Terraform
Configure data object storage
This topic describes how to configure Terraform Enterprise to connect to an external data object service. This step is only required when Terraform Enterprise is configured to operate in external
or active-active
mode. Refer to Data storage settings overview for additional information.
Introduction
Terraform Enterprise stores artifacts that it produces during operation, such as state files, plan files, run logs, and configuration versions, in an S3-compatible storage service. Complete the following steps to configure the connection to an externally-managed data object storage system:
- In your object storage service, create a dedicated user that has permissions to access and manage the storage resources. Refer to the documentation for your object storage service for instructions.
- Configure the connection settings in the Terraform Enterprise deployment configuration.
Requirements
- Any S3-compatible object storage service, GCP Cloud Storage, or Azure blob storage.
- A bucket on the object storage platform for Terraform Enterprise to use. Your infrastructure provider may require the bucket to be in the same region as the Terraform Enterprise instance.
- Disable any lifecycle rules that would delete, archive, or transition objects in the object storage container. Terraform Enterprise expects to manage all data in the object storage service, so any lifecycle operations may result in unexpected data inconsistencies.
Configure connection settings
Add the
TFE_OBJECT_STORAGE_TYPE
variable to the configuration and set one of the following storage types:s3
: Stores objects in an AWS S3 bucket.azure
: Stores objects in an Azure blob.google
: Stores objects in Google's cloud platform.Refer to the
TFE_OBJECT_STORAGE_TYPE
reference documentation for additional information.
Configure the connection settings for the object type.
... env: variables: TFE_OBJECT_STORAGE_TYPE: s3 TFE_OBJECT_STORAGE_S3_BUCKET: <S3 bucket name> TFE_OBJECT_STORAGE_S3_REGION: <S3 region> TFE_OBJECT_STORAGE_S3_USE_INSTANCE_PROFILE: <enables AWS authentication using the pod's credentials> secrets: TFE_OBJECT_STORAGE_S3_ACCESS_KEY_ID: <Required when TFE_OBJECT_STORAGE_S3_USE_INSTANCE_PROFILE is false> TFE_OBJECT_STORAGE_S3_SECRET_ACCESS_KEY: '<Required when TFE_OBJECT_STORAGE_S3_USE_INSTANCE_PROFILE is false>'
Refer to the S3-compatible storage configuration reference for information about all available settings.