The Terraform AWS Provider configuration can be customized to connect to non-default AWS service endpoints and AWS compatible solutions. This may be useful for environments with specific compliance requirements, such as using AWS FIPS 140-2 endpoints, connecting to AWS Snowball, SC2S, or C2S environments, or local testing.
This guide outlines how to get started with customizing endpoints, the available endpoint configurations, and offers example configurations for working with certain local development and testing solutions.
To configure the Terraform AWS Provider to use customized endpoints, it can be done within provider
declarations using the endpoints
configuration block, e.g.,
provider "aws" {
# ... potentially other provider configuration ...
endpoints {
dynamodb = "http://localhost:4569"
s3 = "http://localhost:4572"
}
}
provider "aws" {
endpoints {
dms = "http://this.value.will.be.used.com"
databasemigration = "http://this.value.will.be.ignored.com"
}
}
accessanalyzer
account
acm
acmpca
amp
(or prometheus
or prometheusservice
)amplify
apigateway
apigatewayv2
appautoscaling
(or applicationautoscaling
)appconfig
appfabric
appflow
appintegrations
(or appintegrationsservice
)applicationinsights
appmesh
apprunner
appstream
appsync
athena
auditmanager
autoscaling
autoscalingplans
backup
batch
bcmdataexports
bedrock
bedrockagent
budgets
ce
(or costexplorer
)chatbot
chime
chimesdkmediapipelines
chimesdkvoice
cleanrooms
cloud9
cloudcontrol
(or cloudcontrolapi
)cloudformation
cloudfront
cloudfrontkeyvaluestore
cloudhsmv2
(or cloudhsm
)cloudsearch
cloudtrail
cloudwatch
codeartifact
codebuild
codecatalyst
codecommit
codeguruprofiler
codegurureviewer
codepipeline
codestarconnections
codestarnotifications
cognitoidentity
cognitoidp
(or cognitoidentityprovider
)comprehend
computeoptimizer
configservice
(or config
)connect
connectcases
controltower
costoptimizationhub
cur
(or costandusagereportservice
)customerprofiles
dataexchange
datapipeline
datasync
datazone
dax
deploy
(or codedeploy
)detective
devicefarm
devopsguru
directconnect
dlm
dms
(or databasemigration
or databasemigrationservice
)docdb
docdbelastic
ds
(or directoryservice
)dynamodb
ec2
ecr
ecrpublic
ecs
efs
eks
elasticache
elasticbeanstalk
(or beanstalk
)elasticsearch
(or es
or elasticsearchservice
)elastictranscoder
elb
(or elasticloadbalancing
)elbv2
(or elasticloadbalancingv2
)emr
emrcontainers
emrserverless
events
(or eventbridge
or cloudwatchevents
)evidently
(or cloudwatchevidently
)finspace
firehose
fis
fms
fsx
gamelift
glacier
globalaccelerator
glue
grafana
(or managedgrafana
or amg
)greengrass
groundstation
guardduty
healthlake
iam
identitystore
imagebuilder
inspector
inspector2
(or inspectorv2
)internetmonitor
iot
iotanalytics
iotevents
ivs
ivschat
kafka
(or msk
)kafkaconnect
kendra
keyspaces
kinesis
kinesisanalytics
kinesisanalyticsv2
kinesisvideo
kms
lakeformation
lambda
launchwizard
lexmodels
(or lexmodelbuilding
or lexmodelbuildingservice
or lex
)lexv2models
(or lexmodelsv2
)licensemanager
lightsail
location
(or locationservice
)logs
(or cloudwatchlog
or cloudwatchlogs
)lookoutmetrics
m2
macie2
mediaconnect
mediaconvert
medialive
mediapackage
mediapackagev2
mediastore
memorydb
mq
mwaa
neptune
neptunegraph
networkfirewall
networkmanager
oam
(or cloudwatchobservabilityaccessmanager
)opensearch
(or opensearchservice
)opensearchserverless
opsworks
organizations
osis
(or opensearchingestion
)outposts
paymentcryptography
pcaconnectorad
pinpoint
pipes
polly
pricing
qbusiness
qldb
quicksight
ram
rbin
(or recyclebin
)rds
redshift
redshiftdata
(or redshiftdataapiservice
)redshiftserverless
rekognition
resourceexplorer2
resourcegroups
resourcegroupstaggingapi
(or resourcegroupstagging
)rolesanywhere
route53
route53domains
route53profiles
route53recoverycontrolconfig
route53recoveryreadiness
route53resolver
rum
(or cloudwatchrum
)s3
(or s3api
)s3control
s3outposts
sagemaker
scheduler
schemas
secretsmanager
securityhub
securitylake
serverlessrepo
(or serverlessapprepo
or serverlessapplicationrepository
)servicecatalog
servicecatalogappregistry
(or appregistry
)servicediscovery
servicequotas
ses
sesv2
sfn
(or stepfunctions
)shield
signer
simpledb
(or sdb
)sns
sqs
ssm
ssmcontacts
ssmincidents
ssmsap
sso
ssoadmin
storagegateway
sts
swf
synthetics
timestreamwrite
transcribe
(or transcribeservice
)transfer
verifiedpermissions
vpclattice
waf
wafregional
wafv2
wellarchitected
worklink
workspaces
workspacesweb
xray
As a convenience, for compatibility with the Terraform S3 Backend, the following service endpoints can be configured using environment variables:
TF_AWS_DYNAMODB_ENDPOINT
(or Deprecated AWS_DYNAMODB_ENDPOINT
)TF_AWS_IAM_ENDPOINT
(or Deprecated AWS_IAM_ENDPOINT
)TF_AWS_S3_ENDPOINT
(or Deprecated AWS_S3_ENDPOINT
)TF_AWS_STS_ENDPOINT
(or Deprecated AWS_STS_ENDPOINT
)The Amazon DynamoDB service offers a downloadable version for writing and testing applications without accessing the DynamoDB web service. For more information about this solution, see the DynamoDB Local documentation in the Amazon DynamoDB Developer Guide.
An example provider configuration:
provider "aws" {
access_key = "mock_access_key"
region = "us-east-1"
secret_key = "mock_secret_key"
skip_credentials_validation = true
skip_metadata_api_check = true
skip_requesting_account_id = true
endpoints {
dynamodb = "http://localhost:8000"
}
}
LocalStack provides an easy-to-use test/mocking framework for developing Cloud applications.
An example provider configuration:
provider "aws" {
access_key = "mock_access_key"
region = "us-east-1"
s3_use_path_style = true
secret_key = "mock_secret_key"
skip_credentials_validation = true
skip_metadata_api_check = true
skip_requesting_account_id = true
endpoints {
apigateway = "http://localhost:4566"
cloudformation = "http://localhost:4566"
cloudwatch = "http://localhost:4566"
dynamodb = "http://localhost:4566"
es = "http://localhost:4566"
firehose = "http://localhost:4566"
iam = "http://localhost:4566"
kinesis = "http://localhost:4566"
lambda = "http://localhost:4566"
route53 = "http://localhost:4566"
redshift = "http://localhost:4566"
s3 = "http://localhost:4566"
secretsmanager = "http://localhost:4566"
ses = "http://localhost:4566"
sns = "http://localhost:4566"
sqs = "http://localhost:4566"
ssm = "http://localhost:4566"
stepfunctions = "http://localhost:4566"
sts = "http://localhost:4566"
}
}