backend/s3: Support DynamoDB, IAM, and STS endpoint configurations

This change enables a few related use cases:
* AWS has partitions outside Commercial, GovCloud (US), and China, which are the only endpoints automatically handled by the AWS Go SDK. DynamoDB locking and credential verification can not currently be enabled in those regions.
* Allows usage of any DynamoDB-compatible API for state locking
* Allows usage of any IAM/STS-compatible API for credential verification
This commit is contained in:
Brian Flad 2018-12-07 03:10:51 -05:00
parent e8f9fad0e3
commit 9a3b02cd6c
No known key found for this signature in database
GPG Key ID: EC6252B42B012823
2 changed files with 27 additions and 0 deletions

View File

@ -44,6 +44,13 @@ func New() backend.Backend {
DefaultFunc: schema.EnvDefaultFunc("AWS_DEFAULT_REGION", nil), DefaultFunc: schema.EnvDefaultFunc("AWS_DEFAULT_REGION", nil),
}, },
"dynamodb_endpoint": {
Type: schema.TypeString,
Optional: true,
Description: "A custom endpoint for the DynamoDB API",
DefaultFunc: schema.EnvDefaultFunc("AWS_DYNAMODB_ENDPOINT", ""),
},
"endpoint": { "endpoint": {
Type: schema.TypeString, Type: schema.TypeString,
Optional: true, Optional: true,
@ -51,6 +58,20 @@ func New() backend.Backend {
DefaultFunc: schema.EnvDefaultFunc("AWS_S3_ENDPOINT", ""), DefaultFunc: schema.EnvDefaultFunc("AWS_S3_ENDPOINT", ""),
}, },
"iam_endpoint": {
Type: schema.TypeString,
Optional: true,
Description: "A custom endpoint for the IAM API",
DefaultFunc: schema.EnvDefaultFunc("AWS_IAM_ENDPOINT", ""),
},
"sts_endpoint": {
Type: schema.TypeString,
Optional: true,
Description: "A custom endpoint for the STS API",
DefaultFunc: schema.EnvDefaultFunc("AWS_STS_ENDPOINT", ""),
},
"encrypt": { "encrypt": {
Type: schema.TypeBool, Type: schema.TypeBool,
Optional: true, Optional: true,
@ -252,7 +273,10 @@ func (b *Backend) configure(ctx context.Context) error {
CredsFilename: data.Get("shared_credentials_file").(string), CredsFilename: data.Get("shared_credentials_file").(string),
Profile: data.Get("profile").(string), Profile: data.Get("profile").(string),
Region: data.Get("region").(string), Region: data.Get("region").(string),
DynamoDBEndpoint: data.Get("dynamodb_endpoint").(string),
IamEndpoint: data.Get("iam_endpoint").(string),
S3Endpoint: data.Get("endpoint").(string), S3Endpoint: data.Get("endpoint").(string),
StsEndpoint: data.Get("sts_endpoint").(string),
SecretKey: data.Get("secret_key").(string), SecretKey: data.Get("secret_key").(string),
Token: data.Get("token").(string), Token: data.Get("token").(string),
SkipCredsValidation: data.Get("skip_credentials_validation").(bool), SkipCredsValidation: data.Get("skip_credentials_validation").(bool),

View File

@ -172,6 +172,9 @@ The following configuration options or environment variables are supported:
* `workspace_key_prefix` - (Optional) The prefix applied to the state path * `workspace_key_prefix` - (Optional) The prefix applied to the state path
inside the bucket. This is only relevant when using a non-default workspace. inside the bucket. This is only relevant when using a non-default workspace.
This defaults to "env:" This defaults to "env:"
* `dynamodb_endpoint` / `AWS_DYNAMODB_ENDPOINT` - (Optional) A custom endpoint for the DynamoDB API.
* `iam_endpoint` / `AWS_IAM_ENDPOINT` - (Optional) A custom endpoint for the IAM API.
* `sts_endpoint` / `AWS_STS_ENDPOINT` - (Optional) A custom endpoint for the STS API.
* `skip_credentials_validation` - (Optional) Skip the credentials validation via the STS API. * `skip_credentials_validation` - (Optional) Skip the credentials validation via the STS API.
* `skip_get_ec2_platforms` - (Optional) Skip getting the supported EC2 platforms. * `skip_get_ec2_platforms` - (Optional) Skip getting the supported EC2 platforms.
* `skip_region_validation` - (Optional) Skip validation of provided region name. * `skip_region_validation` - (Optional) Skip validation of provided region name.