Home > front end >  Sourcing bucket and key values from environment variables in CICD
Sourcing bucket and key values from environment variables in CICD

Time:02-18

I am trying to setup a CICD for terraform changes. Our backed is S3 and while init I get following errors, since of course none of these values are provided:

terraform {
  backend "s3" {
  }
}

.

│ Error: "region": required field is not set
│ Error: "bucket": required field is not set
│ Error: "key": required field is not set

Value for region as specified here can be sourced from AWS_DEFAULT_REGION and AWS_REGION environment variables.

However, no information is available about how bucket and key information can be stored as repository secrets or environment variables and can be sourced from there?

I cant specify them in the backend.tf files due to some other limitations and they have to be stored as environment variables. Any idea how to fix this?

CodePudding user response:

All the required values for the backend block can be configured using the command line options [1]. Specifically, you should be interested in this part:

Command-line key/value pairs: Key/value pairs can be specified via the init command line. Note that many shells retain command-line flags in a history file, so this isn't recommended for secrets. To specify a single key/value pair, use the -backend-config="KEY=VALUE" option when running terraform init.

Here is an example from the GitHub actions I used:

terraform init -backend-config="bucket=${{ secrets.STATE_BUCKET_NAME }}" \
  -backend-config="key=${{ secrets.STATE_KEY }}" \
  -backend-config="region=${{ secrets.AWS_REGION }}" \
  -backend-config="access_key=${{ secrets.AWS_ACCESS_KEY_ID }}" \
  -backend-config="secret_key=${{ secrets.AWS_SECRET_ACCESS_KEY }}" \
  -input=false -no-color

I don't have much experience with GitLab CI, but I think you can set those variables as protected and just reference them in the command:

terraform init -backend-config="bucket=${STATE_BUCKET_NAME}" \
  -backend-config="key=${STATE_KEY}" \
  -backend-config="region=${AWS_REGION}" \
  -backend-config="access_key=${AWS_ACCESS_KEY_ID}" \
  -backend-config="secret_key=${AWS_SECRET_ACCESS_KEY}" \
  -input=false -no-color

[1] https://www.terraform.io/language/settings/backends/configuration

Page link:https//www.codepudding.com/frontend/306261.html

Prev:Serverless Framework: AWS Lambda Role for Signed URLs on S3
Next:How I can generated pre-signed url for different file versions of AWS S3 objects in NodeJS?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding