CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl/npm-cdktf

Cloud Development Kit for Terraform - programmatic infrastructure as code using familiar programming languages

Overview
Eval results
Files

backend-configuration.mddocs/

Backend Configuration

Terraform backend configuration for state management across different storage systems, enabling team collaboration and remote state sharing.

Capabilities

TerraformBackend Class

Abstract base class for all Terraform backend implementations, providing state storage and locking capabilities.

/**
 * Base class for all Terraform backends
 */
abstract class TerraformBackend extends TerraformElement {
  /**
   * Create a new Terraform backend
   * @param scope - The parent construct
   * @param id - Backend identifier
   * @param name - Backend type name
   */
  constructor(scope: Construct, id: string, name: string);

  /**
   * Get a remote state data source for this backend
   * @param scope - The scope for the data source
   * @param name - Name for the data source
   * @param fromStack - Stack name to read state from
   * @returns Remote state data source
   */
  abstract getRemoteStateDataSource(
    scope: Construct,
    name: string,
    fromStack: string
  ): TerraformRemoteState;

  /**
   * Backend type name
   */
  readonly name: string;

  /**
   * Check if a construct is a TerraformBackend
   */
  static isBackend(x: any): x is TerraformBackend;
}

Backend Implementations

S3Backend

AWS S3 backend for storing Terraform state in Amazon S3 with DynamoDB locking.

/**
 * AWS S3 backend configuration
 */
class S3Backend extends TerraformBackend {
  constructor(scope: Construct, config: S3BackendConfig);

  readonly bucket: string;
  readonly key: string;
  readonly region: string;
  readonly dynamodbTable?: string;
  readonly encrypt?: boolean;
}

Usage Example:

import { S3Backend } from "cdktf";

const backend = new S3Backend(this, {
  bucket: "my-terraform-state-bucket",
  key: "infrastructure/terraform.tfstate",
  region: "us-east-1",
  dynamodbTable: "terraform-state-lock",
  encrypt: true
});

LocalBackend

Local file system backend for storing state locally.

/**
 * Local file backend configuration
 */
class LocalBackend extends TerraformBackend {
  constructor(scope: Construct, config: LocalBackendConfig);

  readonly path?: string;
  readonly workspaceDir?: string;
}

RemoteBackend

Terraform Cloud/Enterprise backend for managed state storage.

/**
 * Terraform Cloud/Enterprise backend configuration
 */
class RemoteBackend extends TerraformBackend {
  constructor(scope: Construct, config: RemoteBackendConfig);

  readonly hostname?: string;
  readonly organization: string;
  readonly token?: string;
  readonly workspaces: RemoteBackendWorkspaces;
}

CloudBackend

Terraform Cloud backend with simplified configuration.

/**
 * Terraform Cloud backend configuration
 */
class CloudBackend extends TerraformBackend {
  constructor(scope: Construct, config: CloudBackendConfig);

  readonly organization: string;
  readonly hostname?: string;
  readonly token?: string;
  readonly workspaces: CloudBackendWorkspaces;
}

Additional Backends

Other backend implementations follow similar patterns:

  • AzurermBackend - Azure Storage backend
  • ConsulBackend - HashiCorp Consul backend
  • GcsBackend - Google Cloud Storage backend
  • HttpBackend - HTTP backend
  • PgBackend - PostgreSQL backend
  • SwiftBackend - OpenStack Swift backend

Usage Examples:

import {
  AzurermBackend,
  GcsBackend,
  ConsulBackend
} from "cdktf";

// Azure Storage backend
const azureBackend = new AzurermBackend(this, {
  resourceGroupName: "tfstate-rg",
  storageAccountName: "tfstatestorage",
  containerName: "tfstate",
  key: "prod.terraform.tfstate"
});

// Google Cloud Storage backend
const gcsBackend = new GcsBackend(this, {
  bucket: "my-tf-state-bucket",
  prefix: "terraform/state"
});

// Consul backend
const consulBackend = new ConsulBackend(this, {
  address: "consul.example.com",
  scheme: "https",
  path: "terraform/state/prod"
});

TerraformRemoteState Class

Data source for reading state from remote backends, enabling cross-stack and cross-workspace references.

/**
 * Remote state data source for cross-stack references
 */
class TerraformRemoteState extends TerraformDataSource {
  /**
   * Create a remote state data source
   * @param scope - The parent construct
   * @param id - Data source identifier
   * @param config - Remote state configuration
   */
  constructor(scope: Construct, id: string, config: TerraformRemoteStateConfig);

  /**
   * Get an output value from the remote state
   * @param output - Name of the output
   * @returns Output value as string
   */
  getString(output: string): string;

  /**
   * Get a list output value from the remote state
   * @param output - Name of the output
   * @returns Output value as string array
   */
  getList(output: string): string[];

  /**
   * Get a number output value from the remote state
   * @param output - Name of the output
   * @returns Output value as number
   */
  getNumber(output: string): number;

  /**
   * Get a boolean output value from the remote state
   * @param output - Name of the output
   * @returns Output value as boolean
   */
  getBoolean(output: string): boolean;

  /**
   * Remote backend configuration
   */
  readonly backend: string;

  /**
   * Backend-specific configuration
   */
  readonly config: {[key: string]: any};

  /**
   * Defaults for undefined outputs
   */
  readonly defaults?: {[key: string]: any};

  /**
   * Workspace to read from
   */
  readonly workspace?: string;
}

Usage Examples:

import { TerraformRemoteState } from "cdktf";

// Read from S3 backend
const networkingState = new TerraformRemoteState(this, "networking", {
  backend: "s3",
  config: {
    bucket: "company-terraform-state",
    key: "networking/terraform.tfstate",
    region: "us-east-1"
  }
});

// Use remote state outputs
const vpcId = networkingState.getString("vpc_id");
const privateSubnets = networkingState.getList("private_subnet_ids");

// Create resources using remote state
new AwsInstance(this, "app-server", {
  ami: "ami-12345678",
  instanceType: "t2.micro",
  subnetId: privateSubnets[0],
  vpcSecurityGroupIds: [securityGroup.id]
});

// Read from Terraform Cloud
const sharedState = new TerraformRemoteState(this, "shared", {
  backend: "remote",
  config: {
    organization: "my-org",
    workspaces: {
      name: "shared-infrastructure"
    }
  }
});

const dbEndpoint = sharedState.getString("database_endpoint");
const cacheCluster = sharedState.getString("cache_cluster_endpoint");

Configuration Interfaces

interface S3BackendConfig {
  readonly bucket: string;
  readonly key: string;
  readonly region: string;
  readonly accessKey?: string;
  readonly secretKey?: string;
  readonly sessionToken?: string;
  readonly profile?: string;
  readonly sharedCredentialsFile?: string;
  readonly dynamodbTable?: string;
  readonly dynamodbEndpoint?: string;
  readonly encrypt?: boolean;
  readonly kmsKeyId?: string;
  readonly roleArn?: string;
  readonly assumeRolePolicy?: string;
  readonly externalId?: string;
  readonly sessionName?: string;
  readonly workspaceKeyPrefix?: string;
}

interface LocalBackendConfig {
  readonly path?: string;
  readonly workspaceDir?: string;
}

interface RemoteBackendConfig {
  readonly hostname?: string;
  readonly organization: string;
  readonly token?: string;
  readonly workspaces: RemoteBackendWorkspaces;
}

interface RemoteBackendWorkspaces {
  readonly name?: string;
  readonly prefix?: string;
}

interface CloudBackendConfig {
  readonly organization: string;
  readonly hostname?: string;
  readonly token?: string;
  readonly workspaces: CloudBackendWorkspaces;
}

interface CloudBackendWorkspaces {
  readonly name?: string;
  readonly tags?: string[];
  readonly project?: string;
}

interface AzurermBackendConfig {
  readonly storageAccountName: string;
  readonly containerName: string;
  readonly key: string;
  readonly resourceGroupName?: string;
  readonly accessKey?: string;
  readonly sasToken?: string;
  readonly clientId?: string;
  readonly clientSecret?: string;
  readonly tenantId?: string;
  readonly subscriptionId?: string;
  readonly msiEndpoint?: string;
  readonly useAzureadAuth?: boolean;
  readonly useMsi?: boolean;
}

interface GcsBackendConfig {
  readonly bucket: string;
  readonly prefix?: string;
  readonly credentials?: string;
  readonly accessToken?: string;
  readonly impersonateServiceAccount?: string;
  readonly impersonateServiceAccountDelegates?: string[];
}

interface TerraformRemoteStateConfig {
  readonly backend: string;
  readonly workspace?: string;
  readonly config?: {[key: string]: any};
  readonly defaults?: {[key: string]: any};
}

Install with Tessl CLI

npx tessl i tessl/npm-cdktf

docs

annotations-aspects.md

backend-configuration.md

core-infrastructure.md

index.md

iterators-dynamic.md

providers-modules.md

provisioners.md

resources-data-sources.md

terraform-functions.md

testing.md

tokens-expressions.md

variables-outputs.md

tile.json