Terraform workspace states in different s3 buckets?

2
votes

I use terraform to provision resources in dev and prod environments. These environments live on two different aws accounts. I had my state locally but I want to push it to s3 now. The problem is that terraform stores the state for the def and prod envs in the same s3 bucket is it possible to separate them? If not what are some alternative solutions without splitting my terraform codebase?

2
terraformterraform-provider-aws
Terraform will store the state wherever you set it to be. How are you configuring your state?ydaetskcoR
I currently just hardcode the bucket name. Ideally i'd like to use some kind of variable like local.env for this purpose, but I can't find a nice way to do it...Lau
You can't use interpolation in the backend configuration because the backend needs to be configured before that part of the code base runs. If you need variable state configuration (you do) then you should consider using a wrapper script or something like Terragrunt.ydaetskcoR
@ydaetskcoR That makes sense. If I only need to pass a simple variable (aws-account name) to the terraform before the backend configuration what's the best way to do it?Lau
This helped me a lot! github.com/hashicorp/terraform/pull/…A Campos

2 Answers

0
votes

I have a bash wrapper around terraform and create a state file per account for separation of concerns. I also break the automation into many components to keep the state small so that performance does not suffer and downloading and uploading the state to the bucket :

function set_backend () {
    local STATE_PATH=$1
    if [[ $BACKEND == "s3" ]]; then
        cat << EOF > ./backend.tf
terraform {
  backend "s3" {
    bucket = "${TF_VAR_state_bucket}"
    dynamodb_table = "${DYNAMODB_STATE_TABLE}"
    key    = "terraform/$STATE_PATH/terraform.tfstate"
    region = "$REGION"
    encrypt = "true"
  }
}
provider "aws" {
  region  = "$REGION"
  version = "1.51.0"
}
provider "aws" {
  region  = "$DR_REGION"
  version = "1.51.0"
  alias = "dr"
}
provider "archive" { version = "1.1.0" }
provider "external" { version = "1.0.0" }
provider "local" { version = "1.1.0" }
provider "null" { version = "1.0.0" }
provider "random" { version = "2.0.0" }
provider "template" { version = "1.0.0" }
provider "tls" { version = "1.2.0" }
EOF
    fi
}
0
votes

Terragrunt is a great tool to use for managing terraform state files for different environments and to store state files in different buckets, instead of to use terraform workspace.

Useful links, https://transcend.io/blog/why-we-use-terragrunt

https://blog.gruntwork.io/how-to-manage-terraform-state-28f5697e68fa