Enable Terraform Remote Backend on AWS S3

When working in a team environment with multiple DevOps engineers or developers it is highly recommended to use a remote backend.

A Terraform remote backup protect the Terraform configuration from getting lost (if saved on the local machine), allow multiple team members to share the configuration and also lock the configuration while it is being used.

For the above reason, an S3 backend ticks all the boxes. This post will first show how to create the backend which is consistent with an S3 bucket for state storage and a DynamoDB for state lock.

Let’s go ahead and run the configuration below which will set up a backend with two resources.

Note: Change the name of the bucket and DynamoDB table name.

Enable Backend 

terraform {
  required_providers {
    aws = {
      source = "hashicorp/aws"
      version = "3.47.0"
    }
  }
}

provider "aws" {
  region = "us-west-2"
}

resource "aws_s3_bucket" "terraform" {
  bucket = "sysopsruntime-terraform-state"
  acl    = "private"

}
resource "aws_dynamodb_table" "terraform" {
  name         = "sysopsruntime-terraform-lock"
  billing_mode = "PAY_PER_REQUEST"
  hash_key     = "LockID"

  attribute {
    name = "LockID"
    type = "S"
  }
}

If the run is completed successfully move to the next step and add a backend to your code.

Terraform Configuration With Backend

To test the backend, I will create an S3 bucket and configure the Terraform configuration to use the remote end we just created before.

The backend configuration starts at line 2 and it used all the details from the first step.

Note: The Key is the path of how the backend will be stored in the bucket. It is important you use a meaningful name.

terraform {
  backend "s3" {
    
    bucket         = "sysopsruntime-terraform-state"
    key            = "s3/terraform.tfstate"
    region         = "us-west-2"

    dynamodb_table = "sysopsruntime-terraform-lock"
    encrypt        = true
  }

  required_providers {
    aws = {
      source = "hashicorp/aws"
      version = "3.47.0"
    }
  }
}

provider "aws" {
  region = "ap-southeast-2"
}

locals {
 timest = timestamp()
 fulldate = formatdate( "DDMMMYYYYhhmmZZZ", local.timest )
 time = lower(local.fulldate)
}

resource "aws_s3_bucket" "bucket" {
  bucket = local.time
  acl    = "private"

}

When the code runs, it will show that it used an S3 backend as shown below.

Initializing the backend...
Successfully configured the backend "s3"! Terraform will automatically
use this backend unless the backend configuration changes

After creating the S3 object with a backend the state will appear in the backend S3 bucket.

Posted

in

by

NTW – Content Network