Skip to content

Terraform & Provider block

terraform {
  backend "s3" {
    bucket         = "my-terraform-state"
    key            = "terraform.tfstate"
    region         = "us-east-1"
    encrypt        = true
    dynamodb_table = "my-terraform-state-lock"
    profile        = "my-aws-profile"
    shared_credentials_file = "/path/to/credentials/file"
    skip_get_ec2_platforms = true
    skip_region_validation  = true
  }

  required_version = ">= 0.14.0"
  required_providers {
    aws = {
      source = "hashicorp/aws"
      version = "~> 3.0"
      configuration_aliases = [
        "aws.region",
        "aws.access_key",
        "aws.secret_key"
      ]
    }
  }

  provider "aws" {
    region = "us-west-2"
    access_key = "my-access-key"
    secret_key = "my-secret-key"
    profile = "my-aws-profile"
    shared_credentials_file = "/path/to/credentials/file"
    token = "my-aws-token"
    assume_role {
      role_arn = "arn:aws:iam::123456789012:role/my-role"
      session_name = "my-session-name"
      external_id = "my-external-id"
      policy = jsonencode({
        Version = "2012-10-17"
        Statement = [
          {
            Action = "sts:AssumeRole"
            Effect = "Allow"
            Principal = {
              AWS = "arn:aws:iam::123456789012:user/my-user"
            }
          }
        ]
      })
    }
    endpoints {
      dynamodb = "<http://localhost:8000>"
      ec2 = "<http://localhost:8001>"
    }
    ignore_tag_prefixes = [
      "aws:"
    ]
    max_retries = 10
    retry_sleep {
      min = 1000
      max = 5000
    }
    skip_metadata_api_check = true
    skip_region_validation = true
    skip_credentials_validation = true
    ssl_insecure = true
  }

  experimental_features {
    provider_aliases = true
    module_request = true
  }

  disable_checkpoint = true

  post_processors {
    "applying" {
      commands = ["echo 'Applied!'"]
    }
    "planning" {
      commands = ["echo 'Planning!'"]
    }
  }

  dependency "jenkins" {
    config_path = "./jenkins.tf"
  }

  dependency "vpc" {
    config_path = "./vpc.tf"
  }
}

This terraform block includes a variety of attributes that can be used to configure Terraform, including:

  • backend: Specifies the backend that Terraform should use to store state data. In this case, we're using an S3 backend with encryption and a DynamoDB table for locking. We're also specifying an AWS profile and credentials file to use, as well as skipping the region validation and EC2 platform retrieval.
  • required_version: Specifies the minimum version of Terraform that should be used.
  • required_providers: Specifies the version of the AWS provider that should be used, as well as any configuration aliases.
  • provider: Configures the AWS provider, including the region, access key, and secret key to use. We're also specifying an AWS profile and credentials file, as well as an IAM role to assume, endpoints to use, and various validation options.
  • experimental_features: Enables various experimental features of Terraform, including provider aliases and module requests.
  • disable_checkpoint: Disables the Terraform checkpoint feature, which periodically saves state data to disk during apply operations.
  • post_processors: Specifies commands to be executed after apply and plan operations, respectively.
  • dependency: Specifies dependencies between Terraform configurations.

Note that not all of these attributes may be relevant or necessary for your specific use case, and it's important to carefully consider the implications of each configuration option.