sethmdoty
/
terraform-cloudflare-state-backend
1
0
Fork 0
Code Pull Requests Packages Releases Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Branch
0 Tags
151 KiB
JavaScript 92.6%
HCL 7.4%
 
 
main
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'main'
${ noResults }
Go to file
Seth Doty 86164c797e initial commit 8 months ago
.idea initial commit 8 months ago
example initial commit 8 months ago
.gitignore initial commit 8 months ago
.prettierrc.yml initial commit 8 months ago
README.md initial commit 8 months ago
index.js initial commit 8 months ago
package-lock.json initial commit 8 months ago
package.json initial commit 8 months ago
wrangler.toml initial commit 8 months ago

README.md

Terraform Backend: Cloudflare Workers

A Terraform backend implementation using Cloudflare Workers.

So what's this?

This repo contains Cloudflare Worker as a remote state backend for Terraform. The advantage of storing this in something like Cloudflare instead of AWS S3 is that it's much easier to set up.

This backend supports state locks and an having arbitrary number of Terraform states on a single worker (using different pathnames).

Prerequisites

  • You'll need to install Terraform CLI.
  • You'll also need a Cloudflare account.

You can deploy this via Wrangler:

Install Cloudflare Wrangler CLI

Make sure your Wrangler CLI is set up correctly by running the following (you might need to generate an API token):

wrangler login

Then, update the credentials in the index.js file. IMPORTANT

Now, you'll need to create a KV namespace. Just run the following:

wrangler kv:namespace create TERRAFORM

You can also use secrets if you wish.

Define the values of the secrets.

wrangler secret put TF_BACKEND_USER
wrangler secret put TF_BACKEND_PASSWD

In index.js change the hardcoded username and password to read values from the secrets.

const USERNAME = TF_BACKEND_USER;
const PASSWORD = TF_BACKEND_PASSWD;

Lastly, to deploy your worker, update wrangler.toml file with your account id, kv namespace id, and optionally a different project name, then run the following:

wrangler publish

You should get back a message similar to the following:

💁  JavaScript project found. Skipping unnecessary build!
✨  Successfully published your script to https://terraform-backend.ACCOUNT_NAME.workers.dev

Congrats! You're done. This will give you the url for your Terraform backend, which you should then be able to add to your terraform:

terraform {
  backend "http" {
    address = "https://terraform-backend.ACCOUNT_NAME.workers.dev/"
    username = "CHANGE ME!"
    password = "CHANGE ME!"
  }
}

Caution: Changing your credentials after running terraform init is not supported as it's not straightforward. If that's needed, try taking a copy of your state before changing your credentials, then uploading it after you make the change:

# Before changing your credentials
tf state pull > state-backup.tfstate

# Change your credentials...
wrangler publish

# After changing your credentials (including in the terraform config)
tf state push state-backup.tfstate