github.com/pmcatominey/terraform@v0.7.0-rc2.0.20160708105029-1401a52a5cc5/website/source/docs/state/remote/s3.html.md

github.com/pmcatominey/terraform@v0.7.0-rc2.0.20160708105029-1401a52a5cc5/website/source/docs/state/remote/s3.html.md (about)

     1  ---
     2  layout: "remotestate"
     3  page_title: "Remote State Backend: s3"
     4  sidebar_current: "docs-state-remote-s3"
     5  description: |-
     6    Terraform can store the state remotely, making it easier to version and work with in a team.
     7  ---
     8  
     9  # s3
    10  
    11  Stores the state as a given key in a given bucket on [Amazon S3](https://aws.amazon.com/s3/).
    12  
    13  -> **Note:** Passing credentials directly via config options will
    14  make them included in cleartext inside the persisted state.
    15  Use of environment variables or config file is recommended.
    16  
    17  ~> **Warning!** It is highly recommended to enable
    18  [Bucket Versioning](http://docs.aws.amazon.com/AmazonS3/latest/UG/enable-bucket-versioning.html)
    19  on the S3 bucket to allow for state recovery in the case of accidental deletions and human error.
    20  
    21  ## Example Usage
    22  
    23  ```
    24  terraform remote config \
    25  	-backend=s3 \
    26  	-backend-config="bucket=terraform-state-prod" \
    27  	-backend-config="key=network/terraform.tfstate" \
    28  	-backend-config="region=us-east-1"
    29  ```
    30  
    31  ## Example Referencing
    32  
    33  ```
    34  resource "terraform_remote_state" "foo" {
    35  	backend = "s3"
    36  	config {
    37  		bucket = "terraform-state-prod"
    38  		key = "network/terraform.tfstate"
    39  		region = "us-east-1"
    40  	}
    41  }
    42  ```
    43  
    44  ## Configuration variables
    45  
    46  The following configuration options / environment variables are supported:
    47  
    48   * `bucket` - (Required) The name of the S3 bucket
    49   * `key` - (Required) The path where to place/look for state file inside the bucket
    50   * `region` / `AWS_DEFAULT_REGION` - (Optional) The region of the S3 bucket
    51   * `endpoint` / `AWS_S3_ENDPOINT` - (Optional) A custom endpoint for the S3 API
    52   * `encrypt` - (Optional) Whether to enable [server side encryption](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html)
    53      of the state file
    54   * `acl` - [Canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl)
    55      to be applied to the state file.
    56   * `access_key` / `AWS_ACCESS_KEY_ID` - (Optional) AWS access key
    57   * `secret_key` / `AWS_SECRET_ACCESS_KEY` - (Optional) AWS secret key
    58   * `kms_key_id` - (Optional) The ARN of a KMS Key to use for encrypting the state.
    59   * `profile` - (Optional) This is the AWS profile name as set in the shared credentials file.
    60   * `shared_credentials_file`  - (Optional) This is the path to the shared credentials file. If this is not set and a profile is specified, ~/.aws/credentials will be used.
    61   * `token` - (Optional) Use this to set an MFA token. It can also be sourced from the `AWS_SECURITY_TOKEN` environment variable.