/terraform-remote-config.sh
Last active May 31, 2017
Effectively emulating the old "terraform remote config" command (TF >= v0.9.0)
| #!/usr/bin/env bash | |
| # Say you have a S3 state with KMS on, with the appropriate variables | |
| # configured below (these could also be parameterized but I wanted to | |
| # make this gist as easy as possible to digest). Using this script | |
| # (or a reasonable facsimile thereof), you can emulate the old | |
| # "terraform remote config" command that existed in TF pre-v0.9 | |
| # by creating a file with your config in your Terraform directory. | |
| # This file should be ignored in source control! | |
| # Your s3 bucket. | |
| bucket_name="tfstate.example.internal" | |
| # The path to your TF state in the bucket. | |
| bucket_key="tf/test/ca-central-1.tfstate" | |
| # The region your bucket is located in. | |
| bucket_region="ca-central-1" | |
| # The KMS key ID used to encrypt the buckets. | |
| kms_key_id="ABCDEF0123456789" | |
| # Your Terraform directory. | |
| tf_dir="terraform" | |
| # The path of the config file. This should be excluded in your source | |
| # control! | |
| remote_config_file="_remote_config.tf" | |
| # Write out a TF config that contains all of the pertinent data in it. | |
| # | |
| # WARNING: Do not include credentials in this file! If you need credentials | |
| # (ie: AWS creds when not using environment or instance profiles), supply | |
| # them directly via "terraform init -backend-config= 'key=value'" command | |
| # switches. This can be added to the init command below. | |
| cat > "${remote_config_file}" <<EOS | |
| # Automatically generated file - DO NOT EDIT! | |
| # Ensure that this file is excluded from our source control! | |
| terraform { | |
| backend "s3" { | |
| bucket = "${__s3_bucket}" | |
| key = "${__current_key}" | |
| region = "${aws_region}" | |
| encrypt = "true" | |
| kms_key_id = "${__key_alias}" | |
| } | |
| } | |
| EOS | |
| # OPTIONAL. Wipe the .terraform and terraform.tfstate artifacts to | |
| # make sure that you are not prompted for migration, which may | |
| # break runs when running non-interactively. Note - this may | |
| # possibly blow away data - back up accordingly! Obviously remove | |
| # this if you WANT state to be migrated/copied. | |
| rm -rf .terraform/ terraform.tfstate | |
| # Run "terraform init" to write out the .terraform/terraform.tfstate | |
| # file. This file is a stub and will not contain any state data. | |
| # Remove -input=false if you need prompts on state migration/copy. | |
| terraform init -backend=true -get=false -input=false | |
| # Move the remote config to your Terraform directory. This extra | |
| # step needs to be built into the workflow until TF gets the ability | |
| # to perform init using configuration in a directory other than the | |
| # one you are running Terraform from. | |
| if [[ -n "${tf_dir}" ]]; then | |
| mv "${remote_config_file}" "${tf_dir}" | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This comment has been minimized.
vancluever commentedApr 11, 2017
•
edited
A previous version of this gist assumed that you could drop in a temporary config, create the
terraform.tfstatefile, and then remove the temp file. Turns out there was artifacts here from a previous run, so there was a config! My apologies!This revised version drops a config into whatever your Terraform directory is. Make sure this file gets excluded from source control.