Allow replication of state s3 buckets

gruntwork-io / terragrunt

Terragrunt is a flexible orchestration tool that allows Infrastructure as Code written in OpenTofu/Terraform to scale.

https://terragrunt.gruntwork.io/

MIT License

8.1k stars 986 forks source link

Allow replication of state s3 buckets #859

Closed dmattia closed 5 years ago

dmattia commented 5 years ago

Cross-Region Replication is necessary for my team to achieve SOC2 compliance.

This entails adding a block such as:

replication_configuration {
    role = module.tf_state_replica.role_arn

    rules {
      id     = "FullReplica"
      prefix = ""
      status = "Enabled"

      destination {
        bucket        = module.tf_state_replica.bucket_arn
        storage_class = "STANDARD_IA"
      }
    }
  }

to the s3 bucket and having another bucket created in a different region.

https://docs.aws.amazon.com/AmazonS3/latest/dev/crr.html

dmattia commented 5 years ago

As a current work around, I am creating the replica bucket in a module, having all other modules depend on that module, and then manually going into the aws console to update the replication settings of my state buckets

brikis98 commented 5 years ago

Are you asking if the S3 bucket created by Auto Init in Terragrunt can configure replication for the bucket too? If so, that strikes me as a bit too advanced for Terragrunt's Auto Init. At that point, you're better off creating the S3 bucket in Terraform, initially with a local backend, and once the bucket works the way you want, switch that Terraform module and all your other modules to use the S3 bucket as a backend.

dmattia commented 5 years ago

That is what I was asking. Would this be something you would even be open to a PR for, or would you rather it not be in the project at all?

brikis98 commented 5 years ago

As I said:

If so, that strikes me as a bit too advanced for Terragrunt's Auto Init.

I think this would be better handled outside of Terragrunt.