Open WilliamABradley opened 1 year ago
Thanks for this feature request!
I wonder why this isn't already possible. :thinking:
The counterpart to this feature (using regular variables in backend configs) is obviously much more complicated to implement, but adding a namespace for reading out backend configurations shouldn't be that hard to implement? I mean, Terraform is already referencing the backend when planning or applying, so why not expose it to scripts?
One very useful example would be creating IAM policies based on the backend config:
terraform {
backend "s3" {
# backend config is in backend.tfvars
}
}
data "aws_iam_policy_document" "tfstate" {
statement {
actions = ["s3:ListBucket"]
resources = [backend.s3.config.bucket]
}
statement {
actions = [
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject",
]
resources = [
"${backend.s3.config.bucket}/${backend.s3.config.key}",
]
}
}
Terraform Version
Use Cases
The idea behind this is the ability to change how Terraform names things based on the environment.
Currently, you can do this but you need to ask a variable for the environment when you plan/apply, but this could be inferred from the backend's AWS Profile, as an example.
Attempted Solutions
It is doable, but you have to set the environment separately, when a bunch of this can be inferred.
(Those backend configs have been inlined, we store them in
./staging.hcl
for ease of use)Proposal
These proposals ease the effort of plans/applies, at the cost of some magic 🪄 However, a side benefit is that you can guarantee that you don't mismatch the state file and the ENVIRONMENT variable.
Alternative:
References
No response