Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
Effectively emulating the old "terraform remote config" command (TF >= v0.9.0)
#!/usr/bin/env bash
# Say you have a S3 state with KMS on, with the appropriate variables
# configured below (these could also be parameterized but I wanted to
# make this gist as easy as possible to digest). Using this script
# (or a reasonable facsimile thereof), you can emulate the old
# "terraform remote config" command that existed in TF pre-v0.9
# by creating a file with your config in your Terraform directory.
# This file should be ignored in source control!
# Your s3 bucket.
bucket_name="tfstate.example.internal"
# The path to your TF state in the bucket.
bucket_key="tf/test/ca-central-1.tfstate"
# The region your bucket is located in.
bucket_region="ca-central-1"
# The KMS key ID used to encrypt the buckets.
kms_key_id="ABCDEF0123456789"
# Your Terraform directory.
tf_dir="terraform"
# The path of the config file. This should be excluded in your source
# control!
remote_config_file="_remote_config.tf"
# Write out a TF config that contains all of the pertinent data in it.
#
# WARNING: Do not include credentials in this file! If you need credentials
# (ie: AWS creds when not using environment or instance profiles), supply
# them directly via "terraform init -backend-config= 'key=value'" command
# switches. This can be added to the init command below.
cat > "${remote_config_file}" <<EOS
# Automatically generated file - DO NOT EDIT!
# Ensure that this file is excluded from our source control!
terraform {
backend "s3" {
bucket = "${__s3_bucket}"
key = "${__current_key}"
region = "${aws_region}"
encrypt = "true"
kms_key_id = "${__key_alias}"
}
}
EOS
# OPTIONAL. Wipe the .terraform and terraform.tfstate artifacts to
# make sure that you are not prompted for migration, which may
# break runs when running non-interactively. Note - this may
# possibly blow away data - back up accordingly! Obviously remove
# this if you WANT state to be migrated/copied.
rm -rf .terraform/ terraform.tfstate
# Run "terraform init" to write out the .terraform/terraform.tfstate
# file. This file is a stub and will not contain any state data.
# Remove -input=false if you need prompts on state migration/copy.
terraform init -backend=true -get=false -input=false
# Move the remote config to your Terraform directory. This extra
# step needs to be built into the workflow until TF gets the ability
# to perform init using configuration in a directory other than the
# one you are running Terraform from.
if [[ -n "${tf_dir}" ]]; then
mv "${remote_config_file}" "${tf_dir}"
fi
Owner

vancluever commented Apr 11, 2017

A previous version of this gist assumed that you could drop in a temporary config, create the terraform.tfstate file, and then remove the temp file. Turns out there was artifacts here from a previous run, so there was a config! My apologies!

This revised version drops a config into whatever your Terraform directory is. Make sure this file gets excluded from source control.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment