Merge pull request #17776 from haines/s3-backend-docs

Add required DynamoDB IAM permissions for state locking to S3 backend docs
2018-04-04 15:32:46 -04:00 · 2018-04-04 15:32:46 -04:00 · 16d0e1225c
parent 9bf9280c03 b6fbb42be6
commit 16d0e1225c
1 changed files with 29 additions and 1 deletions
--- a/website/docs/backends/types/s3.html.md
+++ b/website/docs/backends/types/s3.html.md
@ -67,6 +67,34 @@ This is seen in the following AWS IAM Statement:
 }
 ```

+### DynamoDB Table Permissions
+
+If you are using state locking, Terraform will need the following AWS IAM
+permissions on the DynamoDB table (`arn:aws:dynamodb:::table/mytable`):
+
+* `dynamodb:GetItem`
+* `dynamodb:PutItem`
+* `dynamodb:DeleteItem`
+
+This is seen in the following AWS IAM Statement:
+
+```json
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "dynamodb:GetItem",
+        "dynamodb:PutItem",
+        "dynamodb:DeleteItem"
+      ],
+      "Resource": "arn:aws:dynamodb:*:*:table/mytable"
+    }
+  ]
+}
+```
+
 ## Using the S3 remote state

 To make use of the S3 remote state we can use the
@ -199,7 +227,7 @@ Your administrative AWS account will contain at least the following items:
  workspace.

 Provide the S3 bucket name and DynamoDB table name to Terraform within the
-S3 backend configuration using the `bucket` and `lock_table` arguments
+S3 backend configuration using the `bucket` and `dynamodb_table` arguments
 respectively, and configure a suitable `workspace_key_prefix` to contain
 the states of the various workspaces that will subsequently be created for
 this configuration.