|
||
---|---|---|
.idea | ||
example | ||
.gitignore | ||
.prettierrc.yml | ||
README.md | ||
index.js | ||
package-lock.json | ||
package.json | ||
wrangler.toml |
README.md
Terraform Backend: Cloudflare Workers
A Terraform backend implementation using Cloudflare Workers.
So what's this?
This repo contains Cloudflare Worker as a remote state backend for Terraform. The advantage of storing this in something like Cloudflare instead of AWS S3 is that it's much easier to set up.
This backend supports state locks and an having arbitrary number of Terraform states on a single worker (using different pathnames).
Prerequisites
- You'll need to install Terraform CLI.
- You'll also need a Cloudflare account.
You can deploy this via Wrangler:
Install Cloudflare Wrangler CLI
Make sure your Wrangler CLI is set up correctly by running the following (you might need to generate an API token):
wrangler login
Then, update the credentials in the index.js
file. IMPORTANT
Now, you'll need to create a KV namespace. Just run the following:
wrangler kv:namespace create TERRAFORM
You can also use secrets if you wish.
Define the values of the secrets.
wrangler secret put TF_BACKEND_USER
wrangler secret put TF_BACKEND_PASSWD
In index.js
change the hardcoded username and password to read values from the secrets.
const USERNAME = TF_BACKEND_USER;
const PASSWORD = TF_BACKEND_PASSWD;
Lastly, to deploy your worker, update wrangler.toml
file with your account id, kv namespace id, and optionally a different project name, then run the following:
wrangler publish
You should get back a message similar to the following:
💁 JavaScript project found. Skipping unnecessary build!
✨ Successfully published your script to https://terraform-backend.ACCOUNT_NAME.workers.dev
Congrats! You're done. This will give you the url for your Terraform backend, which you should then be able to add to your terraform:
terraform {
backend "http" {
address = "https://terraform-backend.ACCOUNT_NAME.workers.dev/"
username = "CHANGE ME!"
password = "CHANGE ME!"
}
}
Caution: Changing your credentials after running terraform init
is not supported as it's not straightforward. If that's needed, try taking a copy of your state before changing your credentials, then uploading it after you make the change:
# Before changing your credentials
tf state pull > state-backup.tfstate
# Change your credentials...
wrangler publish
# After changing your credentials (including in the terraform config)
tf state push state-backup.tfstate