COS

Stores the state as an object in a configurable prefix in a given bucket on Tencent Cloud Object Storage (COS).

This backend supports state locking. Storing your state in a COS bucket requires the following permissions:

Example Configuration

terraform {
  backend "cos" {
    region = "ap-guangzhou"
    bucket = "bucket-for-terraform-state-1258798060"
    prefix = "terraform/state"
  }
}

This assumes we have a COS Bucket created named bucket-for-terraform-state-1258798060, Terraform state will be written into the file terraform/state/terraform.tfstate.

Data Source Configuration

To make use of the COS remote state in another configuration, use the terraform_remote_state data source.

data "terraform_remote_state" "foo" {
  backend = "cos"

  config = {
    region = "ap-guangzhou"
    bucket = "bucket-for-terraform-state-1258798060"
    prefix = "terraform/state"
  }
}

Configuration Variables

The following configuration options or environment variables are supported:

Assume Role

If provided with an assume role, Terraform will attempt to assume this role using the supplied credentials. Assume role can be provided by adding an assume_role block in the cos backend block.

The details of assume_role block as following:

Usage:

terraform {
  backend "cos" {
    region = "ap-guangzhou"
    bucket = "bucket-for-terraform-state-{appid}"
    prefix = "terraform/state"
    assume_role {
      role_arn = "qcs::cam::uin/xxx:roleName/yyy"
      session_name = "my-session-name"
      session_duration = 3600
    }
  }
}

In addition, these assume_role configurations can also be provided by environment variables.

Usage:

$ export TENCENTCLOUD_SECRET_ID="my-secret-id"
$ export TENCENTCLOUD_SECRET_KEY="my-secret-key"
$ export TENCENTCLOUD_REGION="ap-guangzhou"
$ export TENCENTCLOUD_ASSUME_ROLE_ARN="qcs::cam::uin/xxx:roleName/yyy"
$ export TENCENTCLOUD_ASSUME_ROLE_SESSION_NAME="my-session-name"
$ export TENCENTCLOUD_ASSUME_ROLE_SESSION_DURATION=3600
$ terraform plan

Endpoint

If provided with an endpoint URL, Terraform will attempt to access the COS backend by the endpoint configuration or the environment variable TENCENTCLOUD_ENDPOINT.

A typical endpoint looks like this: http://cos-internal.{Region}.tencentcos.cn. Both HTTP and HTTPS are accepted.

Usage:

terraform {
  backend "cos" {
    region   = "ap-guangzhou"
    bucket   = "bucket-for-terraform-state-1258798060"
    prefix   = "terraform/state"
    endpoint = "http://cos-internal.ap-guangzhou.tencentcos.cn"
  }
}