github.com/pulumi/terraform@v1.4.0/website/docs/language/settings/backends/cos.mdx (about)

     1  ---
     2  page_title: 'Backend Type: cos'
     3  description: >-
     4    Terraform can store the state remotely, making it easier to version and work
     5    with in a team.
     6  ---
     7  
     8  # COS
     9  
    10  Stores the state as an object in a configurable prefix in a given bucket on [Tencent Cloud Object Storage](https://intl.cloud.tencent.com/product/cos) (COS).
    11  
    12  This backend supports [state locking](/language/state/locking).
    13  
    14  ~> **Warning!** It is highly recommended that you enable [Object Versioning](https://intl.cloud.tencent.com/document/product/436/19883)
    15  on the COS bucket to allow for state recovery in the case of accidental deletions and human error.
    16  
    17  ## Example Configuration
    18  
    19  ```hcl
    20  terraform {
    21    backend "cos" {
    22      region = "ap-guangzhou"
    23      bucket = "bucket-for-terraform-state-1258798060"
    24      prefix = "terraform/state"
    25    }
    26  }
    27  ```
    28  
    29  This assumes we have a [COS Bucket](https://registry.terraform.io/providers/tencentcloudstack/tencentcloud/latest/docs/resources/cos_bucket) created named `bucket-for-terraform-state-1258798060`,
    30  Terraform state will be written into the file `terraform/state/terraform.tfstate`.
    31  
    32  ## Data Source Configuration
    33  
    34  To make use of the COS remote state in another configuration, use the [`terraform_remote_state` data source](/language/state/remote-state-data).
    35  
    36  ```hcl
    37  data "terraform_remote_state" "foo" {
    38    backend = "cos"
    39  
    40    config = {
    41      region = "ap-guangzhou"
    42      bucket = "bucket-for-terraform-state-1258798060"
    43      prefix = "terraform/state"
    44    }
    45  }
    46  ```
    47  
    48  ## Configuration Variables
    49  
    50  !> **Warning:**  We recommend using environment variables to supply credentials and other sensitive data. If you use `-backend-config` or hardcode these values directly in your configuration, Terraform will include these values in both the `.terraform` subdirectory and in plan files. Refer to [Credentials and Sensitive Data](/language/settings/backends/configuration#credentials-and-sensitive-data) for details.
    51  
    52  The following configuration options or environment variables are supported:
    53  
    54  - `secret_id` - (Optional) Secret id of Tencent Cloud. It supports environment variables `TENCENTCLOUD_SECRET_ID`.
    55  - `secret_key` - (Optional) Secret key of Tencent Cloud. It supports environment variables `TENCENTCLOUD_SECRET_KEY`.
    56  - `security_token` - (Optional) TencentCloud Security Token of temporary access credentials. It supports environment variables `TENCENTCLOUD_SECURITY_TOKEN`.
    57  - `region` - (Optional) The region of the COS bucket. It supports environment variables `TENCENTCLOUD_REGION`.
    58  - `bucket` - (Required) The name of the COS bucket. You shall manually create it first.
    59  - `prefix` - (Optional) The directory for saving the state file in bucket. Default to "env:".
    60  - `key` - (Optional) The path for saving the state file in bucket. Defaults to `terraform.tfstate`.
    61  - `encrypt` - (Optional) Whether to enable server side encryption of the state file. If it is true, COS will use 'AES256' encryption algorithm to encrypt state file.
    62  - `acl` - (Optional) Object ACL to be applied to the state file, allows `private` and `public-read`. Defaults to `private`.
    63  - `accelerate` - (Optional) Whether to enable global Acceleration. Defaults to `false`.
    64  
    65  ### Assume Role
    66  If provided with an assume role, Terraform will attempt to assume this role using the supplied credentials.
    67  Assume role can be provided by adding an `assume_role` block in the cos backend block.
    68  
    69  - `assume_role` - (Optional) The `assume_role` block. If provided, terraform will attempt to assume this role using the supplied credentials.
    70  
    71  The details of `assume_role` block as following:
    72  - `role_arn` - (Required) The ARN of the role to assume. It can be sourced from the `TENCENTCLOUD_ASSUME_ROLE_ARN`.
    73  - `session_name` - (Required) The session name to use when making the AssumeRole call. It can be sourced from the `TENCENTCLOUD_ASSUME_ROLE_SESSION_NAME`.
    74  - `session_duration` - (Required) The duration of the session when making the AssumeRole call. Its value ranges from 0 to 43200(seconds), and default is 7200 seconds. It can be sourced from the `TENCENTCLOUD_ASSUME_ROLE_SESSION_DURATION`.
    75  - `policy` - (Optional) A more restrictive policy when making the AssumeRole call. Its content must not contains `principal` elements. Notice: more syntax references, please refer to: [policies syntax logic](https://intl.cloud.tencent.com/document/product/598/10603).
    76  
    77  Usage:
    78  
    79  ```hcl
    80  terraform {
    81    backend "cos" {
    82      region = "ap-guangzhou"
    83      bucket = "bucket-for-terraform-state-{appid}"
    84      prefix = "terraform/state"
    85      assume_role {
    86        role_arn = "qcs::cam::uin/xxx:roleName/yyy"
    87        session_name = "my-session-name"
    88        session_duration = 3600
    89      }
    90    }
    91  }
    92  ```
    93  
    94  In addition, these `assume_role` configurations can also be provided by environment variables.
    95  
    96  Usage:
    97  
    98  ```shell
    99  $ export TENCENTCLOUD_SECRET_ID="my-secret-id"
   100  $ export TENCENTCLOUD_SECRET_KEY="my-secret-key"
   101  $ export TENCENTCLOUD_REGION="ap-guangzhou"
   102  $ export TENCENTCLOUD_ASSUME_ROLE_ARN="qcs::cam::uin/xxx:roleName/yyy"
   103  $ export TENCENTCLOUD_ASSUME_ROLE_SESSION_NAME="my-session-name"
   104  $ export TENCENTCLOUD_ASSUME_ROLE_SESSION_DURATION=3600
   105  $ terraform plan
   106  ```