resilien
/
terraform
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
terraform/website/docs/backends/types/gcs.html.md

2.9 KiB
Raw Blame History

layout page_title sidebar_current description
backend-types Backend Type: gcs docs-backends-types-standard-gcs Terraform can store the state remotely, making it easier to version and work with in a team.

gcs

Kind: Standard (with locking)

Stores the state as an object in a configurable prefix in a given bucket on Google Cloud Storage (GCS). This backend also supports state locking.

~> Warning! It is highly recommended that you enable Object Versioning on the GCS bucket to allow for state recovery in the case of accidental deletions and human error.

Example Configuration

terraform {
  backend "gcs" {
    bucket  = "tf-state-prod"
    prefix  = "terraform/state"
  }
}

Data Source Configuration

data "terraform_remote_state" "foo" {
  backend = "gcs"
  config = {
    bucket  = "terraform-state"
    prefix  = "prod"
  }
}

resource "template_file" "bar" {
  template = "${greeting}"

  vars {
    greeting = "${data.terraform_remote_state.foo.greeting}"
  }
}

Configuration variables

The following configuration options are supported:

  • bucket - (Required) The name of the GCS bucket. This name must be globally unique. For more information, see Bucket Naming Guidelines.
  • credentials / GOOGLE_BACKEND_CREDENTIALS / GOOGLE_CREDENTIALS - (Optional) Local path to Google Cloud Platform account credentials in JSON format. If unset, Google Application Default Credentials are used. The provided credentials need to have the devstorage.read_write scope and WRITER permissions on the bucket. Warning: if using the Google Cloud Platform provider as well, it will also pick up the GOOGLE_CREDENTIALS environment variable.
  • access_token - (Optional) A temporary [OAuth 2.0 access token] obtained from the Google Authorization server, i.e. the Authorization: Bearer token used to authenticate HTTP requests to GCP APIs. This is an alternative to credentials. If both are specified, access_token will be used over the credentials field.
  • prefix - (Optional) GCS prefix inside the bucket. Named states for workspaces are stored in an object called <prefix>/<name>.tfstate.
  • path - (Deprecated) GCS path to the state file of the default state. For backwards compatibility only, use prefix instead.
  • encryption_key / GOOGLE_ENCRYPTION_KEY - (Optional) A 32 byte base64 encoded 'customer supplied encryption key' used to encrypt all state. For more information see Customer Supplied Encryption Keys.