@pepperize/cdk-terraform-state-backend

AWS CDK Terraform state backend

This project provides a CDK construct bootstrapping an AWS account with a S3 Bucket and a DynamoDB table as Terraform state backend.

Terraform doesn't come shipped with a cli command bootstrapping the account for State Storage and Locking like AWS CDK provides with cdk bootstrap. While bootstrapping the AWS Organization and Accounts this construct may be used to create:

• S3 Bucket with blocked public access, versioned, encrypted by SSE-S3
• DynamoDB Table with pay per request, continuous backups using point-in-time recovery, encrypted by AWS owned key
• IAM Policy with read/write access to the created S3 Bucket and DynamoDB Table

See API.md

Install

TypeScript

npm install @pepperize/cdk-terraform-state-backend

or

yarn add @pepperize/cdk-terraform-state-backend

Python

pip install pepperize.cdk-terraform-state-backend

C# / .Net

dotnet add package Pepperize.CDK.TerraformStateBackend

Java

<dependency>
  <groupId>com.pepperize</groupId>
  <artifactId>cdk-terraform-state-backend</artifactId>
  <version>${cdkTerraformStateBackend.version}</version>
</dependency>

Example

import { App, Stack } from "aws-cdk-lib";
import { TerraformStateBackend } from "@pepperize/cdk-terraform-state-backend";

const app = new App();
const stack = new Stack(app, "stack", {
  env: {
    account: "123456789012",
    region: "us-east-1",
  },
});

// When
new TerraformStateBackend(stack, "TerraformStateBackend", {
  bucketName: "terraform-state-backend",
  tableName: "terraform-state-backend",
});

terraform {
  backend "s3" {
    bucket = "terraform-state-backend-123456789012-us-east-1"
    dynamodb_table = "terraform-state-backend-123456789012"
    key = "path/to/my/key"
    region = "us-east-1"
  }
}

See Terraform S3 Example Configuration