Go: DataTerraformRemoteStateS3Config

Initializer

import "github.com/open-constructs/cdk-terrain-go/cdktn"

&cdktn.DataTerraformRemoteStateS3Config {
	Defaults: *map[string]interface{},
	Workspace: *string,
	Bucket: *string,
	Key: *string,
	AccessKey: *string,
	Acl: *string,
	AllowedAccountIds: *[]*string,
	AssumeRole: github.com/open-constructs/cdk-terrain-go/cdktn.S3BackendAssumeRoleConfig,
	AssumeRolePolicy: *string,
	AssumeRolePolicyArns: *[]*string,
	AssumeRoleTags: *map[string]*string,
	AssumeRoleTransitiveTagKeys: *[]*string,
	AssumeRoleWithWebIdentity: github.com/open-constructs/cdk-terrain-go/cdktn.S3BackendAssumeRoleWithWebIdentityConfig,
	CustomCaBundle: *string,
	DynamodbEndpoint: *string,
	DynamodbTable: *string,
	Ec2MetadataServiceEndpoint: *string,
	Ec2MetadataServiceEndpointMode: *string,
	Encrypt: *bool,
	Endpoint: *string,
	Endpoints: github.com/open-constructs/cdk-terrain-go/cdktn.S3BackendEndpointConfig,
	ExternalId: *string,
	ForbiddenAccountIds: *[]*string,
	ForcePathStyle: *bool,
	HttpProxy: *string,
	HttpsProxy: *string,
	IamEndpoint: *string,
	Insecure: *bool,
	KmsKeyId: *string,
	MaxRetries: *f64,
	NoProxy: *string,
	Profile: *string,
	Region: *string,
	RetryMode: *string,
	RoleArn: *string,
	SecretKey: *string,
	SessionName: *string,
	SharedConfigFiles: *[]*string,
	SharedCredentialsFile: *string,
	SharedCredentialsFiles: *[]*string,
	SkipCredentialsValidation: *bool,
	SkipMetadataApiCheck: *bool,
	SkipRegionValidation: *bool,
	SkipRequestingAccountId: *bool,
	SkipS3Checksum: *bool,
	SseCustomerKey: *string,
	StsEndpoint: *string,
	StsRegion: *string,
	Token: *string,
	UseLegacyWorkflow: *bool,
	UsePathStyle: *bool,
	WorkspaceKeyPrefix: *string,
}

Properties

Name	Type	Description
`Defaults`	`*map[string]interface{}`	No description.
`Workspace`	`*string`	No description.
`Bucket`	`*string`	Name of the S3 Bucket.
`Key`	`*string`	Path to the state file inside the S3 Bucket.
`AccessKey`	`*string`	(Optional) AWS access key.
`Acl`	`*string`	(Optional) Canned ACL to be applied to the state file.
`AllowedAccountIds`	`[]string`	(Optional) List of allowed AWS account IDs to prevent potential destruction of a live environment.
`AssumeRole`	`S3BackendAssumeRoleConfig`	Assuming an IAM Role can be configured in two ways.
`AssumeRolePolicy`	`*string`	(Optional) IAM Policy JSON describing further restricting permissions for the IAM Role being assumed.
`AssumeRolePolicyArns`	`[]string`	(Optional) Set of Amazon Resource Names (ARNs) of IAM Policies describing further restricting permissions for the IAM Role being assumed.
`AssumeRoleTags`	`map[string]string`	(Optional) Map of assume role session tags.
`AssumeRoleTransitiveTagKeys`	`[]string`	(Optional) Set of assume role session tag keys to pass to any subsequent sessions.
`AssumeRoleWithWebIdentity`	`S3BackendAssumeRoleWithWebIdentityConfig`	Assume Role With Web Identity Configuration.
`CustomCaBundle`	`*string`	(Optional) File containing custom root and intermediate certificates.
`DynamodbEndpoint`	`*string`	(Optional) Custom endpoint for the AWS DynamoDB API.
`DynamodbTable`	`*string`	(Optional) Name of DynamoDB Table to use for state locking and consistency.
`Ec2MetadataServiceEndpoint`	`*string`	Optional) Custom endpoint URL for the EC2 Instance Metadata Service (IMDS) API.
`Ec2MetadataServiceEndpointMode`	`*string`	(Optional) Mode to use in communicating with the metadata service.
`Encrypt`	`*bool`	(Optional) Enable server side encryption of the state file.
`Endpoint`	`*string`	(Optional) Custom endpoint for the AWS S3 API.
`Endpoints`	`S3BackendEndpointConfig`	(Optional) The endpoint configuration block.
`ExternalId`	`*string`	(Optional) External identifier to use when assuming the role.
`ForbiddenAccountIds`	`[]string`	(Optional) List of forbidden AWS account IDs to prevent potential destruction of a live environment.
`ForcePathStyle`	`*bool`	(Optional) Enable path-style S3 URLs (https://< HOST >/< BUCKET > instead of https://< BUCKET >.< HOST >).
`HttpProxy`	`*string`	(Optional) URL of a proxy to use for HTTP requests when accessing the AWS API.
`HttpsProxy`	`*string`	(Optional) URL of a proxy to use for HTTPS requests when accessing the AWS API.
`IamEndpoint`	`*string`	(Optional) Custom endpoint for the AWS Identity and Access Management (IAM) API.
`Insecure`	`*bool`	Optional) Whether to explicitly allow the backend to perform “insecure” SSL requests.
`KmsKeyId`	`*string`	(Optional) Amazon Resource Name (ARN) of a Key Management Service (KMS) Key to use for encrypting the state.
`MaxRetries`	`*f64`	(Optional) The maximum number of times an AWS API request is retried on retryable failure.
`NoProxy`	`*string`	(Optional) Comma-separated list of hosts that should not use HTTP or HTTPS proxies.
`Profile`	`*string`	(Optional) Name of AWS profile in AWS shared credentials file (e.g. ~/.aws/credentials) or AWS shared configuration file (e.g. ~/.aws/config) to use for credentials and/or configuration. This can also be sourced from the AWS_PROFILE environment variable.
`Region`	`*string`	AWS Region of the S3 Bucket and DynamoDB Table (if used).
`RetryMode`	`*string`	(Optional) Specifies how retries are attempted.
`RoleArn`	`*string`	(Optional) Amazon Resource Name (ARN) of the IAM Role to assume.
`SecretKey`	`*string`	(Optional) AWS secret access key.
`SessionName`	`*string`	(Optional) Session name to use when assuming the role.
`SharedConfigFiles`	`[]string`	(Optional) List of paths to AWS shared configuration files.
`SharedCredentialsFile`	`*string`	(Optional) Path to the AWS shared credentials file.
`SharedCredentialsFiles`	`[]string`	(Optional) List of paths to AWS shared credentials files.
`SkipCredentialsValidation`	`*bool`	(Optional) Skip credentials validation via the STS API.
`SkipMetadataApiCheck`	`*bool`	(Optional) Skip usage of EC2 Metadata API.
`SkipRegionValidation`	`*bool`	(Optional) Skip validation of provided region name.
`SkipRequestingAccountId`	`*bool`	(Optional) Whether to skip requesting the account ID.
`SkipS3Checksum`	`*bool`	(Optional) Do not include checksum when uploading S3 Objects.
`SseCustomerKey`	`*string`	(Optional) The key to use for encrypting state with Server-Side Encryption with Customer-Provided Keys (SSE-C).
`StsEndpoint`	`*string`	(Optional) Custom endpoint for the AWS Security Token Service (STS) API.
`StsRegion`	`*string`	(Optional) AWS region for STS.
`Token`	`*string`	(Optional) Multi-Factor Authentication (MFA) token.
`UseLegacyWorkflow`	`*bool`	(Optional) Use the legacy authentication workflow, preferring environment variables over backend configuration.
`UsePathStyle`	`*bool`	(Optional) Enable path-style S3 URLs (https://< HOST >/< BUCKET > instead of https://< BUCKET >.< HOST >).
`WorkspaceKeyPrefix`	`*string`	(Optional) Prefix applied to the state path inside the bucket.

`Defaults`^Optional

Defaults *map[string]interface{}

Type: *map[string]interface{}

`Workspace`^Optional

Workspace *string

Type: *string

`Bucket`^Required

Bucket *string

Type: *string

Name of the S3 Bucket.

`Key`^Required

Key *string

Type: *string

Path to the state file inside the S3 Bucket. When using a non-default workspace, the state path will be /workspace_key_prefix/workspace_name/key

`AccessKey`^Optional

AccessKey *string

Type: *string

(Optional) AWS access key. If configured, must also configure secret_key. This can also be sourced from the AWS_ACCESS_KEY_ID environment variable, AWS shared credentials file (e.g. ~/.aws/credentials), or AWS shared configuration file (e.g. ~/.aws/config).

`Acl`^Optional

Acl *string

Type: *string

(Optional) Canned ACL to be applied to the state file.

`AllowedAccountIds`^Optional

AllowedAccountIds *[]*string

Type: *[]*string

(Optional) List of allowed AWS account IDs to prevent potential destruction of a live environment. Conflicts with forbidden_account_ids.

`AssumeRole`^Optional

AssumeRole S3BackendAssumeRoleConfig

Type: S3BackendAssumeRoleConfig

Assuming an IAM Role can be configured in two ways. The preferred way is to use the argument assume_role, the other, which is deprecated, is with arguments at the top level.

`AssumeRolePolicy`^Optional

Deprecated: Use assumeRole.policy instead.

AssumeRolePolicy *string

Type: *string

(Optional) IAM Policy JSON describing further restricting permissions for the IAM Role being assumed.

`AssumeRolePolicyArns`^Optional

Deprecated: Use assumeRole.policyArns instead.

AssumeRolePolicyArns *[]*string

Type: *[]*string

(Optional) Set of Amazon Resource Names (ARNs) of IAM Policies describing further restricting permissions for the IAM Role being assumed.

`AssumeRoleTags`^Optional

Deprecated: Use assumeRole.tags instead.

AssumeRoleTags *map[string]*string

Type: *map[string]*string

(Optional) Map of assume role session tags.

`AssumeRoleTransitiveTagKeys`^Optional

Deprecated: Use assumeRole.transitiveTagKeys instead.

AssumeRoleTransitiveTagKeys *[]*string

Type: *[]*string

(Optional) Set of assume role session tag keys to pass to any subsequent sessions.

`AssumeRoleWithWebIdentity`^Optional

AssumeRoleWithWebIdentity S3BackendAssumeRoleWithWebIdentityConfig

Type: S3BackendAssumeRoleWithWebIdentityConfig

Assume Role With Web Identity Configuration.

`CustomCaBundle`^Optional

CustomCaBundle *string

Type: *string

(Optional) File containing custom root and intermediate certificates. Can also be set using the AWS_CA_BUNDLE environment variable. Setting ca_bundle in the shared config file is not supported.

`DynamodbEndpoint`^Optional

Deprecated: Use endpoints.dynamodb instead

DynamodbEndpoint *string

Type: *string

(Optional) Custom endpoint for the AWS DynamoDB API. This can also be sourced from the AWS_DYNAMODB_ENDPOINT environment variable.

`DynamodbTable`^Optional

DynamodbTable *string

Type: *string

(Optional) Name of DynamoDB Table to use for state locking and consistency. The table must have a partition key named LockID with type of String. If not configured, state locking will be disabled.

`Ec2MetadataServiceEndpoint`^Optional

Ec2MetadataServiceEndpoint *string

Type: *string

Optional) Custom endpoint URL for the EC2 Instance Metadata Service (IMDS) API. Can also be set with the AWS_EC2_METADATA_SERVICE_ENDPOINT environment variable.

`Ec2MetadataServiceEndpointMode`^Optional

Ec2MetadataServiceEndpointMode *string

Type: *string

(Optional) Mode to use in communicating with the metadata service. Valid values are IPv4 and IPv6. Can also be set with the AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE environment variable.

`Encrypt`^Optional

Encrypt *bool

Type: *bool

(Optional) Enable server side encryption of the state file.

`Endpoint`^Optional

Deprecated: Use endpoints.s3 instead

Endpoint *string

Type: *string

(Optional) Custom endpoint for the AWS S3 API. This can also be sourced from the AWS_S3_ENDPOINT environment variable.

`Endpoints`^Optional

Endpoints S3BackendEndpointConfig

Type: S3BackendEndpointConfig

(Optional) The endpoint configuration block.

`ExternalId`^Optional

Deprecated: Use assume_role.external_id instead.

ExternalId *string

Type: *string

(Optional) External identifier to use when assuming the role.

`ForbiddenAccountIds`^Optional

ForbiddenAccountIds *[]*string

Type: *[]*string

(Optional) List of forbidden AWS account IDs to prevent potential destruction of a live environment. Conflicts with allowed_account_ids.

`ForcePathStyle`^Optional

Deprecated: Use usePathStyle instead

ForcePathStyle *bool

Type: *bool

(Optional) Enable path-style S3 URLs (https://< HOST >/< BUCKET > instead of https://< BUCKET >.< HOST >).

`HttpProxy`^Optional

HttpProxy *string

Type: *string

(Optional) URL of a proxy to use for HTTP requests when accessing the AWS API. Can also be set using the HTTP_PROXY or http_proxy environment variables.

`HttpsProxy`^Optional

HttpsProxy *string

Type: *string

(Optional) URL of a proxy to use for HTTPS requests when accessing the AWS API. Can also be set using the HTTPS_PROXY or https_proxy environment variables.

`IamEndpoint`^Optional

Deprecated: Use endpoints.iam instead

IamEndpoint *string

Type: *string

(Optional) Custom endpoint for the AWS Identity and Access Management (IAM) API. This can also be sourced from the AWS_IAM_ENDPOINT environment variable.

`Insecure`^Optional

Insecure *bool

Type: *bool

Optional) Whether to explicitly allow the backend to perform “insecure” SSL requests. If omitted, the default value is false.

`KmsKeyId`^Optional

KmsKeyId *string

Type: *string

(Optional) Amazon Resource Name (ARN) of a Key Management Service (KMS) Key to use for encrypting the state. Note that if this value is specified, Terraform will need kms:Encrypt, kms:Decrypt and kms:GenerateDataKey permissions on this KMS key.

`MaxRetries`^Optional

MaxRetries *f64

Type: *f64

(Optional) The maximum number of times an AWS API request is retried on retryable failure. Defaults to 5.

`NoProxy`^Optional

NoProxy *string

Type: *string

(Optional) Comma-separated list of hosts that should not use HTTP or HTTPS proxies. Each value can be one of:

A domain name
An IP address
A CIDR address
An asterisk (*), to indicate that no proxying should be performed Domain name and IP address values can also include a port number. Can also be set using the NO_PROXY or no_proxy environment variables.

`Profile`^Optional

Profile *string

Type: *string

(Optional) Name of AWS profile in AWS shared credentials file (e.g. ~/.aws/credentials) or AWS shared configuration file (e.g. ~/.aws/config) to use for credentials and/or configuration. This can also be sourced from the AWS_PROFILE environment variable.

`Region`^Optional

Region *string

Type: *string

AWS Region of the S3 Bucket and DynamoDB Table (if used). This can also be sourced from the AWS_DEFAULT_REGION and AWS_REGION environment variables.

`RetryMode`^Optional

RetryMode *string

Type: *string

(Optional) Specifies how retries are attempted. Valid values are standard and adaptive. Can also be configured using the AWS_RETRY_MODE environment variable or the shared config file parameter retry_mode.

`RoleArn`^Optional

Deprecated: Use assumeRole.roleArn instead.

RoleArn *string

Type: *string

(Optional) Amazon Resource Name (ARN) of the IAM Role to assume.

`SecretKey`^Optional

SecretKey *string

Type: *string

(Optional) AWS secret access key. If configured, must also configure access_key. This can also be sourced from the AWS_SECRET_ACCESS_KEY environment variable, AWS shared credentials file (e.g. ~/.aws/credentials), or AWS shared configuration file (e.g. ~/.aws/config)

`SessionName`^Optional

Deprecated: Use assumeRole.sessionName instead.

SessionName *string

Type: *string

(Optional) Session name to use when assuming the role.

`SharedConfigFiles`^Optional

SharedConfigFiles *[]*string

Type: *[]*string

(Optional) List of paths to AWS shared configuration files. Defaults to ~/.aws/config.

`SharedCredentialsFile`^Optional

SharedCredentialsFile *string

Type: *string

(Optional) Path to the AWS shared credentials file. Defaults to ~/.aws/credentials.

`SharedCredentialsFiles`^Optional

SharedCredentialsFiles *[]*string

Type: *[]*string

(Optional) List of paths to AWS shared credentials files. Defaults to ~/.aws/credentials.

`SkipCredentialsValidation`^Optional

SkipCredentialsValidation *bool

Type: *bool

(Optional) Skip credentials validation via the STS API.

`SkipMetadataApiCheck`^Optional

SkipMetadataApiCheck *bool

Type: *bool

(Optional) Skip usage of EC2 Metadata API.

`SkipRegionValidation`^Optional

SkipRegionValidation *bool

Type: *bool

(Optional) Skip validation of provided region name.

`SkipRequestingAccountId`^Optional

SkipRequestingAccountId *bool

Type: *bool

(Optional) Whether to skip requesting the account ID. Useful for AWS API implementations that do not have the IAM, STS API, or metadata API.

`SkipS3Checksum`^Optional

SkipS3Checksum *bool

Type: *bool

(Optional) Do not include checksum when uploading S3 Objects. Useful for some S3-Compatible APIs.

`SseCustomerKey`^Optional

SseCustomerKey *string

Type: *string

(Optional) The key to use for encrypting state with Server-Side Encryption with Customer-Provided Keys (SSE-C). This is the base64-encoded value of the key, which must decode to 256 bits. This can also be sourced from the AWS_SSE_CUSTOMER_KEY environment variable, which is recommended due to the sensitivity of the value. Setting it inside a terraform file will cause it to be persisted to disk in terraform.tfstate.

`StsEndpoint`^Optional

Deprecated: Use endpoints.sts instead

StsEndpoint *string

Type: *string

(Optional) Custom endpoint for the AWS Security Token Service (STS) API. This can also be sourced from the AWS_STS_ENDPOINT environment variable.

`StsRegion`^Optional

StsRegion *string

Type: *string

(Optional) AWS region for STS. If unset, AWS will use the same region for STS as other non-STS operations.

`Token`^Optional

Token *string

Type: *string

(Optional) Multi-Factor Authentication (MFA) token. This can also be sourced from the AWS_SESSION_TOKEN environment variable.

`UseLegacyWorkflow`^Optional

UseLegacyWorkflow *bool

Type: *bool

(Optional) Use the legacy authentication workflow, preferring environment variables over backend configuration. Defaults to true. This behavior does not align with the authentication flow of the AWS CLI or SDK’s, and will be removed in the future.

`UsePathStyle`^Optional

UsePathStyle *bool

Type: *bool

(Optional) Enable path-style S3 URLs (https://< HOST >/< BUCKET > instead of https://< BUCKET >.< HOST >).

`WorkspaceKeyPrefix`^Optional

WorkspaceKeyPrefix *string

Type: *string

(Optional) Prefix applied to the state path inside the bucket. This is only relevant when using a non-default workspace. Defaults to env:

Overview

TypeScript

Python

Java

C#

Go

Documentation Index

​Initializer

​Properties

​DefaultsOptional

​WorkspaceOptional

​BucketRequired

​KeyRequired

​AccessKeyOptional

​AclOptional

​AllowedAccountIdsOptional

​AssumeRoleOptional

​AssumeRolePolicyOptional

​AssumeRolePolicyArnsOptional

​AssumeRoleTagsOptional

​AssumeRoleTransitiveTagKeysOptional

​AssumeRoleWithWebIdentityOptional

​CustomCaBundleOptional

​DynamodbEndpointOptional

​DynamodbTableOptional

​Ec2MetadataServiceEndpointOptional

​Ec2MetadataServiceEndpointModeOptional

​EncryptOptional

​EndpointOptional

​EndpointsOptional

​ExternalIdOptional

​ForbiddenAccountIdsOptional

​ForcePathStyleOptional

​HttpProxyOptional

​HttpsProxyOptional

​IamEndpointOptional

​InsecureOptional

​KmsKeyIdOptional

​MaxRetriesOptional

​NoProxyOptional

​ProfileOptional

​RegionOptional

​RetryModeOptional

​RoleArnOptional

​SecretKeyOptional

​SessionNameOptional

​SharedConfigFilesOptional

​SharedCredentialsFileOptional

​SharedCredentialsFilesOptional

​SkipCredentialsValidationOptional

​SkipMetadataApiCheckOptional

​SkipRegionValidationOptional

​SkipRequestingAccountIdOptional

​SkipS3ChecksumOptional

​SseCustomerKeyOptional

​StsEndpointOptional

​StsRegionOptional

​TokenOptional

​UseLegacyWorkflowOptional

​UsePathStyleOptional

​WorkspaceKeyPrefixOptional