From 9a3b02cd6ca8a7a72798ff1c39e3c6c563dd4986 Mon Sep 17 00:00:00 2001 From: Brian Flad Date: Fri, 7 Dec 2018 03:10:51 -0500 Subject: [PATCH] backend/s3: Support DynamoDB, IAM, and STS endpoint configurations This change enables a few related use cases: * AWS has partitions outside Commercial, GovCloud (US), and China, which are the only endpoints automatically handled by the AWS Go SDK. DynamoDB locking and credential verification can not currently be enabled in those regions. * Allows usage of any DynamoDB-compatible API for state locking * Allows usage of any IAM/STS-compatible API for credential verification --- backend/remote-state/s3/backend.go | 24 ++++++++++++++++++++++++ website/docs/backends/types/s3.html.md | 3 +++ 2 files changed, 27 insertions(+) diff --git a/backend/remote-state/s3/backend.go b/backend/remote-state/s3/backend.go index 288c2043b..93a505048 100644 --- a/backend/remote-state/s3/backend.go +++ b/backend/remote-state/s3/backend.go @@ -44,6 +44,13 @@ func New() backend.Backend { DefaultFunc: schema.EnvDefaultFunc("AWS_DEFAULT_REGION", nil), }, + "dynamodb_endpoint": { + Type: schema.TypeString, + Optional: true, + Description: "A custom endpoint for the DynamoDB API", + DefaultFunc: schema.EnvDefaultFunc("AWS_DYNAMODB_ENDPOINT", ""), + }, + "endpoint": { Type: schema.TypeString, Optional: true, @@ -51,6 +58,20 @@ func New() backend.Backend { DefaultFunc: schema.EnvDefaultFunc("AWS_S3_ENDPOINT", ""), }, + "iam_endpoint": { + Type: schema.TypeString, + Optional: true, + Description: "A custom endpoint for the IAM API", + DefaultFunc: schema.EnvDefaultFunc("AWS_IAM_ENDPOINT", ""), + }, + + "sts_endpoint": { + Type: schema.TypeString, + Optional: true, + Description: "A custom endpoint for the STS API", + DefaultFunc: schema.EnvDefaultFunc("AWS_STS_ENDPOINT", ""), + }, + "encrypt": { Type: schema.TypeBool, Optional: true, @@ -252,7 +273,10 @@ func (b *Backend) configure(ctx context.Context) error { CredsFilename: data.Get("shared_credentials_file").(string), Profile: data.Get("profile").(string), Region: data.Get("region").(string), + DynamoDBEndpoint: data.Get("dynamodb_endpoint").(string), + IamEndpoint: data.Get("iam_endpoint").(string), S3Endpoint: data.Get("endpoint").(string), + StsEndpoint: data.Get("sts_endpoint").(string), SecretKey: data.Get("secret_key").(string), Token: data.Get("token").(string), SkipCredsValidation: data.Get("skip_credentials_validation").(bool), diff --git a/website/docs/backends/types/s3.html.md b/website/docs/backends/types/s3.html.md index 92bd11551..5c5c101d3 100644 --- a/website/docs/backends/types/s3.html.md +++ b/website/docs/backends/types/s3.html.md @@ -172,6 +172,9 @@ The following configuration options or environment variables are supported: * `workspace_key_prefix` - (Optional) The prefix applied to the state path inside the bucket. This is only relevant when using a non-default workspace. This defaults to "env:" + * `dynamodb_endpoint` / `AWS_DYNAMODB_ENDPOINT` - (Optional) A custom endpoint for the DynamoDB API. + * `iam_endpoint` / `AWS_IAM_ENDPOINT` - (Optional) A custom endpoint for the IAM API. + * `sts_endpoint` / `AWS_STS_ENDPOINT` - (Optional) A custom endpoint for the STS API. * `skip_credentials_validation` - (Optional) Skip the credentials validation via the STS API. * `skip_get_ec2_platforms` - (Optional) Skip getting the supported EC2 platforms. * `skip_region_validation` - (Optional) Skip validation of provided region name.