Has anyone figured out how to configure terraform remote state to work with spaces by using its s3 driver. I have got other things that use s3 to work with spaces but have failed with terraform so far
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
×Works great for me too :) this is the config I used :
Question
terraform {
required_version = ">= 0.11, < 0.12"
backend "s3" {
skip_requesting_account_id = true
skip_credentials_validation = true
skip_get_ec2_platforms = true
skip_metadata_api_check = true
access_key = "XXXXXXXXX"
secret_key = "XXXXXXXXXXXXXXXXXXXXXXXXX"
endpoint = "https://xxx.digitaloceanspaces.com"
region = "us-east-1"
bucket = "XXXXXXX" // name of your space
key = "production/terraform.tfstate"
}
}
A future release of terraform should support using other s3 compatible backends like Spaces but none of the currently available versions(v0.10.7 is the current latest) will work.
I was able to configure terraform to store remote state in Spaces by building terraform from source and using the config
terraform {
backend "s3" {
bucket = "tfstate-bucket"
key = "path/terraform.tfstate"
region = "us-east-1"
endpoint = "https://nyc3.digitaloceanspaces.com"
access_key = "redacted"
secret_key = "redacted"
skip_credentials_validation = true
skip_get_ec2_platforms = true
skip_requesting_account_id = true
skip_metadata_api_check = true
}
}
Note the region key is set to a known s3 region. Attempting to use an unknown region still causes terraform to complain
I’m not sure how file-based encryption works, but buckets are encrypted on disk-level:
Files you store in Spaces are encrypted on physical disks with 256-bit AES-XTS full-disk encryption.
See “Secure, Reliable, and Performant” header at https://www.digitalocean.com/blog/introducing-spaces-object-storage/