm -rf .terraform/ terraform.tfstate | |
# Run "terraform init" to write out the .terraform/terraform.tfstate | |
# file. This file is a stub and will not contain any state data. | |
# Remove -input=false if you need prompts on state migration/copy. | |
terraform init -backend=true -get=false -input=false | |
# Move the remote config to your Terraform directory. This extra | |
# step needs to be built into the workflow until TF gets the ability | |
# to perform init using configuration in a directory other than the | |
# one you are running Terraform from. | |
if [[ -n "${tf_dir}" ]]; then | |
mv "${remote_config_file}" "${tf_dir}" | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This comment has been minimized.
A previous version of this gist assumed that you could drop in a temporary config, create the
terraform.tfstate
file, and then remove the temp file. Turns out there was artifacts here from a previous run, so there was a config! My apologies!This revised version drops a config into whatever your Terraform directory is. Make sure this file gets excluded from source control.