sethmdoty
/
terraform-cloudflare-state-backend
1
0
Fork 0
Code Pull Requests Packages Releases Activity
1 Commit 1 Branch 0 Tags 151 KiB
JavaScript 92.6%
HCL 7.4%
Go to file
Seth Doty 86164c797e initial commit 2022-08-11 21:50:59 -05:00
.idea initial commit 2022-08-11 21:50:59 -05:00
example initial commit 2022-08-11 21:50:59 -05:00
.gitignore initial commit 2022-08-11 21:50:59 -05:00
.prettierrc.yml initial commit 2022-08-11 21:50:59 -05:00
README.md initial commit 2022-08-11 21:50:59 -05:00
index.js initial commit 2022-08-11 21:50:59 -05:00
package-lock.json initial commit 2022-08-11 21:50:59 -05:00
package.json initial commit 2022-08-11 21:50:59 -05:00
wrangler.toml initial commit 2022-08-11 21:50:59 -05:00

README.md

Terraform Backend: Cloudflare Workers

A Terraform backend implementation using Cloudflare Workers.

So what's this?

This repo contains Cloudflare Worker as a remote state backend for Terraform. The advantage of storing this in something like Cloudflare instead of AWS S3 is that it's much easier to set up.

This backend supports state locks and an having arbitrary number of Terraform states on a single worker (using different pathnames).

Prerequisites

  • You'll need to install Terraform CLI.
  • You'll also need a Cloudflare account.

You can deploy this via Wrangler:

Install Cloudflare Wrangler CLI

Make sure your Wrangler CLI is set up correctly by running the following (you might need to generate an API token):

wrangler login

Then, update the credentials in the index.js file. IMPORTANT

Now, you'll need to create a KV namespace. Just run the following:

wrangler kv:namespace create TERRAFORM

You can also use secrets if you wish.

Define the values of the secrets.

wrangler secret put TF_BACKEND_USER
wrangler secret put TF_BACKEND_PASSWD

In index.js change the hardcoded username and password to read values from the secrets.

const USERNAME = TF_BACKEND_USER;
const PASSWORD = TF_BACKEND_PASSWD;

Lastly, to deploy your worker, update wrangler.toml file with your account id, kv namespace id, and optionally a different project name, then run the following:

wrangler publish

You should get back a message similar to the following:

💁  JavaScript project found. Skipping unnecessary build!
✨  Successfully published your script to https://terraform-backend.ACCOUNT_NAME.workers.dev

Congrats! You're done. This will give you the url for your Terraform backend, which you should then be able to add to your terraform:

terraform {
  backend "http" {
    address = "https://terraform-backend.ACCOUNT_NAME.workers.dev/"
    username = "CHANGE ME!"
    password = "CHANGE ME!"
  }
}

Caution: Changing your credentials after running terraform init is not supported as it's not straightforward. If that's needed, try taking a copy of your state before changing your credentials, then uploading it after you make the change:

# Before changing your credentials
tf state pull > state-backup.tfstate

# Change your credentials...
wrangler publish

# After changing your credentials (including in the terraform config)
tf state push state-backup.tfstate