Terraform
COS
Stores the state as an object in a configurable prefix in a given bucket on Tencent Cloud Object Storage (COS).
This backend supports state locking.
Warning! It is highly recommended that you enable Object Versioning on the COS bucket to allow for state recovery in the case of accidental deletions and human error.
Example Configuration
terraform {
backend "cos" {
region = "ap-guangzhou"
bucket = "bucket-for-terraform-state-1258798060"
prefix = "terraform/state"
}
}
This assumes we have a COS Bucket created named bucket-for-terraform-state-1258798060
,
Terraform state will be written into the file terraform/state/terraform.tfstate
.
Data Source Configuration
To make use of the COS remote state in another configuration, use the terraform_remote_state
data source.
data "terraform_remote_state" "foo" {
backend = "cos"
config = {
region = "ap-guangzhou"
bucket = "bucket-for-terraform-state-1258798060"
prefix = "terraform/state"
}
}
Configuration Variables
Warning: We recommend using environment variables to supply credentials and other sensitive data. If you use -backend-config
or hardcode these values directly in your configuration, Terraform will include these values in both the .terraform
subdirectory and in plan files. Refer to Credentials and Sensitive Data for details.
The following configuration options or environment variables are supported:
secret_id
- (Optional) Secret id of Tencent Cloud. It supports environment variablesTENCENTCLOUD_SECRET_ID
.secret_key
- (Optional) Secret key of Tencent Cloud. It supports environment variablesTENCENTCLOUD_SECRET_KEY
.region
- (Optional) The region of the COS bucket. It supports environment variablesTENCENTCLOUD_REGION
.bucket
- (Required) The name of the COS bucket. You shall manually create it first.prefix
- (Optional) The directory for saving the state file in bucket. Default to "env:".key
- (Optional) The path for saving the state file in bucket. Defaults toterraform.tfstate
.encrypt
- (Optional) Whether to enable server side encryption of the state file. If it is true, COS will use 'AES256' encryption algorithm to encrypt state file.acl
- (Optional) Object ACL to be applied to the state file, allowsprivate
andpublic-read
. Defaults toprivate
.