Effectively emulating the old "terraform remote config" command (TF >= v0.9.0)

terraform-remote-config.sh

#!/usr/bin/env bash

# Say you have a S3 state with KMS on, with the appropriate variables
# configured below (these could also be parameterized but I wanted to
# make this gist as easy as possible to digest). Using this script
# (or a reasonable facsimile thereof), you can emulate the old
# "terraform remote config" command that existed in TF pre-v0.9
# by creating a file with your config in your Terraform directory.
# This file should be ignored in source control!

# Your s3 bucket.
bucket_name="tfstate.example.internal"

# The path to your TF state in the bucket.
bucket_key="tf/test/ca-central-1.tfstate"

# The region your bucket is located in.
bucket_region="ca-central-1"

# The KMS key ID used to encrypt the buckets.
kms_key_id="ABCDEF0123456789"

# Your Terraform directory.
tf_dir="terraform"

# The path of the config file. This should be excluded in your source
# control!
remote_config_file="_remote_config.tf"

# Write out a TF config that contains all of the pertinent data in it.
#
# WARNING: Do not include credentials in this file! If you need credentials
# (ie: AWS creds when not using environment or instance profiles), supply
# them directly via "terraform init -backend-config= 'key=value'" command
# switches. This can be added to the init command below.
cat > "${remote_config_file}" <<EOS
# Automatically generated file - DO NOT EDIT!
# Ensure that this file is excluded from our source control!
terraform {
  backend "s3" {
    bucket     = "${__s3_bucket}"
    key        = "${__current_key}"
    region     = "${aws_region}"
    encrypt    = "true"
    kms_key_id = "${__key_alias}"
  }
}
EOS

# OPTIONAL. Wipe the .terraform and terraform.tfstate artifacts to
# make sure that you are not prompted for migration, which may
# break runs when running non-interactively. Note - this may 
# possibly blow away data - back up accordingly! Obviously remove
# this if you WANT state to be migrated/copied.
rm -rf .terraform/ terraform.tfstate

# Run "terraform init" to write out the .terraform/terraform.tfstate
# file. This file is a stub and will not contain any state data.
# Remove -input=false if you need prompts on state migration/copy.
terraform init -backend=true -get=false -input=false

# Move the remote config to your Terraform directory. This extra
# step needs to be built into the workflow until TF gets the ability
# to perform init using configuration in a directory other than the
# one you are running Terraform from.
if [[ -n "${tf_dir}" ]]; then
  mv "${remote_config_file}" "${tf_dir}"
fi

A previous version of this gist assumed that you could drop in a temporary config, create the terraform.tfstate file, and then remove the temp file. Turns out there was artifacts here from a previous run, so there was a config! My apologies!

This revised version drops a config into whatever your Terraform directory is. Make sure this file gets excluded from source control.

A previous version of this gist assumed that you could drop in a temporary config, create the terraform.tfstate file, and then remove the temp file. Turns out there was artifacts here from a previous run, so there was a config! My apologies!

This revised version drops a config into whatever your Terraform directory is. Make sure this file gets excluded from source control.