2

The documentation explains that you can use a config file when setting up your backend. You partially configure the backend as part of your main.tf file and then point it towards a config file inline as part of the terraform init command.

This works okay, but when it comes to accessing data from this backend it seems as though you have to hardcode in the access credentials. I'm wondering essentially if there's any way for me to point the backend to its config file as part of my main.tf file. Something like this:

data "terraform_remote_state" "vnet"
{
    backend = "azurerm"

    config {
        key = "path/to/state/file"
        file = "path/to/config/file.tf"
    }
}

If this feature exists I can't find the documentation for it. Am I missing something or is it just not possible right now?

Improve this question
1
  • As far as I know that's not possible right now. A lot of the remote state use cases can now be more nicely handled with data source instead (although I'm not so sure about the state of the azurerm provider) so I'd recommend using that where possible. Commented Feb 14, 2018 at 9:53

1 Answer 1

Reset to default
1

I am doing exactly what you are asking and I run everything from Cloud Shell. I keep everything in Github repos and then pull the repo down to a folder in my Cloud Shell. Here is how...

First, create a shell script that has the following lines in it:

#!/bin/bash
set -eo pipefail

# The block below will grab the access key for the storage account that is used
# to store state files

subscription_name="Infrastructure"
tfstate_storage_resource_group="terraform-state-rg"
tfstate_storage_account="dosinvesttfstatesa"

az account set --subscription "$subscription_name"
tfstate_storage_access_key=$(
  az storage account keys list \
  --resource-group "$tfstate_storage_resource_group" \
  --account-name "$tfstate_storage_account" \
  --query '[0].value' -o tsv
)

echo ""
echo "Terraform state storage account access key:"
echo $tfstate_storage_access_key
echo ""

terraform apply \
  -var "tfstate_access_key=$tfstate_storage_access_key"

Second, add the lines below to your main.tf file to read in the data from your backend:

data "terraform_remote_state" "rg" {
  backend = "azurerm"

  config {
    storage_account_name = "${var.tfstate_storage_account}"
    container_name       = "${var.tfstate_container}"
    key                  = "${var.tfstate_rgstate_file}"
    access_key           = "${var.tfstate_access_key}"
  }
}
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.