Merge pull request #17776 from haines/s3-backend-docs
Add required DynamoDB IAM permissions for state locking to S3 backend docs
This commit is contained in:
commit
16d0e1225c
|
@ -67,6 +67,34 @@ This is seen in the following AWS IAM Statement:
|
|||
}
|
||||
```
|
||||
|
||||
### DynamoDB Table Permissions
|
||||
|
||||
If you are using state locking, Terraform will need the following AWS IAM
|
||||
permissions on the DynamoDB table (`arn:aws:dynamodb:::table/mytable`):
|
||||
|
||||
* `dynamodb:GetItem`
|
||||
* `dynamodb:PutItem`
|
||||
* `dynamodb:DeleteItem`
|
||||
|
||||
This is seen in the following AWS IAM Statement:
|
||||
|
||||
```json
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"dynamodb:GetItem",
|
||||
"dynamodb:PutItem",
|
||||
"dynamodb:DeleteItem"
|
||||
],
|
||||
"Resource": "arn:aws:dynamodb:*:*:table/mytable"
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
## Using the S3 remote state
|
||||
|
||||
To make use of the S3 remote state we can use the
|
||||
|
@ -199,7 +227,7 @@ Your administrative AWS account will contain at least the following items:
|
|||
workspace.
|
||||
|
||||
Provide the S3 bucket name and DynamoDB table name to Terraform within the
|
||||
S3 backend configuration using the `bucket` and `lock_table` arguments
|
||||
S3 backend configuration using the `bucket` and `dynamodb_table` arguments
|
||||
respectively, and configure a suitable `workspace_key_prefix` to contain
|
||||
the states of the various workspaces that will subsequently be created for
|
||||
this configuration.
|
||||
|
|
Loading…
Reference in New Issue