Initializers
| Name | Type | Description |
|---|---|---|
scope | constructs.Construct | No description. |
bucket | str | Name of the S3 Bucket. |
key | str | Path to the state file inside the S3 Bucket. |
access_key | str | (Optional) AWS access key. |
acl | str | (Optional) Canned ACL to be applied to the state file. |
allowed_account_ids | typing.List[str] | (Optional) List of allowed AWS account IDs to prevent potential destruction of a live environment. |
assume_role | S3BackendAssumeRoleConfig | Assuming an IAM Role can be configured in two ways. |
assume_role_policy | str | (Optional) IAM Policy JSON describing further restricting permissions for the IAM Role being assumed. |
assume_role_policy_arns | typing.List[str] | (Optional) Set of Amazon Resource Names (ARNs) of IAM Policies describing further restricting permissions for the IAM Role being assumed. |
assume_role_tags | typing.Mapping[str] | (Optional) Map of assume role session tags. |
assume_role_transitive_tag_keys | typing.List[str] | (Optional) Set of assume role session tag keys to pass to any subsequent sessions. |
assume_role_with_web_identity | S3BackendAssumeRoleWithWebIdentityConfig | Assume Role With Web Identity Configuration. |
custom_ca_bundle | str | (Optional) File containing custom root and intermediate certificates. |
dynamodb_endpoint | str | (Optional) Custom endpoint for the AWS DynamoDB API. |
dynamodb_table | str | (Optional) Name of DynamoDB Table to use for state locking and consistency. |
ec2_metadata_service_endpoint | str | Optional) Custom endpoint URL for the EC2 Instance Metadata Service (IMDS) API. |
ec2_metadata_service_endpoint_mode | str | (Optional) Mode to use in communicating with the metadata service. |
encrypt | bool | (Optional) Enable server side encryption of the state file. |
endpoint | str | (Optional) Custom endpoint for the AWS S3 API. |
endpoints | S3BackendEndpointConfig | (Optional) The endpoint configuration block. |
external_id | str | (Optional) External identifier to use when assuming the role. |
forbidden_account_ids | typing.List[str] | (Optional) List of forbidden AWS account IDs to prevent potential destruction of a live environment. |
force_path_style | bool | (Optional) Enable path-style S3 URLs (https://< HOST >/< BUCKET > instead of https://< BUCKET >.< HOST >). |
http_proxy | str | (Optional) URL of a proxy to use for HTTP requests when accessing the AWS API. |
https_proxy | str | (Optional) URL of a proxy to use for HTTPS requests when accessing the AWS API. |
iam_endpoint | str | (Optional) Custom endpoint for the AWS Identity and Access Management (IAM) API. |
insecure | bool | Optional) Whether to explicitly allow the backend to perform “insecure” SSL requests. |
kms_key_id | str | (Optional) Amazon Resource Name (ARN) of a Key Management Service (KMS) Key to use for encrypting the state. |
max_retries | typing.Union[int, float] | (Optional) The maximum number of times an AWS API request is retried on retryable failure. |
no_proxy | str | (Optional) Comma-separated list of hosts that should not use HTTP or HTTPS proxies. |
profile | str | (Optional) Name of AWS profile in AWS shared credentials file (e.g. ~/.aws/credentials) or AWS shared configuration file (e.g. ~/.aws/config) to use for credentials and/or configuration. This can also be sourced from the AWS_PROFILE environment variable. |
region | str | AWS Region of the S3 Bucket and DynamoDB Table (if used). |
retry_mode | str | (Optional) Specifies how retries are attempted. |
role_arn | str | (Optional) Amazon Resource Name (ARN) of the IAM Role to assume. |
secret_key | str | (Optional) AWS secret access key. |
session_name | str | (Optional) Session name to use when assuming the role. |
shared_config_files | typing.List[str] | (Optional) List of paths to AWS shared configuration files. |
shared_credentials_file | str | (Optional) Path to the AWS shared credentials file. |
shared_credentials_files | typing.List[str] | (Optional) List of paths to AWS shared credentials files. |
skip_credentials_validation | bool | (Optional) Skip credentials validation via the STS API. |
skip_metadata_api_check | bool | (Optional) Skip usage of EC2 Metadata API. |
skip_region_validation | bool | (Optional) Skip validation of provided region name. |
skip_requesting_account_id | bool | (Optional) Whether to skip requesting the account ID. |
skip_s3_checksum | bool | (Optional) Do not include checksum when uploading S3 Objects. |
sse_customer_key | str | (Optional) The key to use for encrypting state with Server-Side Encryption with Customer-Provided Keys (SSE-C). |
sts_endpoint | str | (Optional) Custom endpoint for the AWS Security Token Service (STS) API. |
sts_region | str | (Optional) AWS region for STS. |
token | str | (Optional) Multi-Factor Authentication (MFA) token. |
use_legacy_workflow | bool | (Optional) Use the legacy authentication workflow, preferring environment variables over backend configuration. |
use_path_style | bool | (Optional) Enable path-style S3 URLs (https://< HOST >/< BUCKET > instead of https://< BUCKET >.< HOST >). |
workspace_key_prefix | str | (Optional) Prefix applied to the state path inside the bucket. |
scopeRequired
- Type: constructs.Construct
bucketRequired
- Type: str
keyRequired
- Type: str
access_keyOptional
- Type: str
aclOptional
- Type: str
allowed_account_idsOptional
- Type: typing.List[str]
assume_roleOptional
Assuming an IAM Role can be configured in two ways.
The preferred way is to use the argument assume_role, the other, which is deprecated, is with arguments at the top level.
assume_role_policyOptional
assume_role_policy- Deprecated: Use assumeRole.policy instead.
- Type: str
assume_role_policy_arnsOptional
assume_role_policy_arns- Deprecated: Use assumeRole.policyArns instead.
- Type: typing.List[str]
assume_role_tagsOptional
assume_role_tags- Deprecated: Use assumeRole.tags instead.
- Type: typing.Mapping[str]
assume_role_transitive_tag_keysOptional
assume_role_transitive_tag_keys- Deprecated: Use assumeRole.transitiveTagKeys instead.
- Type: typing.List[str]
assume_role_with_web_identityOptional
Assume Role With Web Identity Configuration.
custom_ca_bundleOptional
- Type: str
dynamodb_endpointOptional
dynamodb_endpoint- Deprecated: Use endpoints.dynamodb instead
- Type: str
dynamodb_tableOptional
- Type: str
ec2_metadata_service_endpointOptional
- Type: str
ec2_metadata_service_endpoint_modeOptional
- Type: str
encryptOptional
- Type: bool
endpointOptional
endpoint- Deprecated: Use endpoints.s3 instead
- Type: str
endpointsOptional
- Type: S3BackendEndpointConfig
external_idOptional
external_id- Deprecated: Use assume_role.external_id instead.
- Type: str
forbidden_account_idsOptional
- Type: typing.List[str]
force_path_styleOptional
force_path_style- Deprecated: Use usePathStyle instead
- Type: bool
http_proxyOptional
- Type: str
https_proxyOptional
- Type: str
iam_endpointOptional
iam_endpoint- Deprecated: Use endpoints.iam instead
- Type: str
insecureOptional
- Type: bool
kms_key_idOptional
- Type: str
max_retriesOptional
- Type: typing.Union[int, float]
no_proxyOptional
- Type: str
- A domain name
- An IP address
- A CIDR address
- An asterisk (*), to indicate that no proxying should be performed Domain name and IP address values can also include a port number. Can also be set using the NO_PROXY or no_proxy environment variables.
profileOptional
- Type: str
regionOptional
- Type: str
retry_modeOptional
- Type: str
role_arnOptional
role_arn- Deprecated: Use assumeRole.roleArn instead.
- Type: str
secret_keyOptional
- Type: str
session_nameOptional
session_name- Deprecated: Use assumeRole.sessionName instead.
- Type: str
shared_config_filesOptional
- Type: typing.List[str]
shared_credentials_fileOptional
- Type: str
shared_credentials_filesOptional
- Type: typing.List[str]
skip_credentials_validationOptional
- Type: bool
skip_metadata_api_checkOptional
- Type: bool
skip_region_validationOptional
- Type: bool
skip_requesting_account_idOptional
- Type: bool
skip_s3_checksumOptional
- Type: bool
sse_customer_keyOptional
- Type: str
sts_endpointOptional
sts_endpoint- Deprecated: Use endpoints.sts instead
- Type: str
sts_regionOptional
- Type: str
tokenOptional
- Type: str
use_legacy_workflowOptional
- Type: bool
use_path_styleOptional
- Type: bool
workspace_key_prefixOptional
- Type: str
Methods
| Name | Description |
|---|---|
to_string | Returns a string representation of this construct. |
add_override | No description. |
override_logical_id | Overrides the auto-generated logical ID with a specific ID. |
reset_override_logical_id | Resets a previously passed logical Id to use the auto-generated logical id again. |
to_hcl_terraform | No description. |
to_metadata | No description. |
to_terraform | Adds this resource to the terraform JSON output. |
get_remote_state_data_source | Creates a TerraformRemoteState resource that accesses this backend. |
to_string
add_override
pathRequired
- Type: str
valueRequired
- Type: typing.Any
override_logical_id
new_logical_idRequired
- Type: str
reset_override_logical_id
to_hcl_terraform
to_metadata
to_terraform
get_remote_state_data_source
scopeRequired
- Type: constructs.Construct
nameRequired
- Type: str
_fromstackRequired
- Type: str
Static Functions
| Name | Description |
|---|---|
is_construct | Checks if x is a construct. |
is_terraform_element | No description. |
is_backend | No description. |
is_construct
x is a construct.
Use this method instead of instanceof to properly detect Construct
instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the constructs library on
disk are seen as independent, completely different libraries. As a
consequence, the class Construct in each copy of the constructs library
is seen as a different class, and an instance of one class will not test as
instanceof the other class. npm install will not create installations
like this, but users may manually symlink construct libraries together or
use a monorepo tool: in those cases, multiple copies of the constructs
library can be accidentally installed, and instanceof will behave
unpredictably. It is safest to avoid using instanceof, and using
this type-testing method instead.
xRequired
- Type: typing.Any
is_terraform_element
xRequired
- Type: typing.Any
is_backend
xRequired
- Type: typing.Any
Properties
| Name | Type | Description |
|---|---|---|
node | constructs.Node | The tree node. |
cdktf_stack | TerraformStack | No description. |
fqn | str | No description. |
friendly_unique_id | str | No description. |
nodeRequired
- Type: constructs.Node
cdktf_stackRequired
- Type: TerraformStack
fqnRequired
- Type: str
friendly_unique_idRequired
- Type: str