Skip to main content
Sponsor @cloudposse

Initializing the Terraform State S3 Backend

Follow these steps to configure and initialize the Terraform state backend using Atmos, ensuring proper setup of the infrastructure components and state management.

StepsActions
Configure Terraform stateatmos workflow init/tfstate -f quickstart/foundation/baseline

Setting up the Terraform State Backend

This is where we configure and run Atmos. Atmos is a workflow automation tool that we will use to call Terraform which will provision all the accounts and resources you need to create and manage infrastructure. The Atmos configuration can be found in the atmos.yaml.

If you're unfamiliar with atmos, you can read more about it here.

If you look at components/terraform/, you'll see a bunch of directories. These contain Terraform "root modules" that are provisioned with Atmos. At first they'll only have their vendor files, such as components/terraform/tfstate-backend/component.yaml.

1 Vendor the Terraform State Backend component

Vendor the Terraform State Backend component by running the following command. The steps here require the tfstate-backend and account-map components.

What is Vendoring?

Vendoring downloads the upstream component files from a central repository at a specified version. In this case, we are pulling the baseline components, which include all account components, the Terraform State component, and other necessary files for setting up the account foundation.

This step only downloads the files to your local project - it does not deploy or make any changes to your infrastructure.

Read more about vendoring with Atmos

Loading workflow...

2 Initialize the Terraform State Backend

Run the following command to initialize the Terraform State Backend. This workflow has two steps:

  • Create the backend using a local Terraform state
  • Once the backend bucket exists, migrate the state file into the newly created S3 bucket
Loading workflow...

3 Migrate all workspaces to S3

When prompted, type yes to migrate all workspaces to S3.

Initializing the backend...
Do you want to migrate all workspaces to "s3"?
Granting SuperAdmin Access to Terraform State

The IAM User for SuperAdmin will be granted access to Terraform State by principal ARN. This ARN is passed to the tfstate-backend stack catalog under allowed_principal_arns. Verify that this ARN is correct now. You may need to update the root account ID.

References