Last active
May 31, 2017 02:52
-
-
Save vancluever/d9c4235b1d754f7c8c9517987c1fea5b to your computer and use it in GitHub Desktop.
Effectively emulating the old "terraform remote config" command (TF >= v0.9.0)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # Say you have a S3 state with KMS on, with the appropriate variables | |
| # configured below (these could also be parameterized but I wanted to | |
| # make this gist as easy as possible to digest). Using this script | |
| # (or a reasonable facsimile thereof), you can emulate the old | |
| # "terraform remote config" command that existed in TF pre-v0.9 | |
| # by creating a file with your config in your Terraform directory. | |
| # This file should be ignored in source control! | |
| # Your s3 bucket. | |
| bucket_name="tfstate.example.internal" | |
| # The path to your TF state in the bucket. | |
| bucket_key="tf/test/ca-central-1.tfstate" | |
| # The region your bucket is located in. | |
| bucket_region="ca-central-1" | |
| # The KMS key ID used to encrypt the buckets. | |
| kms_key_id="ABCDEF0123456789" | |
| # Your Terraform directory. | |
| tf_dir="terraform" | |
| # The path of the config file. This should be excluded in your source | |
| # control! | |
| remote_config_file="_remote_config.tf" | |
| # Write out a TF config that contains all of the pertinent data in it. | |
| # | |
| # WARNING: Do not include credentials in this file! If you need credentials | |
| # (ie: AWS creds when not using environment or instance profiles), supply | |
| # them directly via "terraform init -backend-config= 'key=value'" command | |
| # switches. This can be added to the init command below. | |
| cat > "${remote_config_file}" <<EOS | |
| # Automatically generated file - DO NOT EDIT! | |
| # Ensure that this file is excluded from our source control! | |
| terraform { | |
| backend "s3" { | |
| bucket = "${__s3_bucket}" | |
| key = "${__current_key}" | |
| region = "${aws_region}" | |
| encrypt = "true" | |
| kms_key_id = "${__key_alias}" | |
| } | |
| } | |
| EOS | |
| # OPTIONAL. Wipe the .terraform and terraform.tfstate artifacts to | |
| # make sure that you are not prompted for migration, which may | |
| # break runs when running non-interactively. Note - this may | |
| # possibly blow away data - back up accordingly! Obviously remove | |
| # this if you WANT state to be migrated/copied. | |
| rm -rf .terraform/ terraform.tfstate | |
| # Run "terraform init" to write out the .terraform/terraform.tfstate | |
| # file. This file is a stub and will not contain any state data. | |
| # Remove -input=false if you need prompts on state migration/copy. | |
| terraform init -backend=true -get=false -input=false | |
| # Move the remote config to your Terraform directory. This extra | |
| # step needs to be built into the workflow until TF gets the ability | |
| # to perform init using configuration in a directory other than the | |
| # one you are running Terraform from. | |
| if [[ -n "${tf_dir}" ]]; then | |
| mv "${remote_config_file}" "${tf_dir}" | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
A previous version of this gist assumed that you could drop in a temporary config, create the
terraform.tfstatefile, and then remove the temp file. Turns out there was artifacts here from a previous run, so there was a config! My apologies!This revised version drops a config into whatever your Terraform directory is. Make sure this file gets excluded from source control.