{"id":46337214,"url":"https://github.com/squareops/terraform-aws-tfstate","last_synced_at":"2026-03-04T19:05:24.678Z","repository":{"id":145594735,"uuid":"599590397","full_name":"squareops/terraform-aws-tfstate","owner":"squareops","description":"Terraform Module to create Terraform state storage backend based on AWS S3 and DynamoDB for state locking.","archived":false,"fork":false,"pushed_at":"2024-08-20T08:54:08.000Z","size":72,"stargazers_count":22,"open_issues_count":0,"forks_count":13,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-02-13T09:54:03.241Z","etag":null,"topics":["aws","dynamodb","hcl2","remote-state","terraform","terraform-backend-s3","terraform-module","terraform-state","tfstate"],"latest_commit_sha":null,"homepage":"https://squareops.com","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/squareops.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-02-09T13:17:21.000Z","updated_at":"2024-08-20T08:52:44.000Z","dependencies_parsed_at":"2024-04-26T07:32:32.387Z","dependency_job_id":"64308015-1443-4126-b860-bbf84551aa16","html_url":"https://github.com/squareops/terraform-aws-tfstate","commit_stats":null,"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"purl":"pkg:github/squareops/terraform-aws-tfstate","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/squareops%2Fterraform-aws-tfstate","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/squareops%2Fterraform-aws-tfstate/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/squareops%2Fterraform-aws-tfstate/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/squareops%2Fterraform-aws-tfstate/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/squareops","download_url":"https://codeload.github.com/squareops/terraform-aws-tfstate/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/squareops%2Fterraform-aws-tfstate/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30090041,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-04T18:31:08.343Z","status":"ssl_error","status_checked_at":"2026-03-04T18:31:07.708Z","response_time":59,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","dynamodb","hcl2","remote-state","terraform","terraform-backend-s3","terraform-module","terraform-state","tfstate"],"created_at":"2026-03-04T19:05:23.914Z","updated_at":"2026-03-04T19:05:24.662Z","avatar_url":"https://github.com/squareops.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"## AWS tfstate Terraform module\n![squareops_avatar]\n\n[squareops_avatar]: https://squareops.com/wp-content/uploads/2022/12/squareops-logo.png\n\n### [SquareOps Technologies](https://squareops.com/) Your DevOps Partner for Accelerating cloud journey.\n\u003cbr\u003e\nTerraform module to create Remote State Storage resources for workload deployment on AWS Cloud.\n\n## Usage Example\n\n```hcl\nmodule \"backend\" {\n  source                       = \"squareops/tfstate/aws\"\n  logging                      = true\n  bucket_name                  = \"production-tfstate-bucket\" #unique global s3 bucket name\n  environment                  = \"prod\"\n  force_destroy                = true\n  versioning_enabled           = true\n  cloudwatch_logging_enabled   = true\n  log_retention_in_days        = 90\n  log_bucket_lifecycle_enabled = true\n  s3_ia_retention_in_days      = 90\n  s3_galcier_retention_in_days = 180\n}\n\n```\nRefer [examples](https://github.com/squareops/terraform-aws-tfstate/tree/main/examples/state-storage-backend) for more details.\n\n## IAM Permissions\nThe required IAM permissions to create resources from this module can be found [here](https://github.com/squareops/terraform-aws-tfstate/blob/main/IAM.md)\n\n## Important Note\nTerraform state locking is a mechanism used to prevent multiple users from simultaneously making changes to the same Terraform state, which could result in conflicts and data loss. A state lock is acquired and maintained by Terraform while it is making changes to the state, and other instances of Terraform are unable to make changes until the lock is released.\n\nAn Amazon S3 bucket and a DynamoDB table can be used as a remote backend to store and manage the Terraform state file, and also to implement state locking. The S3 bucket is used to store the state file, while the DynamoDB table is used to store the lock information, such as who acquired the lock and when. Terraform will check the lock state in the DynamoDB table before making changes to the state file in the S3 bucket, and will wait or retry if the lock is already acquired by another instance. This provides a centralized and durable mechanism for managing the Terraform state and ensuring that changes are made in a controlled and safe manner.\n\nAdditionally, you may have a log bucket configured to store CloudTrail and CloudWatch logs. This log bucket can have a bucket lifecycle policy in place to automatically manage the lifecycle of log data. For example, log data can be transitioned to Amazon S3 Glacier for long-term storage after a certain period, and eventually to Amazon S3 Infrequent Access storage. This helps in optimizing storage costs and ensures that log data is retained according to your organization's compliance requirements.\n\n\n## Security \u0026 Compliance [\u003cimg src=\"\thttps://prowler.pro/wp-content/themes/prowler-pro/assets/img/logo.svg\" width=\"250\" align=\"right\" /\u003e](https://prowler.pro/)\n\nSecurity scanning is graciously provided by Prowler. Proowler is the leading fully hosted, cloud-native solution providing continuous cluster security and compliance.\n\nIn this module, we have implemented the following CIS Compliance checks for S3:\n\n| Benchmark | Description | Status |\n|--------|---------------|--------|\n| Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket | Enabled for S3 created using this module. | \u0026#x2714; |\n| Ensure the S3 bucket CloudTrail logs to is not publicly accessible | Enabled for S3 created using this module. | \u0026#x2714; |\n\u003c!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK --\u003e\n## Requirements\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"requirement_terraform\"\u003e\u003c/a\u003e [terraform](#requirement\\_terraform) | \u003e= 1.0 |\n| \u003ca name=\"requirement_aws\"\u003e\u003c/a\u003e [aws](#requirement\\_aws) | \u003e= 4.9 |\n\n## Providers\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"provider_aws\"\u003e\u003c/a\u003e [aws](#provider\\_aws) | \u003e= 4.9 |\n\n## Modules\n\n| Name | Source | Version |\n|------|--------|---------|\n| \u003ca name=\"module_kms_key\"\u003e\u003c/a\u003e [kms\\_key](#module\\_kms\\_key) | clouddrove/kms/aws | 1.3.1 |\n| \u003ca name=\"module_log_bucket\"\u003e\u003c/a\u003e [log\\_bucket](#module\\_log\\_bucket) | terraform-aws-modules/s3-bucket/aws | 4.1.2 |\n| \u003ca name=\"module_s3_bucket\"\u003e\u003c/a\u003e [s3\\_bucket](#module\\_s3\\_bucket) | terraform-aws-modules/s3-bucket/aws | 4.1.2 |\n\n## Resources\n\n| Name | Type |\n|------|------|\n| [aws_cloudtrail.s3_cloudtrail](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudtrail) | resource |\n| [aws_cloudwatch_log_group.s3_cloudwatch](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |\n| [aws_dynamodb_table.dynamodb_table](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/dynamodb_table) | resource |\n| [aws_iam_policy.s3_cloudtrail_cloudwatch_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |\n| [aws_iam_role.s3_cloudtrail_cloudwatch_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |\n| [aws_iam_role.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |\n| [aws_iam_role_policy_attachment.s3_cloudtrail_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |\n| [aws_kms_key.mykey](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource |\n| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |\n| [aws_iam_policy_document.bucket_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_iam_policy_document.cloudtrail_assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_iam_policy_document.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_region.region](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |\n\n## Inputs\n\n| Name | Description | Type | Default | Required |\n|------|-------------|------|---------|:--------:|\n| \u003ca name=\"input_bucket_name\"\u003e\u003c/a\u003e [bucket\\_name](#input\\_bucket\\_name) | Name of the S3 bucket to be created. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cloudwatch_logging_enabled\"\u003e\u003c/a\u003e [cloudwatch\\_logging\\_enabled](#input\\_cloudwatch\\_logging\\_enabled) | Enable or disable CloudWatch log group logging. | `bool` | `true` | no |\n| \u003ca name=\"input_environment\"\u003e\u003c/a\u003e [environment](#input\\_environment) | Specify the type of environment(dev, demo, prod) in which the S3 bucket will be created. | `string` | `\"\"` | no |\n| \u003ca name=\"input_force_destroy\"\u003e\u003c/a\u003e [force\\_destroy](#input\\_force\\_destroy) | Whether or not to delete all objects from the bucket to allow for destruction of the bucket without error. | `bool` | `false` | no |\n| \u003ca name=\"input_log_bucket_lifecycle_enabled\"\u003e\u003c/a\u003e [log\\_bucket\\_lifecycle\\_enabled](#input\\_log\\_bucket\\_lifecycle\\_enabled) | Enable or disable the S3 bucket's lifecycle rule for log data. | `bool` | `true` | no |\n| \u003ca name=\"input_log_retention_in_days\"\u003e\u003c/a\u003e [log\\_retention\\_in\\_days](#input\\_log\\_retention\\_in\\_days) | Retention period (in days) for CloudWatch log groups. | `number` | `90` | no |\n| \u003ca name=\"input_logging\"\u003e\u003c/a\u003e [logging](#input\\_logging) | Configuration for S3 bucket access logging. | `bool` | `true` | no |\n| \u003ca name=\"input_s3_galcier_retention_in_days\"\u003e\u003c/a\u003e [s3\\_galcier\\_retention\\_in\\_days](#input\\_s3\\_galcier\\_retention\\_in\\_days) | Retention period (in days) for moving S3 log data to Glacier storage. | `number` | `180` | no |\n| \u003ca name=\"input_s3_ia_retention_in_days\"\u003e\u003c/a\u003e [s3\\_ia\\_retention\\_in\\_days](#input\\_s3\\_ia\\_retention\\_in\\_days) | Retention period (in days) for moving S3 log data to Infrequent Access storage. | `number` | `90` | no |\n| \u003ca name=\"input_versioning_enabled\"\u003e\u003c/a\u003e [versioning\\_enabled](#input\\_versioning\\_enabled) | Whether or not to enable versioning for the S3 bucket, which allows multiple versions of an object to be stored in the same bucket. | `bool` | `false` | no |\n\n## Outputs\n\n| Name | Description |\n|------|-------------|\n| \u003ca name=\"output_dynamodb_table_name\"\u003e\u003c/a\u003e [dynamodb\\_table\\_name](#output\\_dynamodb\\_table\\_name) | Name of the DynamoDB table that will be used to manage locking and unlocking of the terraform state file. |\n| \u003ca name=\"output_log_bucket_name\"\u003e\u003c/a\u003e [log\\_bucket\\_name](#output\\_log\\_bucket\\_name) | Name of the S3 bucket that will be used to store logs. |\n| \u003ca name=\"output_region\"\u003e\u003c/a\u003e [region](#output\\_region) | Name of the region in which Cloudtrail is created |\n| \u003ca name=\"output_state_bucket_name\"\u003e\u003c/a\u003e [state\\_bucket\\_name](#output\\_state\\_bucket\\_name) | Specify the region in which an S3 bucket will be created by the module. |\n\u003c!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK --\u003e\n\n## Contribution \u0026 Issue Reporting\n\nTo report an issue with a project:\n\n  1. Check the repository's [issue tracker](https://github.com/squareops/terraform-aws-tfstate/issues) on GitHub\n  2. Search to see if the issue has already been reported\n  3. If you can't find an answer to your question in the documentation or issue tracker, you can ask a question by creating a new issue. Make sure to provide enough context and details .\n\n## License\n\nApache License, Version 2.0, January 2004 (http://www.apache.org/licenses/).\n\n## Support Us\n\nTo support a GitHub project by liking it, you can follow these steps:\n\n  1. Visit the repository: Navigate to the [GitHub repository](https://github.com/squareops/terraform-aws-tfstate)\n\n  2. Click the \"Star\" button: On the repository page, you'll see a \"Star\" button in the upper right corner. Clicking on it will star the repository, indicating your support for the project.\n\n  3. Optionally, you can also leave a comment on the repository or open an issue to give feedback or suggest changes.\n\nStarring a repository on GitHub is a simple way to show your support and appreciation for the project. It also helps to increase the visibility of the project and make it more discoverable to others.\n\n## Who we are\n\nWe believe that the key to success in the digital age is the ability to deliver value quickly and reliably. That’s why we offer a comprehensive range of DevOps \u0026 Cloud services designed to help your organization optimize its systems \u0026 Processes for speed and agility.\n\n  1. We are an AWS Advanced consulting partner which reflects our deep expertise in AWS Cloud and helping 100+ clients over the last 4 years.\n  2. Expertise in Kubernetes and overall container solution helps companies expedite their journey by 10X.\n  3. Infrastructure Automation is a key component to the success of our Clients and our Expertise helps deliver the same in the shortest time.\n  4. DevSecOps as a service to implement security within the overall DevOps process and helping companies deploy securely and at speed.\n  5. Platform engineering which supports scalable,Cost efficient infrastructure that supports rapid development, testing, and deployment.\n  6. 24*7 SRE service to help you Monitor the state of your infrastructure and eradicate any issue within the SLA.\n\nWe provide [support](https://squareops.com/contact-us/) on all of our projects, no matter how small or large they may be.\n\nYou can find more information about our company on this [squareops.com](https://squareops.com/), follow us on [Linkedin](https://www.linkedin.com/company/squareops-technologies-pvt-ltd/), or fill out a [job application](https://squareops.com/careers/). If you have any questions or would like assistance with your cloud strategy and implementation, please don't hesitate to [contact us](https://squareops.com/contact-us/).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsquareops%2Fterraform-aws-tfstate","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsquareops%2Fterraform-aws-tfstate","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsquareops%2Fterraform-aws-tfstate/lists"}