Merge pull request #17776 from haines/s3-backend-docs
Add required DynamoDB IAM permissions for state locking to S3 backend docs
This commit is contained in:
commit
16d0e1225c
|
@ -67,6 +67,34 @@ This is seen in the following AWS IAM Statement:
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
|
### DynamoDB Table Permissions
|
||||||
|
|
||||||
|
If you are using state locking, Terraform will need the following AWS IAM
|
||||||
|
permissions on the DynamoDB table (`arn:aws:dynamodb:::table/mytable`):
|
||||||
|
|
||||||
|
* `dynamodb:GetItem`
|
||||||
|
* `dynamodb:PutItem`
|
||||||
|
* `dynamodb:DeleteItem`
|
||||||
|
|
||||||
|
This is seen in the following AWS IAM Statement:
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"Version": "2012-10-17",
|
||||||
|
"Statement": [
|
||||||
|
{
|
||||||
|
"Effect": "Allow",
|
||||||
|
"Action": [
|
||||||
|
"dynamodb:GetItem",
|
||||||
|
"dynamodb:PutItem",
|
||||||
|
"dynamodb:DeleteItem"
|
||||||
|
],
|
||||||
|
"Resource": "arn:aws:dynamodb:*:*:table/mytable"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
## Using the S3 remote state
|
## Using the S3 remote state
|
||||||
|
|
||||||
To make use of the S3 remote state we can use the
|
To make use of the S3 remote state we can use the
|
||||||
|
@ -199,7 +227,7 @@ Your administrative AWS account will contain at least the following items:
|
||||||
workspace.
|
workspace.
|
||||||
|
|
||||||
Provide the S3 bucket name and DynamoDB table name to Terraform within the
|
Provide the S3 bucket name and DynamoDB table name to Terraform within the
|
||||||
S3 backend configuration using the `bucket` and `lock_table` arguments
|
S3 backend configuration using the `bucket` and `dynamodb_table` arguments
|
||||||
respectively, and configure a suitable `workspace_key_prefix` to contain
|
respectively, and configure a suitable `workspace_key_prefix` to contain
|
||||||
the states of the various workspaces that will subsequently be created for
|
the states of the various workspaces that will subsequently be created for
|
||||||
this configuration.
|
this configuration.
|
||||||
|
|
Loading…
Reference in New Issue