Terraform
CSharp: Structs
AppConfig
Initializer
using HashiCorp.Cdktf;
new AppConfig {
System.Collections.Generic.IDictionary< string, object > Context = null,
bool HclOutput = null,
string Outdir = null,
bool SkipBackendValidation = null,
bool SkipValidation = null,
bool StackTraces = null
};
Properties
Name | Type | Description |
---|---|---|
Context | System.Collections.Generic.IDictionary< string, object > | Additional context values for the application. |
HclOutput | bool | No description. |
Outdir | string | The directory to output Terraform resources. |
SkipBackendValidation | bool | Whether to skip backend validation during synthesis of the app. |
SkipValidation | bool | Whether to skip all validations during synthesis of the app. |
StackTraces | bool | No description. |
Context
Optional
public System.Collections.Generic.IDictionary< string, object > Context { get; set; }
- Type: System.Collections.Generic.IDictionary< string, object >
- Default: no additional context
Additional context values for the application.
Context set by the CLI or the context
key in cdktf.json
has precedence.
Context can be read from any construct using node.getContext(key)
.
HclOutput
Optional
public bool HclOutput { get; set; }
- Type: bool
Outdir
Optional
public string Outdir { get; set; }
- Type: string
- Default: CDKTF_OUTDIR if defined, otherwise "cdktf.out"
The directory to output Terraform resources.
If you are using the CDKTF CLI, this value is automatically set from one of the following three sources:
- The
-o
/--output
CLI option - The
CDKTF_OUTDIR
environment variable - The
outdir
key incdktf.json
If you are using the CDKTF CLI and want to set a different value here, you will also need to set the same value via one of the three ways specified above.
The most common case to set this value is when you are using the CDKTF library directly (e.g. when writing unit tests).
SkipBackendValidation
Optional
public bool SkipBackendValidation { get; set; }
- Type: bool
- Default: false
Whether to skip backend validation during synthesis of the app.
SkipValidation
Optional
public bool SkipValidation { get; set; }
- Type: bool
- Default: false
Whether to skip all validations during synthesis of the app.
StackTraces
Optional
public bool StackTraces { get; set; }
- Type: bool
AzurermBackendConfig
Stores the state as a Blob with the given Key within the Blob Container within the Blob Storage Account.
This backend supports state locking and consistency checking with Azure Blob Storage native capabilities.
Note: By default the Azure Backend uses ADAL for authentication which is deprecated in favour of MSAL - MSAL can be used by setting use_microsoft_graph to true. The default for this will change in Terraform 1.2, so that MSAL authentication is used by default.
Read more about this backend in the Terraform docs: https://developer.hashicorp.com/terraform/language/settings/backends/azurerm
Initializer
using HashiCorp.Cdktf;
new AzurermBackendConfig {
string ContainerName,
string Key,
string StorageAccountName,
string AccessKey = null,
string ClientCertificatePassword = null,
string ClientCertificatePath = null,
string ClientId = null,
string ClientSecret = null,
string Endpoint = null,
string Environment = null,
string MetadataHost = null,
string MsiEndpoint = null,
string OidcRequestToken = null,
string OidcRequestUrl = null,
string OidcToken = null,
string OidcTokenFilePath = null,
string ResourceGroupName = null,
string SasToken = null,
bool Snapshot = null,
string SubscriptionId = null,
string TenantId = null,
bool UseAzureadAuth = null,
bool UseMicrosoftGraph = null,
bool UseMsi = null,
bool UseOidc = null
};
Properties
Name | Type | Description |
---|---|---|
ContainerName | string | (Required) The Name of the Storage Container within the Storage Account. |
Key | string | (Required) The name of the Blob used to retrieve/store Terraform's State file inside the Storage Container. |
StorageAccountName | string | (Required) The Name of the Storage Account. |
AccessKey | string | access_key - (Optional) The Access Key used to access the Blob Storage Account. |
ClientCertificatePassword | string | (Optional) The password associated with the Client Certificate specified in client_certificate_path. |
ClientCertificatePath | string | (Optional) The path to the PFX file used as the Client Certificate when authenticating as a Service Principal. |
ClientId | string | (Optional) The Client ID of the Service Principal. |
ClientSecret | string | (Optional) The Client Secret of the Service Principal. |
Endpoint | string | (Optional) The Custom Endpoint for Azure Resource Manager. This can also be sourced from the ARM_ENDPOINT environment variable. |
Environment | string | (Optional) The Azure Environment which should be used. |
MetadataHost | string | (Optional) The Hostname of the Azure Metadata Service (for example management.azure.com), used to obtain the Cloud Environment when using a Custom Azure Environment. This can also be sourced from the ARM_METADATA_HOSTNAME Environment Variable.). |
MsiEndpoint | string | (Optional) The path to a custom Managed Service Identity endpoint which is automatically determined if not specified. |
OidcRequestToken | string | (Optional) The bearer token for the request to the OIDC provider. |
OidcRequestUrl | string | (Optional) The URL for the OIDC provider from which to request an ID token. |
OidcToken | string | (Optional) The ID token when authenticating using OpenID Connect (OIDC). |
OidcTokenFilePath | string | (Optional) The path to a file containing an ID token when authenticating using OpenID Connect (OIDC). |
ResourceGroupName | string | (Required) The Name of the Resource Group in which the Storage Account exists. |
SasToken | string | (Optional) The SAS Token used to access the Blob Storage Account. |
Snapshot | bool | (Optional) Should the Blob used to store the Terraform Statefile be snapshotted before use? |
SubscriptionId | string | (Optional) The Subscription ID in which the Storage Account exists. |
TenantId | string | (Optional) The Tenant ID in which the Subscription exists. |
UseAzureadAuth | bool | (Optional) Should AzureAD Authentication be used to access the Blob Storage Account. |
UseMicrosoftGraph | bool | (Optional) Should MSAL be used for authentication instead of ADAL, and should Microsoft Graph be used instead of Azure Active Directory Graph? |
UseMsi | bool | (Optional) Should Managed Service Identity authentication be used? |
UseOidc | bool | (Optional) Should OIDC authentication be used? This can also be sourced from the ARM_USE_OIDC environment variable. |
ContainerName
Required
public string ContainerName { get; set; }
- Type: string
(Required) The Name of the Storage Container within the Storage Account.
Key
Required
public string Key { get; set; }
- Type: string
(Required) The name of the Blob used to retrieve/store Terraform's State file inside the Storage Container.
StorageAccountName
Required
public string StorageAccountName { get; set; }
- Type: string
(Required) The Name of the Storage Account.
AccessKey
Optional
public string AccessKey { get; set; }
- Type: string
access_key - (Optional) The Access Key used to access the Blob Storage Account.
This can also be sourced from the ARM_ACCESS_KEY environment variable.
ClientCertificatePassword
Optional
public string ClientCertificatePassword { get; set; }
- Type: string
(Optional) The password associated with the Client Certificate specified in client_certificate_path.
This can also be sourced from the ARM_CLIENT_CERTIFICATE_PASSWORD environment variable.
ClientCertificatePath
Optional
public string ClientCertificatePath { get; set; }
- Type: string
(Optional) The path to the PFX file used as the Client Certificate when authenticating as a Service Principal.
This can also be sourced from the ARM_CLIENT_CERTIFICATE_PATH environment variable.
ClientId
Optional
public string ClientId { get; set; }
- Type: string
(Optional) The Client ID of the Service Principal.
This can also be sourced from the ARM_CLIENT_ID environment variable.
ClientSecret
Optional
public string ClientSecret { get; set; }
- Type: string
(Optional) The Client Secret of the Service Principal.
This can also be sourced from the ARM_CLIENT_SECRET environment variable.
Endpoint
Optional
public string Endpoint { get; set; }
- Type: string
(Optional) The Custom Endpoint for Azure Resource Manager. This can also be sourced from the ARM_ENDPOINT environment variable.
NOTE: An endpoint should only be configured when using Azure Stack.
Environment
Optional
public string Environment { get; set; }
- Type: string
(Optional) The Azure Environment which should be used.
This can also be sourced from the ARM_ENVIRONMENT environment variable. Possible values are public, china, german, stack and usgovernment. Defaults to public.
MetadataHost
Optional
public string MetadataHost { get; set; }
- Type: string
(Optional) The Hostname of the Azure Metadata Service (for example management.azure.com), used to obtain the Cloud Environment when using a Custom Azure Environment. This can also be sourced from the ARM_METADATA_HOSTNAME Environment Variable.).
MsiEndpoint
Optional
public string MsiEndpoint { get; set; }
- Type: string
(Optional) The path to a custom Managed Service Identity endpoint which is automatically determined if not specified.
This can also be sourced from the ARM_MSI_ENDPOINT environment variable.
OidcRequestToken
Optional
public string OidcRequestToken { get; set; }
- Type: string
(Optional) The bearer token for the request to the OIDC provider.
This can also be sourced from the ARM_OIDC_REQUEST_TOKEN or ACTIONS_ID_TOKEN_REQUEST_TOKEN environment variables.
OidcRequestUrl
Optional
public string OidcRequestUrl { get; set; }
- Type: string
(Optional) The URL for the OIDC provider from which to request an ID token.
This can also be sourced from the ARM_OIDC_REQUEST_URL or ACTIONS_ID_TOKEN_REQUEST_URL environment variables.
OidcToken
Optional
public string OidcToken { get; set; }
- Type: string
(Optional) The ID token when authenticating using OpenID Connect (OIDC).
This can also be sourced from the ARM_OIDC_TOKEN environment variable.
OidcTokenFilePath
Optional
public string OidcTokenFilePath { get; set; }
- Type: string
(Optional) The path to a file containing an ID token when authenticating using OpenID Connect (OIDC).
This can also be sourced from the ARM_OIDC_TOKEN_FILE_PATH environment variable.
ResourceGroupName
Optional
public string ResourceGroupName { get; set; }
- Type: string
(Required) The Name of the Resource Group in which the Storage Account exists.
SasToken
Optional
public string SasToken { get; set; }
- Type: string
(Optional) The SAS Token used to access the Blob Storage Account.
This can also be sourced from the ARM_SAS_TOKEN environment variable.
Snapshot
Optional
public bool Snapshot { get; set; }
- Type: bool
(Optional) Should the Blob used to store the Terraform Statefile be snapshotted before use?
Defaults to false. This value can also be sourced from the ARM_SNAPSHOT environment variable.
SubscriptionId
Optional
public string SubscriptionId { get; set; }
- Type: string
(Optional) The Subscription ID in which the Storage Account exists.
This can also be sourced from the ARM_SUBSCRIPTION_ID environment variable.
TenantId
Optional
public string TenantId { get; set; }
- Type: string
(Optional) The Tenant ID in which the Subscription exists.
This can also be sourced from the ARM_TENANT_ID environment variable.
UseAzureadAuth
Optional
public bool UseAzureadAuth { get; set; }
- Type: bool
(Optional) Should AzureAD Authentication be used to access the Blob Storage Account.
This can also be sourced from the ARM_USE_AZUREAD environment variable.
Note: When using AzureAD for Authentication to Storage you also need to ensure the Storage Blob Data Owner role is assigned.
UseMicrosoftGraph
Optional
public bool UseMicrosoftGraph { get; set; }
- Type: bool
(Optional) Should MSAL be used for authentication instead of ADAL, and should Microsoft Graph be used instead of Azure Active Directory Graph?
Defaults to true.
Note: In Terraform 1.2 the Azure Backend uses MSAL (and Microsoft Graph) rather than ADAL (and Azure Active Directory Graph) for authentication by default - you can disable this by setting use_microsoft_graph to false. This setting will be removed in Terraform 1.3, due to Microsoft's deprecation of ADAL.
UseMsi
Optional
public bool UseMsi { get; set; }
- Type: bool
(Optional) Should Managed Service Identity authentication be used?
This can also be sourced from the ARM_USE_MSI environment variable.
UseOidc
Optional
public bool UseOidc { get; set; }
- Type: bool
(Optional) Should OIDC authentication be used? This can also be sourced from the ARM_USE_OIDC environment variable.
Note: When using OIDC for authentication, use_microsoft_graph must be set to true (which is the default).
CloudBackendConfig
The Cloud Backend synthesizes a {@link https://developer.hashicorp.com/terraform/cli/cloud/settings#the-cloud-block cloud block}. The cloud block is a nested block within the top-level terraform settings block. It specifies which Terraform Cloud workspaces to use for the current working directory. The cloud block only affects Terraform CLI's behavior. When Terraform Cloud uses a configuration that contains a cloud block - for example, when a workspace is configured to use a VCS provider directly - it ignores the block and behaves according to its own workspace settings.
https://developer.hashicorp.com/terraform/cli/cloud/settings#arguments
Initializer
using HashiCorp.Cdktf;
new CloudBackendConfig {
string Organization,
object Workspaces,
string Hostname = null,
string Token = null
};
Properties
Name | Type | Description |
---|---|---|
Organization | string | The name of the organization containing the workspace(s) the current configuration should use. |
Workspaces | object | A nested block that specifies which remote Terraform Cloud workspaces to use for the current configuration. |
Hostname | string | The hostname of a Terraform Enterprise installation, if using Terraform Enterprise. |
Token | string | The token used to authenticate with Terraform Cloud. |
Organization
Required
public string Organization { get; set; }
- Type: string
The name of the organization containing the workspace(s) the current configuration should use.
Workspaces
Required
public object Workspaces { get; set; }
- Type: object
A nested block that specifies which remote Terraform Cloud workspaces to use for the current configuration.
The workspaces block must contain exactly one of the following arguments, each denoting a strategy for how workspaces should be mapped:
Hostname
Optional
public string Hostname { get; set; }
- Type: string
- Default: app.terraform.io
The hostname of a Terraform Enterprise installation, if using Terraform Enterprise.
Token
Optional
public string Token { get; set; }
- Type: string
The token used to authenticate with Terraform Cloud.
We recommend omitting the token from the configuration, and instead using terraform login or manually configuring credentials in the CLI config file.
ConsulBackendConfig
Stores the state in the Consul KV store at a given path. This backend supports state locking.
Read more about this backend in the Terraform docs: https://developer.hashicorp.com/terraform/language/settings/backends/consul
Initializer
using HashiCorp.Cdktf;
new ConsulBackendConfig {
string AccessToken,
string Path,
string Address = null,
string CaFile = null,
string CertFile = null,
string Datacenter = null,
bool Gzip = null,
string HttpAuth = null,
string KeyFile = null,
bool Lock = null,
string Scheme = null
};
Properties
Name | Type | Description |
---|---|---|
AccessToken | string | (Required) Access token. |
Path | string | (Required) Path in the Consul KV store. |
Address | string | (Optional) DNS name and port of your Consul endpoint specified in the format dnsname:port. |
CaFile | string | (Optional) A path to a PEM-encoded certificate authority used to verify the remote agent's certificate. |
CertFile | string | (Optional) A path to a PEM-encoded certificate provided to the remote agent; |
Datacenter | string | (Optional) The datacenter to use. |
Gzip | bool | (Optional) true to compress the state data using gzip, or false (the default) to leave it uncompressed. |
HttpAuth | string | (Optional) HTTP Basic Authentication credentials to be used when communicating with Consul, in the format of either user or user:pass. |
KeyFile | string | (Optional) A path to a PEM-encoded private key, required if cert_file is specified. |
Lock | bool | (Optional) false to disable locking. |
Scheme | string | (Optional) Specifies what protocol to use when talking to the given address,either http or https. |
AccessToken
Required
public string AccessToken { get; set; }
- Type: string
(Required) Access token.
Path
Required
public string Path { get; set; }
- Type: string
(Required) Path in the Consul KV store.
Address
Optional
public string Address { get; set; }
- Type: string
(Optional) DNS name and port of your Consul endpoint specified in the format dnsname:port.
Defaults to the local agent HTTP listener.
CaFile
Optional
public string CaFile { get; set; }
- Type: string
(Optional) A path to a PEM-encoded certificate authority used to verify the remote agent's certificate.
CertFile
Optional
public string CertFile { get; set; }
- Type: string
(Optional) A path to a PEM-encoded certificate provided to the remote agent;
requires use of key_file.
Datacenter
Optional
public string Datacenter { get; set; }
- Type: string
(Optional) The datacenter to use.
Defaults to that of the agent.
Gzip
Optional
public bool Gzip { get; set; }
- Type: bool
(Optional) true to compress the state data using gzip, or false (the default) to leave it uncompressed.
HttpAuth
Optional
public string HttpAuth { get; set; }
- Type: string
(Optional) HTTP Basic Authentication credentials to be used when communicating with Consul, in the format of either user or user:pass.
KeyFile
Optional
public string KeyFile { get; set; }
- Type: string
(Optional) A path to a PEM-encoded private key, required if cert_file is specified.
Lock
Optional
public bool Lock { get; set; }
- Type: bool
(Optional) false to disable locking.
This defaults to true, but will require session permissions with Consul and at least kv write permissions on $path/.lock to perform locking.
Scheme
Optional
public string Scheme { get; set; }
- Type: string
(Optional) Specifies what protocol to use when talking to the given address,either http or https.
SSL support can also be triggered by setting then environment variable CONSUL_HTTP_SSL to true.
CosBackendAssumeRole
Initializer
using HashiCorp.Cdktf;
new CosBackendAssumeRole {
string RoleArn,
double SessionDuration,
string SessionName,
object Policy = null
};
Properties
Name | Type | Description |
---|---|---|
RoleArn | string | (Required) The ARN of the role to assume. |
SessionDuration | double | (Required) The duration of the session when making the AssumeRole call. |
SessionName | string | (Required) The session name to use when making the AssumeRole call. |
Policy | object | (Optional) A more restrictive policy when making the AssumeRole call. |
RoleArn
Required
public string RoleArn { get; set; }
- Type: string
(Required) The ARN of the role to assume.
It can be sourced from the TENCENTCLOUD_ASSUME_ROLE_ARN.
SessionDuration
Required
public double SessionDuration { get; set; }
- Type: double
(Required) The duration of the session when making the AssumeRole call.
Its value ranges from 0 to 43200(seconds), and default is 7200 seconds. It can be sourced from the TENCENTCLOUD_ASSUME_ROLE_SESSION_DURATION.
SessionName
Required
public string SessionName { get; set; }
- Type: string
(Required) The session name to use when making the AssumeRole call.
It can be sourced from the TENCENTCLOUD_ASSUME_ROLE_SESSION_NAME.
Policy
Optional
public object Policy { get; set; }
- Type: object
(Optional) A more restrictive policy when making the AssumeRole call.
Its content must not contains principal elements. Please refer to {@link https://www.tencentcloud.com/document/product/598/10603 policies syntax logic}.
CosBackendConfig
Stores the state as an object in a configurable prefix in a given bucket on Tencent Cloud Object Storage (COS).
This backend supports state locking.
Warning! It is highly recommended that you enable Object Versioning on the COS bucket to allow for state recovery in the case of accidental deletions and human error.
Read more about this backend in the Terraform docs: https://developer.hashicorp.com/terraform/language/settings/backends/cos
Initializer
using HashiCorp.Cdktf;
new CosBackendConfig {
string Bucket,
bool Accelerate = null,
string Acl = null,
CosBackendAssumeRole AssumeRole = null,
string Domain = null,
bool Encrypt = null,
string Endpoint = null,
string Key = null,
string Prefix = null,
string Region = null,
string SecretId = null,
string SecretKey = null,
string SecurityToken = null
};
Properties
Name | Type | Description |
---|---|---|
Bucket | string | (Required) The name of the COS bucket. |
Accelerate | bool | (Optional) Whether to enable global Acceleration. |
Acl | string | (Optional) Object ACL to be applied to the state file, allows private and public-read. |
AssumeRole | CosBackendAssumeRole | (Optional) The assume_role block. |
Domain | string | (Optional) The root domain of the API request. |
Encrypt | bool | (Optional) Whether to enable server side encryption of the state file. |
Endpoint | string | (Optional) The Custom Endpoint for the COS backend. |
Key | string | (Optional) The path for saving the state file in bucket. |
Prefix | string | (Optional) The directory for saving the state file in bucket. |
Region | string | (Optional) The region of the COS bucket. |
SecretId | string | (Optional) Secret id of Tencent Cloud. |
SecretKey | string | (Optional) Secret key of Tencent Cloud. |
SecurityToken | string | (Optional) TencentCloud Security Token of temporary access credentials. |
Bucket
Required
public string Bucket { get; set; }
- Type: string
(Required) The name of the COS bucket.
You shall manually create it first.
Accelerate
Optional
public bool Accelerate { get; set; }
- Type: bool
(Optional) Whether to enable global Acceleration.
Defaults to false.
Acl
Optional
public string Acl { get; set; }
- Type: string
(Optional) Object ACL to be applied to the state file, allows private and public-read.
Defaults to private.
AssumeRole
Optional
public CosBackendAssumeRole AssumeRole { get; set; }
- Type: CosBackendAssumeRole
(Optional) The assume_role block.
If provided, terraform will attempt to assume this role using the supplied credentials.
Domain
Optional
public string Domain { get; set; }
- Type: string
(Optional) The root domain of the API request.
Defaults to tencentcloudapi.com. It supports the environment variable TENCENTCLOUD_DOMAIN.
Encrypt
Optional
public bool Encrypt { get; set; }
- Type: bool
(Optional) Whether to enable server side encryption of the state file.
If it is true, COS will use 'AES256' encryption algorithm to encrypt state file.
Endpoint
Optional
public string Endpoint { get; set; }
- Type: string
(Optional) The Custom Endpoint for the COS backend.
It supports the environment variable TENCENTCLOUD_ENDPOINT.
Key
Optional
public string Key { get; set; }
- Type: string
(Optional) The path for saving the state file in bucket.
Defaults to terraform.tfstate.
Prefix
Optional
public string Prefix { get; set; }
- Type: string
(Optional) The directory for saving the state file in bucket.
Default to "env:".
Region
Optional
public string Region { get; set; }
- Type: string
(Optional) The region of the COS bucket.
It supports environment variables TENCENTCLOUD_REGION.
SecretId
Optional
public string SecretId { get; set; }
- Type: string
(Optional) Secret id of Tencent Cloud.
It supports environment variables TENCENTCLOUD_SECRET_ID.
SecretKey
Optional
public string SecretKey { get; set; }
- Type: string
(Optional) Secret key of Tencent Cloud.
It supports environment variables TENCENTCLOUD_SECRET_KEY.
SecurityToken
Optional
public string SecurityToken { get; set; }
- Type: string
(Optional) TencentCloud Security Token of temporary access credentials.
It supports environment variables TENCENTCLOUD_SECURITY_TOKEN.
DataConfig
Initializer
using HashiCorp.Cdktf;
new DataConfig {
object Connection = null,
object Count = null,
ITerraformDependable[] DependsOn = null,
ITerraformIterator ForEach = null,
TerraformResourceLifecycle Lifecycle = null,
TerraformProvider Provider = null,
object[] Provisioners = null,
System.Collections.Generic.IDictionary< string, object > Input = null,
System.Collections.Generic.IDictionary< string, object > TriggersReplace = null
};
Properties
Name | Type | Description |
---|---|---|
Connection | object | No description. |
Count | object | No description. |
DependsOn | ITerraformDependable[] | No description. |
ForEach | ITerraformIterator | No description. |
Lifecycle | TerraformResourceLifecycle | No description. |
Provider | TerraformProvider | No description. |
Provisioners | object[] | No description. |
Input | System.Collections.Generic.IDictionary< string, object > | (Optional) A value which will be stored in the instance state, and reflected in the output attribute after apply. |
TriggersReplace | System.Collections.Generic.IDictionary< string, object > | (Optional) A value which is stored in the instance state, and will force replacement when the value changes. |
Connection
Optional
public object Connection { get; set; }
- Type: object
Count
Optional
public object Count { get; set; }
- Type: object
DependsOn
Optional
public ITerraformDependable[] DependsOn { get; set; }
- Type: ITerraformDependable[]
ForEach
Optional
public ITerraformIterator ForEach { get; set; }
- Type: ITerraformIterator
Lifecycle
Optional
public TerraformResourceLifecycle Lifecycle { get; set; }
Provider
Optional
public TerraformProvider Provider { get; set; }
- Type: TerraformProvider
Provisioners
Optional
public object[] Provisioners { get; set; }
- Type: object[]
Input
Optional
public System.Collections.Generic.IDictionary< string, object > Input { get; set; }
- Type: System.Collections.Generic.IDictionary< string, object >
(Optional) A value which will be stored in the instance state, and reflected in the output attribute after apply.
https://developer.hashicorp.com/terraform/language/resources/terraform-data#input
TriggersReplace
Optional
public System.Collections.Generic.IDictionary< string, object > TriggersReplace { get; set; }
- Type: System.Collections.Generic.IDictionary< string, object >
(Optional) A value which is stored in the instance state, and will force replacement when the value changes.
https://developer.hashicorp.com/terraform/language/resources/terraform-data#triggers_replace
DataTerraformRemoteStateAzurermConfig
Initializer
using HashiCorp.Cdktf;
new DataTerraformRemoteStateAzurermConfig {
System.Collections.Generic.IDictionary< string, object > Defaults = null,
string Workspace = null,
string ContainerName,
string Key,
string StorageAccountName,
string AccessKey = null,
string ClientCertificatePassword = null,
string ClientCertificatePath = null,
string ClientId = null,
string ClientSecret = null,
string Endpoint = null,
string Environment = null,
string MetadataHost = null,
string MsiEndpoint = null,
string OidcRequestToken = null,
string OidcRequestUrl = null,
string OidcToken = null,
string OidcTokenFilePath = null,
string ResourceGroupName = null,
string SasToken = null,
bool Snapshot = null,
string SubscriptionId = null,
string TenantId = null,
bool UseAzureadAuth = null,
bool UseMicrosoftGraph = null,
bool UseMsi = null,
bool UseOidc = null
};
Properties
Name | Type | Description |
---|---|---|
Defaults | System.Collections.Generic.IDictionary< string, object > | No description. |
Workspace | string | No description. |
ContainerName | string | (Required) The Name of the Storage Container within the Storage Account. |
Key | string | (Required) The name of the Blob used to retrieve/store Terraform's State file inside the Storage Container. |
StorageAccountName | string | (Required) The Name of the Storage Account. |
AccessKey | string | access_key - (Optional) The Access Key used to access the Blob Storage Account. |
ClientCertificatePassword | string | (Optional) The password associated with the Client Certificate specified in client_certificate_path. |
ClientCertificatePath | string | (Optional) The path to the PFX file used as the Client Certificate when authenticating as a Service Principal. |
ClientId | string | (Optional) The Client ID of the Service Principal. |
ClientSecret | string | (Optional) The Client Secret of the Service Principal. |
Endpoint | string | (Optional) The Custom Endpoint for Azure Resource Manager. This can also be sourced from the ARM_ENDPOINT environment variable. |
Environment | string | (Optional) The Azure Environment which should be used. |
MetadataHost | string | (Optional) The Hostname of the Azure Metadata Service (for example management.azure.com), used to obtain the Cloud Environment when using a Custom Azure Environment. This can also be sourced from the ARM_METADATA_HOSTNAME Environment Variable.). |
MsiEndpoint | string | (Optional) The path to a custom Managed Service Identity endpoint which is automatically determined if not specified. |
OidcRequestToken | string | (Optional) The bearer token for the request to the OIDC provider. |
OidcRequestUrl | string | (Optional) The URL for the OIDC provider from which to request an ID token. |
OidcToken | string | (Optional) The ID token when authenticating using OpenID Connect (OIDC). |
OidcTokenFilePath | string | (Optional) The path to a file containing an ID token when authenticating using OpenID Connect (OIDC). |
ResourceGroupName | string | (Required) The Name of the Resource Group in which the Storage Account exists. |
SasToken | string | (Optional) The SAS Token used to access the Blob Storage Account. |
Snapshot | bool | (Optional) Should the Blob used to store the Terraform Statefile be snapshotted before use? |
SubscriptionId | string | (Optional) The Subscription ID in which the Storage Account exists. |
TenantId | string | (Optional) The Tenant ID in which the Subscription exists. |
UseAzureadAuth | bool | (Optional) Should AzureAD Authentication be used to access the Blob Storage Account. |
UseMicrosoftGraph | bool | (Optional) Should MSAL be used for authentication instead of ADAL, and should Microsoft Graph be used instead of Azure Active Directory Graph? |
UseMsi | bool | (Optional) Should Managed Service Identity authentication be used? |
UseOidc | bool | (Optional) Should OIDC authentication be used? This can also be sourced from the ARM_USE_OIDC environment variable. |
Defaults
Optional
public System.Collections.Generic.IDictionary< string, object > Defaults { get; set; }
- Type: System.Collections.Generic.IDictionary< string, object >
Workspace
Optional
public string Workspace { get; set; }
- Type: string
ContainerName
Required
public string ContainerName { get; set; }
- Type: string
(Required) The Name of the Storage Container within the Storage Account.
Key
Required
public string Key { get; set; }
- Type: string
(Required) The name of the Blob used to retrieve/store Terraform's State file inside the Storage Container.
StorageAccountName
Required
public string StorageAccountName { get; set; }
- Type: string
(Required) The Name of the Storage Account.
AccessKey
Optional
public string AccessKey { get; set; }
- Type: string
access_key - (Optional) The Access Key used to access the Blob Storage Account.
This can also be sourced from the ARM_ACCESS_KEY environment variable.
ClientCertificatePassword
Optional
public string ClientCertificatePassword { get; set; }
- Type: string
(Optional) The password associated with the Client Certificate specified in client_certificate_path.
This can also be sourced from the ARM_CLIENT_CERTIFICATE_PASSWORD environment variable.
ClientCertificatePath
Optional
public string ClientCertificatePath { get; set; }
- Type: string
(Optional) The path to the PFX file used as the Client Certificate when authenticating as a Service Principal.
This can also be sourced from the ARM_CLIENT_CERTIFICATE_PATH environment variable.
ClientId
Optional
public string ClientId { get; set; }
- Type: string
(Optional) The Client ID of the Service Principal.
This can also be sourced from the ARM_CLIENT_ID environment variable.
ClientSecret
Optional
public string ClientSecret { get; set; }
- Type: string
(Optional) The Client Secret of the Service Principal.
This can also be sourced from the ARM_CLIENT_SECRET environment variable.
Endpoint
Optional
public string Endpoint { get; set; }
- Type: string
(Optional) The Custom Endpoint for Azure Resource Manager. This can also be sourced from the ARM_ENDPOINT environment variable.
NOTE: An endpoint should only be configured when using Azure Stack.
Environment
Optional
public string Environment { get; set; }
- Type: string
(Optional) The Azure Environment which should be used.
This can also be sourced from the ARM_ENVIRONMENT environment variable. Possible values are public, china, german, stack and usgovernment. Defaults to public.
MetadataHost
Optional
public string MetadataHost { get; set; }
- Type: string
(Optional) The Hostname of the Azure Metadata Service (for example management.azure.com), used to obtain the Cloud Environment when using a Custom Azure Environment. This can also be sourced from the ARM_METADATA_HOSTNAME Environment Variable.).
MsiEndpoint
Optional
public string MsiEndpoint { get; set; }
- Type: string
(Optional) The path to a custom Managed Service Identity endpoint which is automatically determined if not specified.
This can also be sourced from the ARM_MSI_ENDPOINT environment variable.
OidcRequestToken
Optional
public string OidcRequestToken { get; set; }
- Type: string
(Optional) The bearer token for the request to the OIDC provider.
This can also be sourced from the ARM_OIDC_REQUEST_TOKEN or ACTIONS_ID_TOKEN_REQUEST_TOKEN environment variables.
OidcRequestUrl
Optional
public string OidcRequestUrl { get; set; }
- Type: string
(Optional) The URL for the OIDC provider from which to request an ID token.
This can also be sourced from the ARM_OIDC_REQUEST_URL or ACTIONS_ID_TOKEN_REQUEST_URL environment variables.
OidcToken
Optional
public string OidcToken { get; set; }
- Type: string
(Optional) The ID token when authenticating using OpenID Connect (OIDC).
This can also be sourced from the ARM_OIDC_TOKEN environment variable.
OidcTokenFilePath
Optional
public string OidcTokenFilePath { get; set; }
- Type: string
(Optional) The path to a file containing an ID token when authenticating using OpenID Connect (OIDC).
This can also be sourced from the ARM_OIDC_TOKEN_FILE_PATH environment variable.
ResourceGroupName
Optional
public string ResourceGroupName { get; set; }
- Type: string
(Required) The Name of the Resource Group in which the Storage Account exists.
SasToken
Optional
public string SasToken { get; set; }
- Type: string
(Optional) The SAS Token used to access the Blob Storage Account.
This can also be sourced from the ARM_SAS_TOKEN environment variable.
Snapshot
Optional
public bool Snapshot { get; set; }
- Type: bool
(Optional) Should the Blob used to store the Terraform Statefile be snapshotted before use?
Defaults to false. This value can also be sourced from the ARM_SNAPSHOT environment variable.
SubscriptionId
Optional
public string SubscriptionId { get; set; }
- Type: string
(Optional) The Subscription ID in which the Storage Account exists.
This can also be sourced from the ARM_SUBSCRIPTION_ID environment variable.
TenantId
Optional
public string TenantId { get; set; }
- Type: string
(Optional) The Tenant ID in which the Subscription exists.
This can also be sourced from the ARM_TENANT_ID environment variable.
UseAzureadAuth
Optional
public bool UseAzureadAuth { get; set; }
- Type: bool
(Optional) Should AzureAD Authentication be used to access the Blob Storage Account.
This can also be sourced from the ARM_USE_AZUREAD environment variable.
Note: When using AzureAD for Authentication to Storage you also need to ensure the Storage Blob Data Owner role is assigned.
UseMicrosoftGraph
Optional
public bool UseMicrosoftGraph { get; set; }
- Type: bool
(Optional) Should MSAL be used for authentication instead of ADAL, and should Microsoft Graph be used instead of Azure Active Directory Graph?
Defaults to true.
Note: In Terraform 1.2 the Azure Backend uses MSAL (and Microsoft Graph) rather than ADAL (and Azure Active Directory Graph) for authentication by default - you can disable this by setting use_microsoft_graph to false. This setting will be removed in Terraform 1.3, due to Microsoft's deprecation of ADAL.
UseMsi
Optional
public bool UseMsi { get; set; }
- Type: bool
(Optional) Should Managed Service Identity authentication be used?
This can also be sourced from the ARM_USE_MSI environment variable.
UseOidc
Optional
public bool UseOidc { get; set; }
- Type: bool
(Optional) Should OIDC authentication be used? This can also be sourced from the ARM_USE_OIDC environment variable.
Note: When using OIDC for authentication, use_microsoft_graph must be set to true (which is the default).
DataTerraformRemoteStateConfig
Initializer
using HashiCorp.Cdktf;
new DataTerraformRemoteStateConfig {
System.Collections.Generic.IDictionary< string, object > Defaults = null,
string Workspace = null
};
Properties
Name | Type | Description |
---|---|---|
Defaults | System.Collections.Generic.IDictionary< string, object > | No description. |
Workspace | string | No description. |
Defaults
Optional
public System.Collections.Generic.IDictionary< string, object > Defaults { get; set; }
- Type: System.Collections.Generic.IDictionary< string, object >
Workspace
Optional
public string Workspace { get; set; }
- Type: string
DataTerraformRemoteStateConsulConfig
Initializer
using HashiCorp.Cdktf;
new DataTerraformRemoteStateConsulConfig {
System.Collections.Generic.IDictionary< string, object > Defaults = null,
string Workspace = null,
string AccessToken,
string Path,
string Address = null,
string CaFile = null,
string CertFile = null,
string Datacenter = null,
bool Gzip = null,
string HttpAuth = null,
string KeyFile = null,
bool Lock = null,
string Scheme = null
};
Properties
Name | Type | Description |
---|---|---|
Defaults | System.Collections.Generic.IDictionary< string, object > | No description. |
Workspace | string | No description. |
AccessToken | string | (Required) Access token. |
Path | string | (Required) Path in the Consul KV store. |
Address | string | (Optional) DNS name and port of your Consul endpoint specified in the format dnsname:port. |
CaFile | string | (Optional) A path to a PEM-encoded certificate authority used to verify the remote agent's certificate. |
CertFile | string | (Optional) A path to a PEM-encoded certificate provided to the remote agent; |
Datacenter | string | (Optional) The datacenter to use. |
Gzip | bool | (Optional) true to compress the state data using gzip, or false (the default) to leave it uncompressed. |
HttpAuth | string | (Optional) HTTP Basic Authentication credentials to be used when communicating with Consul, in the format of either user or user:pass. |
KeyFile | string | (Optional) A path to a PEM-encoded private key, required if cert_file is specified. |
Lock | bool | (Optional) false to disable locking. |
Scheme | string | (Optional) Specifies what protocol to use when talking to the given address,either http or https. |
Defaults
Optional
public System.Collections.Generic.IDictionary< string, object > Defaults { get; set; }
- Type: System.Collections.Generic.IDictionary< string, object >
Workspace
Optional
public string Workspace { get; set; }
- Type: string
AccessToken
Required
public string AccessToken { get; set; }
- Type: string
(Required) Access token.
Path
Required
public string Path { get; set; }
- Type: string
(Required) Path in the Consul KV store.
Address
Optional
public string Address { get; set; }
- Type: string
(Optional) DNS name and port of your Consul endpoint specified in the format dnsname:port.
Defaults to the local agent HTTP listener.
CaFile
Optional
public string CaFile { get; set; }
- Type: string
(Optional) A path to a PEM-encoded certificate authority used to verify the remote agent's certificate.
CertFile
Optional
public string CertFile { get; set; }
- Type: string
(Optional) A path to a PEM-encoded certificate provided to the remote agent;
requires use of key_file.
Datacenter
Optional
public string Datacenter { get; set; }
- Type: string
(Optional) The datacenter to use.
Defaults to that of the agent.
Gzip
Optional
public bool Gzip { get; set; }
- Type: bool
(Optional) true to compress the state data using gzip, or false (the default) to leave it uncompressed.
HttpAuth
Optional
public string HttpAuth { get; set; }
- Type: string
(Optional) HTTP Basic Authentication credentials to be used when communicating with Consul, in the format of either user or user:pass.
KeyFile
Optional
public string KeyFile { get; set; }
- Type: string
(Optional) A path to a PEM-encoded private key, required if cert_file is specified.
Lock
Optional
public bool Lock { get; set; }
- Type: bool
(Optional) false to disable locking.
This defaults to true, but will require session permissions with Consul and at least kv write permissions on $path/.lock to perform locking.
Scheme
Optional
public string Scheme { get; set; }
- Type: string
(Optional) Specifies what protocol to use when talking to the given address,either http or https.
SSL support can also be triggered by setting then environment variable CONSUL_HTTP_SSL to true.
DataTerraformRemoteStateCosConfig
Initializer
using HashiCorp.Cdktf;
new DataTerraformRemoteStateCosConfig {
System.Collections.Generic.IDictionary< string, object > Defaults = null,
string Workspace = null,
string Bucket,
bool Accelerate = null,
string Acl = null,
CosBackendAssumeRole AssumeRole = null,
string Domain = null,
bool Encrypt = null,
string Endpoint = null,
string Key = null,
string Prefix = null,
string Region = null,
string SecretId = null,
string SecretKey = null,
string SecurityToken = null
};
Properties
Name | Type | Description |
---|---|---|
Defaults | System.Collections.Generic.IDictionary< string, object > | No description. |
Workspace | string | No description. |
Bucket | string | (Required) The name of the COS bucket. |
Accelerate | bool | (Optional) Whether to enable global Acceleration. |
Acl | string | (Optional) Object ACL to be applied to the state file, allows private and public-read. |
AssumeRole | CosBackendAssumeRole | (Optional) The assume_role block. |
Domain | string | (Optional) The root domain of the API request. |
Encrypt | bool | (Optional) Whether to enable server side encryption of the state file. |
Endpoint | string | (Optional) The Custom Endpoint for the COS backend. |
Key | string | (Optional) The path for saving the state file in bucket. |
Prefix | string | (Optional) The directory for saving the state file in bucket. |
Region | string | (Optional) The region of the COS bucket. |
SecretId | string | (Optional) Secret id of Tencent Cloud. |
SecretKey | string | (Optional) Secret key of Tencent Cloud. |
SecurityToken | string | (Optional) TencentCloud Security Token of temporary access credentials. |
Defaults
Optional
public System.Collections.Generic.IDictionary< string, object > Defaults { get; set; }
- Type: System.Collections.Generic.IDictionary< string, object >
Workspace
Optional
public string Workspace { get; set; }
- Type: string
Bucket
Required
public string Bucket { get; set; }
- Type: string
(Required) The name of the COS bucket.
You shall manually create it first.
Accelerate
Optional
public bool Accelerate { get; set; }
- Type: bool
(Optional) Whether to enable global Acceleration.
Defaults to false.
Acl
Optional
public string Acl { get; set; }
- Type: string
(Optional) Object ACL to be applied to the state file, allows private and public-read.
Defaults to private.
AssumeRole
Optional
public CosBackendAssumeRole AssumeRole { get; set; }
- Type: CosBackendAssumeRole
(Optional) The assume_role block.
If provided, terraform will attempt to assume this role using the supplied credentials.
Domain
Optional
public string Domain { get; set; }
- Type: string
(Optional) The root domain of the API request.
Defaults to tencentcloudapi.com. It supports the environment variable TENCENTCLOUD_DOMAIN.
Encrypt
Optional
public bool Encrypt { get; set; }
- Type: bool
(Optional) Whether to enable server side encryption of the state file.
If it is true, COS will use 'AES256' encryption algorithm to encrypt state file.
Endpoint
Optional
public string Endpoint { get; set; }
- Type: string
(Optional) The Custom Endpoint for the COS backend.
It supports the environment variable TENCENTCLOUD_ENDPOINT.
Key
Optional
public string Key { get; set; }
- Type: string
(Optional) The path for saving the state file in bucket.
Defaults to terraform.tfstate.
Prefix
Optional
public string Prefix { get; set; }
- Type: string
(Optional) The directory for saving the state file in bucket.
Default to "env:".
Region
Optional
public string Region { get; set; }
- Type: string
(Optional) The region of the COS bucket.
It supports environment variables TENCENTCLOUD_REGION.
SecretId
Optional
public string SecretId { get; set; }
- Type: string
(Optional) Secret id of Tencent Cloud.
It supports environment variables TENCENTCLOUD_SECRET_ID.
SecretKey
Optional
public string SecretKey { get; set; }
- Type: string
(Optional) Secret key of Tencent Cloud.
It supports environment variables TENCENTCLOUD_SECRET_KEY.
SecurityToken
Optional
public string SecurityToken { get; set; }
- Type: string
(Optional) TencentCloud Security Token of temporary access credentials.
It supports environment variables TENCENTCLOUD_SECURITY_TOKEN.
DataTerraformRemoteStateGcsConfig
Initializer
using HashiCorp.Cdktf;
new DataTerraformRemoteStateGcsConfig {
System.Collections.Generic.IDictionary< string, object > Defaults = null,
string Workspace = null,
string Bucket,
string AccessToken = null,
string Credentials = null,
string EncryptionKey = null,
string ImpersonateServiceAccount = null,
string[] ImpersonateServiceAccountDelegates = null,
string KmsEncryptionKey = null,
string Prefix = null,
string StoreageCustomEndpoint = null
};
Properties
Name | Type | Description |
---|---|---|
Defaults | System.Collections.Generic.IDictionary< string, object > | No description. |
Workspace | string | No description. |
Bucket | string | (Required) The name of the GCS bucket. |
AccessToken | string | (Optional) A temporary [OAuth 2.0 access token] obtained from the Google Authorization server, i.e. the Authorization: Bearer token used to authenticate HTTP requests to GCP APIs. This is an alternative to credentials. If both are specified, access_token will be used over the credentials field. |
Credentials | string | (Optional) Local path to Google Cloud Platform account credentials in JSON format. |
EncryptionKey | string | (Optional) A 32 byte base64 encoded 'customer supplied encryption key' used to encrypt all state. |
ImpersonateServiceAccount | string | (Optional) The service account to impersonate for accessing the State Bucket. |
ImpersonateServiceAccountDelegates | string[] | (Optional) The delegation chain for an impersonating a service account. |
KmsEncryptionKey | string | (Optional) A Cloud KMS key ('customer-managed encryption key') used when reading and writing state files in the bucket. |
Prefix | string | (Optional) GCS prefix inside the bucket. |
StoreageCustomEndpoint | string | (Optional) A URL containing three parts: the protocol, the DNS name pointing to a Private Service Connect endpoint, and the path for the Cloud Storage API (/storage/v1/b). |
Defaults
Optional
public System.Collections.Generic.IDictionary< string, object > Defaults { get; set; }
- Type: System.Collections.Generic.IDictionary< string, object >
Workspace
Optional
public string Workspace { get; set; }
- Type: string
Bucket
Required
public string Bucket { get; set; }
- Type: string
(Required) The name of the GCS bucket.
This name must be globally unique.
AccessToken
Optional
public string AccessToken { get; set; }
- Type: string
(Optional) A temporary [OAuth 2.0 access token] obtained from the Google Authorization server, i.e. the Authorization: Bearer token used to authenticate HTTP requests to GCP APIs. This is an alternative to credentials. If both are specified, access_token will be used over the credentials field.
Credentials
Optional
public string Credentials { get; set; }
- Type: string
(Optional) Local path to Google Cloud Platform account credentials in JSON format.
If unset, Google Application Default Credentials are used. The provided credentials must have Storage Object Admin role on the bucket.
Warning: if using the Google Cloud Platform provider as well, it will also pick up the GOOGLE_CREDENTIALS environment variable.
EncryptionKey
Optional
public string EncryptionKey { get; set; }
- Type: string
(Optional) A 32 byte base64 encoded 'customer supplied encryption key' used to encrypt all state.
ImpersonateServiceAccount
Optional
public string ImpersonateServiceAccount { get; set; }
- Type: string
(Optional) The service account to impersonate for accessing the State Bucket.
You must have roles/iam.serviceAccountTokenCreator role on that account for the impersonation to succeed. If you are using a delegation chain, you can specify that using the impersonate_service_account_delegates field. Alternatively, this can be specified using the GOOGLE_IMPERSONATE_SERVICE_ACCOUNT environment variable.
ImpersonateServiceAccountDelegates
Optional
public string[] ImpersonateServiceAccountDelegates { get; set; }
- Type: string[]
(Optional) The delegation chain for an impersonating a service account.
KmsEncryptionKey
Optional
public string KmsEncryptionKey { get; set; }
- Type: string
(Optional) A Cloud KMS key ('customer-managed encryption key') used when reading and writing state files in the bucket.
Format should be projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{name}}. For more information, including IAM requirements, see {@link https://cloud.google.com/storage/docs/encryption/customer-managed-keys Customer-managed Encryption Keys}.
Prefix
Optional
public string Prefix { get; set; }
- Type: string
(Optional) GCS prefix inside the bucket.
Named states for workspaces are stored in an object called < prefix >/< name >.tfstate.
StoreageCustomEndpoint
Optional
public string StoreageCustomEndpoint { get; set; }
- Type: string
(Optional) A URL containing three parts: the protocol, the DNS name pointing to a Private Service Connect endpoint, and the path for the Cloud Storage API (/storage/v1/b).
{@link https://developer.hashicorp.com/terraform/language/settings/backends/gcs#storage_custom_endpoint See here for more details}
DataTerraformRemoteStateHttpConfig
Initializer
using HashiCorp.Cdktf;
new DataTerraformRemoteStateHttpConfig {
System.Collections.Generic.IDictionary< string, object > Defaults = null,
string Workspace = null,
string Address,
string ClientCaCertificatePem = null,
string ClientCertificatePem = null,
string ClientPrivateKeyPem = null,
string LockAddress = null,
string LockMethod = null,
string Password = null,
double RetryMax = null,
double RetryWaitMax = null,
double RetryWaitMin = null,
bool SkipCertVerification = null,
string UnlockAddress = null,
string UnlockMethod = null,
string UpdateMethod = null,
string Username = null
};
Properties
Name | Type | Description |
---|---|---|
Defaults | System.Collections.Generic.IDictionary< string, object > | No description. |
Workspace | string | No description. |
Address | string | (Required) The address of the REST endpoint. |
ClientCaCertificatePem | string | (Optional) A PEM-encoded CA certificate chain used by the client to verify server certificates during TLS authentication. |
ClientCertificatePem | string | (Optional) A PEM-encoded certificate used by the server to verify the client during mutual TLS (mTLS) authentication. |
ClientPrivateKeyPem | string | (Optional) A PEM-encoded private key, required if client_certificate_pem is specified. |
LockAddress | string | (Optional) The address of the lock REST endpoint. |
LockMethod | string | (Optional) The HTTP method to use when locking. |
Password | string | (Optional) The password for HTTP basic authentication. |
RetryMax | double | (Optional) The number of HTTP request retries. |
RetryWaitMax | double | (Optional) The maximum time in seconds to wait between HTTP request attempts. |
RetryWaitMin | double | (Optional) The minimum time in seconds to wait between HTTP request attempts. |
SkipCertVerification | bool | (Optional) Whether to skip TLS verification. |
UnlockAddress | string | (Optional) The address of the unlock REST endpoint. |
UnlockMethod | string | (Optional) The HTTP method to use when unlocking. |
UpdateMethod | string | (Optional) HTTP method to use when updating state. |
Username | string | (Optional) The username for HTTP basic authentication. |
Defaults
Optional
public System.Collections.Generic.IDictionary< string, object > Defaults { get; set; }
- Type: System.Collections.Generic.IDictionary< string, object >
Workspace
Optional
public string Workspace { get; set; }
- Type: string
Address
Required
public string Address { get; set; }
- Type: string
(Required) The address of the REST endpoint.
ClientCaCertificatePem
Optional
public string ClientCaCertificatePem { get; set; }
- Type: string
(Optional) A PEM-encoded CA certificate chain used by the client to verify server certificates during TLS authentication.
ClientCertificatePem
Optional
public string ClientCertificatePem { get; set; }
- Type: string
(Optional) A PEM-encoded certificate used by the server to verify the client during mutual TLS (mTLS) authentication.
ClientPrivateKeyPem
Optional
public string ClientPrivateKeyPem { get; set; }
- Type: string
(Optional) A PEM-encoded private key, required if client_certificate_pem is specified.
LockAddress
Optional
public string LockAddress { get; set; }
- Type: string
(Optional) The address of the lock REST endpoint.
Defaults to disabled.
LockMethod
Optional
public string LockMethod { get; set; }
- Type: string
(Optional) The HTTP method to use when locking.
Defaults to LOCK.
Password
Optional
public string Password { get; set; }
- Type: string
(Optional) The password for HTTP basic authentication.
RetryMax
Optional
public double RetryMax { get; set; }
- Type: double
(Optional) The number of HTTP request retries.
Defaults to 2.
RetryWaitMax
Optional
public double RetryWaitMax { get; set; }
- Type: double
(Optional) The maximum time in seconds to wait between HTTP request attempts.
Defaults to 30.
RetryWaitMin
Optional
public double RetryWaitMin { get; set; }
- Type: double
(Optional) The minimum time in seconds to wait between HTTP request attempts.
Defaults to 1.
SkipCertVerification
Optional
public bool SkipCertVerification { get; set; }
- Type: bool
(Optional) Whether to skip TLS verification.
Defaults to false.
UnlockAddress
Optional
public string UnlockAddress { get; set; }
- Type: string
(Optional) The address of the unlock REST endpoint.
Defaults to disabled.
UnlockMethod
Optional
public string UnlockMethod { get; set; }
- Type: string
(Optional) The HTTP method to use when unlocking.
Defaults to UNLOCK.
UpdateMethod
Optional
public string UpdateMethod { get; set; }
- Type: string
(Optional) HTTP method to use when updating state.
Defaults to POST.
Username
Optional
public string Username { get; set; }
- Type: string
(Optional) The username for HTTP basic authentication.
DataTerraformRemoteStateLocalConfig
Initializer
using HashiCorp.Cdktf;
new DataTerraformRemoteStateLocalConfig {
System.Collections.Generic.IDictionary< string, object > Defaults = null,
string Workspace = null,
string Path = null,
string WorkspaceDir = null
};
Properties
Name | Type | Description |
---|---|---|
Defaults | System.Collections.Generic.IDictionary< string, object > | No description. |
Workspace | string | No description. |
Path | string | Path where the state file is stored. |
WorkspaceDir | string | (Optional) The path to non-default workspaces. |
Defaults
Optional
public System.Collections.Generic.IDictionary< string, object > Defaults { get; set; }
- Type: System.Collections.Generic.IDictionary< string, object >
Workspace
Optional
public string Workspace { get; set; }
- Type: string
Path
Optional
public string Path { get; set; }
- Type: string
- Default: defaults to terraform.${stackId}.tfstate
Path where the state file is stored.
WorkspaceDir
Optional
public string WorkspaceDir { get; set; }
- Type: string
(Optional) The path to non-default workspaces.
DataTerraformRemoteStateOssConfig
Initializer
using HashiCorp.Cdktf;
new DataTerraformRemoteStateOssConfig {
System.Collections.Generic.IDictionary< string, object > Defaults = null,
string Workspace = null,
string Bucket,
string AccessKey = null,
string Acl = null,
OssAssumeRole AssumeRole = null,
string AssumeRolePolicy = null,
string AssumeRoleRoleArn = null,
double AssumeRoleSessionExpiration = null,
string AssumeRoleSessionName = null,
string EcsRoleName = null,
bool Encrypt = null,
string Endpoint = null,
string Key = null,
string Prefix = null,
string Profile = null,
string Region = null,
string SecretKey = null,
string SecurityToken = null,
string SharedCredentialsFile = null,
string StsEndpoint = null,
string TablestoreEndpoint = null,
string TablestoreTable = null
};
Properties
Name | Type | Description |
---|---|---|
Defaults | System.Collections.Generic.IDictionary< string, object > | No description. |
Workspace | string | No description. |
Bucket | string | (Required) The name of the OSS bucket. |
AccessKey | string | (Optional) Alibaba Cloud access key. |
Acl | string | (Optional) Object ACL to be applied to the state file. |
AssumeRole | OssAssumeRole | No description. |
AssumeRolePolicy | string | (Optional, Available in 1.1.0+) A more restrictive policy to apply to the temporary credentials. This gives you a way to further restrict the permissions for the resulting temporary security credentials. You cannot use this policy to grant permissions that exceed those of the role that is being assumed. |
AssumeRoleRoleArn | string | (Optional, Available in 1.1.0+) The ARN of the role to assume. If ARN is set to an empty string, it does not perform role switching. It supports the environment variable ALICLOUD_ASSUME_ROLE_ARN. Terraform executes configuration on account with provided credentials. |
AssumeRoleSessionExpiration | double | (Optional, Available in 1.1.0+) The time after which the established session for assuming role expires. Valid value range: [900-3600] seconds. Default to 3600 (in this case Alibaba Cloud uses its own default value). It supports environment variable ALICLOUD_ASSUME_ROLE_SESSION_EXPIRATION. |
AssumeRoleSessionName | string | (Optional, Available in 1.1.0+) The session name to use when assuming the role. If omitted, 'terraform' is passed to the AssumeRole call as session name. It supports environment variable ALICLOUD_ASSUME_ROLE_SESSION_NAME. |
EcsRoleName | string | (Optional, Available in 0.12.14+) The RAM Role Name attached on a ECS instance for API operations. You can retrieve this from the 'Access Control' section of the Alibaba Cloud console. |
Encrypt | bool | (Optional) Whether to enable server side encryption of the state file. |
Endpoint | string | (Optional) A custom endpoint for the OSS API. |
Key | string | (Optional) The name of the state file. |
Prefix | string | (Optional) The path directory of the state file will be stored. |
Profile | string | (Optional, Available in 0.12.8+) This is the Alibaba Cloud profile name as set in the shared credentials file. It can also be sourced from the ALICLOUD_PROFILE environment variable. |
Region | string | (Optional) The region of the OSS bucket. |
SecretKey | string | (Optional) Alibaba Cloud secret access key. |
SecurityToken | string | (Optional) STS access token. |
SharedCredentialsFile | string | (Optional, Available in 0.12.8+) This is the path to the shared credentials file. It can also be sourced from the ALICLOUD_SHARED_CREDENTIALS_FILE environment variable. If this is not set and a profile is specified, ~/.aliyun/config.json will be used. |
StsEndpoint | string | (Optional, Available in 1.0.11+) Custom endpoint for the AliCloud Security Token Service (STS) API. It supports environment variable ALICLOUD_STS_ENDPOINT. |
TablestoreEndpoint | string | (Optional) A custom endpoint for the TableStore API. |
TablestoreTable | string | (Optional) A TableStore table for state locking and consistency. |
Defaults
Optional
public System.Collections.Generic.IDictionary< string, object > Defaults { get; set; }
- Type: System.Collections.Generic.IDictionary< string, object >
Workspace
Optional
public string Workspace { get; set; }
- Type: string
Bucket
Required
public string Bucket { get; set; }
- Type: string
(Required) The name of the OSS bucket.
AccessKey
Optional
public string AccessKey { get; set; }
- Type: string
(Optional) Alibaba Cloud access key.
It supports environment variables ALICLOUD_ACCESS_KEY and ALICLOUD_ACCESS_KEY_ID.
Acl
Optional
public string Acl { get; set; }
- Type: string
(Optional) Object ACL to be applied to the state file.
AssumeRole
Optional
AssumeRole
- Deprecated: Use flattened assume role options
public OssAssumeRole AssumeRole { get; set; }
- Type: OssAssumeRole
AssumeRolePolicy
Optional
public string AssumeRolePolicy { get; set; }
- Type: string
(Optional, Available in 1.1.0+) A more restrictive policy to apply to the temporary credentials. This gives you a way to further restrict the permissions for the resulting temporary security credentials. You cannot use this policy to grant permissions that exceed those of the role that is being assumed.
AssumeRoleRoleArn
Optional
public string AssumeRoleRoleArn { get; set; }
- Type: string
(Optional, Available in 1.1.0+) The ARN of the role to assume. If ARN is set to an empty string, it does not perform role switching. It supports the environment variable ALICLOUD_ASSUME_ROLE_ARN. Terraform executes configuration on account with provided credentials.
AssumeRoleSessionExpiration
Optional
public double AssumeRoleSessionExpiration { get; set; }
- Type: double
(Optional, Available in 1.1.0+) The time after which the established session for assuming role expires. Valid value range: [900-3600] seconds. Default to 3600 (in this case Alibaba Cloud uses its own default value). It supports environment variable ALICLOUD_ASSUME_ROLE_SESSION_EXPIRATION.
AssumeRoleSessionName
Optional
public string AssumeRoleSessionName { get; set; }
- Type: string
(Optional, Available in 1.1.0+) The session name to use when assuming the role. If omitted, 'terraform' is passed to the AssumeRole call as session name. It supports environment variable ALICLOUD_ASSUME_ROLE_SESSION_NAME.
EcsRoleName
Optional
public string EcsRoleName { get; set; }
- Type: string
(Optional, Available in 0.12.14+) The RAM Role Name attached on a ECS instance for API operations. You can retrieve this from the 'Access Control' section of the Alibaba Cloud console.
Encrypt
Optional
public bool Encrypt { get; set; }
- Type: bool
(Optional) Whether to enable server side encryption of the state file.
If it is true, OSS will use 'AES256' encryption algorithm to encrypt state file.
Endpoint
Optional
public string Endpoint { get; set; }
- Type: string
(Optional) A custom endpoint for the OSS API.
It supports environment variables ALICLOUD_OSS_ENDPOINT and OSS_ENDPOINT.
Key
Optional
public string Key { get; set; }
- Type: string
(Optional) The name of the state file.
Defaults to terraform.tfstate.
Prefix
Optional
public string Prefix { get; set; }
- Type: string
(Optional) The path directory of the state file will be stored.
Default to "env:".
Profile
Optional
public string Profile { get; set; }
- Type: string
(Optional, Available in 0.12.8+) This is the Alibaba Cloud profile name as set in the shared credentials file. It can also be sourced from the ALICLOUD_PROFILE environment variable.
Region
Optional
public string Region { get; set; }
- Type: string
(Optional) The region of the OSS bucket.
It supports environment variables ALICLOUD_REGION and ALICLOUD_DEFAULT_REGION.
SecretKey
Optional
public string SecretKey { get; set; }
- Type: string
(Optional) Alibaba Cloud secret access key.
It supports environment variables ALICLOUD_SECRET_KEY and ALICLOUD_ACCESS_KEY_SECRET.
SecurityToken
Optional
public string SecurityToken { get; set; }
- Type: string
(Optional) STS access token.
It supports environment variable ALICLOUD_SECURITY_TOKEN.
SharedCredentialsFile
Optional
public string SharedCredentialsFile { get; set; }
- Type: string
(Optional, Available in 0.12.8+) This is the path to the shared credentials file. It can also be sourced from the ALICLOUD_SHARED_CREDENTIALS_FILE environment variable. If this is not set and a profile is specified, ~/.aliyun/config.json will be used.
StsEndpoint
Optional
public string StsEndpoint { get; set; }
- Type: string
(Optional, Available in 1.0.11+) Custom endpoint for the AliCloud Security Token Service (STS) API. It supports environment variable ALICLOUD_STS_ENDPOINT.
TablestoreEndpoint
Optional
public string TablestoreEndpoint { get; set; }
- Type: string
(Optional) A custom endpoint for the TableStore API.
TablestoreTable
Optional
public string TablestoreTable { get; set; }
- Type: string
(Optional) A TableStore table for state locking and consistency.
The table must have a primary key named LockID of type String.
DataTerraformRemoteStatePgConfig
Initializer
using HashiCorp.Cdktf;
new DataTerraformRemoteStatePgConfig {
System.Collections.Generic.IDictionary< string, object > Defaults = null,
string Workspace = null,
string ConnStr,
string SchemaName = null,
bool SkipIndexCreation = null,
bool SkipSchemaCreation = null,
bool SkipTableCreation = null
};
Properties
Name | Type | Description |
---|---|---|
Defaults | System.Collections.Generic.IDictionary< string, object > | No description. |
Workspace | string | No description. |
ConnStr | string | Postgres connection string; |
SchemaName | string | Name of the automatically-managed Postgres schema, default to terraform_remote_state. |
SkipIndexCreation | bool | If set to true, the Postgres index must already exist. |
SkipSchemaCreation | bool | If set to true, the Postgres schema must already exist. |
SkipTableCreation | bool | If set to true, the Postgres table must already exist. |
Defaults
Optional
public System.Collections.Generic.IDictionary< string, object > Defaults { get; set; }
- Type: System.Collections.Generic.IDictionary< string, object >
Workspace
Optional
public string Workspace { get; set; }
- Type: string
ConnStr
Required
public string ConnStr { get; set; }
- Type: string
Postgres connection string;
a postgres:// URL. The PG_CONN_STR and standard libpq environment variables can also be used to indicate how to connect to the PostgreSQL database.
SchemaName
Optional
public string SchemaName { get; set; }
- Type: string
Name of the automatically-managed Postgres schema, default to terraform_remote_state.
Can also be set using the PG_SCHEMA_NAME environment variable.
SkipIndexCreation
Optional
public bool SkipIndexCreation { get; set; }
- Type: bool
If set to true, the Postgres index must already exist.
Can also be set using the PG_SKIP_INDEX_CREATION environment variable. Terraform won't try to create the index, this is useful when it has already been created by a database administrator.
SkipSchemaCreation
Optional
public bool SkipSchemaCreation { get; set; }
- Type: bool
If set to true, the Postgres schema must already exist.
Can also be set using the PG_SKIP_SCHEMA_CREATION environment variable. Terraform won't try to create the schema, this is useful when it has already been created by a database administrator.
SkipTableCreation
Optional
public bool SkipTableCreation { get; set; }
- Type: bool
If set to true, the Postgres table must already exist.
Can also be set using the PG_SKIP_TABLE_CREATION environment variable. Terraform won't try to create the table, this is useful when it has already been created by a database administrator.
DataTerraformRemoteStateRemoteConfig
Initializer
using HashiCorp.Cdktf;
new DataTerraformRemoteStateRemoteConfig {
System.Collections.Generic.IDictionary< string, object > Defaults = null,
string Workspace = null,
string Organization,
IRemoteWorkspace Workspaces,
string Hostname = null,
string Token = null
};
Properties
Name | Type | Description |
---|---|---|
Defaults | System.Collections.Generic.IDictionary< string, object > | No description. |
Workspace | string | No description. |
Organization | string | No description. |
Workspaces | IRemoteWorkspace | No description. |
Hostname | string | No description. |
Token | string | No description. |
Defaults
Optional
public System.Collections.Generic.IDictionary< string, object > Defaults { get; set; }
- Type: System.Collections.Generic.IDictionary< string, object >
Workspace
Optional
public string Workspace { get; set; }
- Type: string
Organization
Required
public string Organization { get; set; }
- Type: string
Workspaces
Required
public IRemoteWorkspace Workspaces { get; set; }
- Type: IRemoteWorkspace
Hostname
Optional
public string Hostname { get; set; }
- Type: string
Token
Optional
public string Token { get; set; }
- Type: string
DataTerraformRemoteStateS3Config
Initializer
using HashiCorp.Cdktf;
new DataTerraformRemoteStateS3Config {
System.Collections.Generic.IDictionary< string, object > Defaults = null,
string Workspace = null,
string Bucket,
string Key,
string AccessKey = null,
string Acl = null,
string[] AllowedAccountIds = null,
S3BackendAssumeRoleConfig AssumeRole = null,
string AssumeRolePolicy = null,
string[] AssumeRolePolicyArns = null,
System.Collections.Generic.IDictionary< string, string > AssumeRoleTags = null,
string[] AssumeRoleTransitiveTagKeys = null,
S3BackendAssumeRoleWithWebIdentityConfig AssumeRoleWithWebIdentity = null,
string CustomCaBundle = null,
string DynamodbEndpoint = null,
string DynamodbTable = null,
string Ec2MetadataServiceEndpoint = null,
string Ec2MetadataServiceEndpointMode = null,
bool Encrypt = null,
string Endpoint = null,
S3BackendEndpointConfig Endpoints = null,
string ExternalId = null,
string[] ForbiddenAccountIds = null,
bool ForcePathStyle = null,
string HttpProxy = null,
string HttpsProxy = null,
string IamEndpoint = null,
bool Insecure = null,
string KmsKeyId = null,
double MaxRetries = null,
string NoProxy = null,
string Profile = null,
string Region = null,
string RetryMode = null,
string RoleArn = null,
string SecretKey = null,
string SessionName = null,
string[] SharedConfigFiles = null,
string SharedCredentialsFile = null,
string[] SharedCredentialsFiles = null,
bool SkipCredentialsValidation = null,
bool SkipMetadataApiCheck = null,
bool SkipRegionValidation = null,
bool SkipRequestingAccountId = null,
bool SkipS3Checksum = null,
string SseCustomerKey = null,
string StsEndpoint = null,
string StsRegion = null,
string Token = null,
bool UseLegacyWorkflow = null,
bool UsePathStyle = null,
string WorkspaceKeyPrefix = null
};
Properties
Name | Type | Description |
---|---|---|
Defaults | System.Collections.Generic.IDictionary< string, object > | No description. |
Workspace | string | No description. |
Bucket | string | Name of the S3 Bucket. |
Key | string | Path to the state file inside the S3 Bucket. |
AccessKey | string | (Optional) AWS access key. |
Acl | string | (Optional) Canned ACL to be applied to the state file. |
AllowedAccountIds | string[] | (Optional) List of allowed AWS account IDs to prevent potential destruction of a live environment. |
AssumeRole | S3BackendAssumeRoleConfig | Assuming an IAM Role can be configured in two ways. |
AssumeRolePolicy | string | (Optional) IAM Policy JSON describing further restricting permissions for the IAM Role being assumed. |
AssumeRolePolicyArns | string[] | (Optional) Set of Amazon Resource Names (ARNs) of IAM Policies describing further restricting permissions for the IAM Role being assumed. |
AssumeRoleTags | System.Collections.Generic.IDictionary< string, string > | (Optional) Map of assume role session tags. |
AssumeRoleTransitiveTagKeys | string[] | (Optional) Set of assume role session tag keys to pass to any subsequent sessions. |
AssumeRoleWithWebIdentity | S3BackendAssumeRoleWithWebIdentityConfig | Assume Role With Web Identity Configuration. |
CustomCaBundle | string | (Optional) File containing custom root and intermediate certificates. |
DynamodbEndpoint | string | (Optional) Custom endpoint for the AWS DynamoDB API. |
DynamodbTable | string | (Optional) Name of DynamoDB Table to use for state locking and consistency. |
Ec2MetadataServiceEndpoint | string | Optional) Custom endpoint URL for the EC2 Instance Metadata Service (IMDS) API. |
Ec2MetadataServiceEndpointMode | string | (Optional) Mode to use in communicating with the metadata service. |
Encrypt | bool | (Optional) Enable server side encryption of the state file. |
Endpoint | string | (Optional) Custom endpoint for the AWS S3 API. |
Endpoints | S3BackendEndpointConfig | (Optional) The endpoint configuration block. |
ExternalId | string | (Optional) External identifier to use when assuming the role. |
ForbiddenAccountIds | string[] | (Optional) List of forbidden AWS account IDs to prevent potential destruction of a live environment. |
ForcePathStyle | bool | (Optional) Enable path-style S3 URLs (https://< HOST >/< BUCKET > instead of https://< BUCKET >.< HOST >). |
HttpProxy | string | (Optional) URL of a proxy to use for HTTP requests when accessing the AWS API. |
HttpsProxy | string | (Optional) URL of a proxy to use for HTTPS requests when accessing the AWS API. |
IamEndpoint | string | (Optional) Custom endpoint for the AWS Identity and Access Management (IAM) API. |
Insecure | bool | Optional) Whether to explicitly allow the backend to perform "insecure" SSL requests. |
KmsKeyId | string | (Optional) Amazon Resource Name (ARN) of a Key Management Service (KMS) Key to use for encrypting the state. |
MaxRetries | double | (Optional) The maximum number of times an AWS API request is retried on retryable failure. |
NoProxy | string | (Optional) Comma-separated list of hosts that should not use HTTP or HTTPS proxies. |
Profile | string | (Optional) Name of AWS profile in AWS shared credentials file (e.g. ~/.aws/credentials) or AWS shared configuration file (e.g. ~/.aws/config) to use for credentials and/or configuration. This can also be sourced from the AWS_PROFILE environment variable. |
Region | string | AWS Region of the S3 Bucket and DynamoDB Table (if used). |
RetryMode | string | (Optional) Specifies how retries are attempted. |
RoleArn | string | (Optional) Amazon Resource Name (ARN) of the IAM Role to assume. |
SecretKey | string | (Optional) AWS secret access key. |
SessionName | string | (Optional) Session name to use when assuming the role. |
SharedConfigFiles | string[] | (Optional) List of paths to AWS shared configuration files. |
SharedCredentialsFile | string | (Optional) Path to the AWS shared credentials file. |
SharedCredentialsFiles | string[] | (Optional) List of paths to AWS shared credentials files. |
SkipCredentialsValidation | bool | (Optional) Skip credentials validation via the STS API. |
SkipMetadataApiCheck | bool | (Optional) Skip usage of EC2 Metadata API. |
SkipRegionValidation | bool | (Optional) Skip validation of provided region name. |
SkipRequestingAccountId | bool | (Optional) Whether to skip requesting the account ID. |
SkipS3Checksum | bool | (Optional) Do not include checksum when uploading S3 Objects. |
SseCustomerKey | string | (Optional) The key to use for encrypting state with Server-Side Encryption with Customer-Provided Keys (SSE-C). |
StsEndpoint | string | (Optional) Custom endpoint for the AWS Security Token Service (STS) API. |
StsRegion | string | (Optional) AWS region for STS. |
Token | string | (Optional) Multi-Factor Authentication (MFA) token. |
UseLegacyWorkflow | bool | (Optional) Use the legacy authentication workflow, preferring environment variables over backend configuration. |
UsePathStyle | bool | (Optional) Enable path-style S3 URLs (https://< HOST >/< BUCKET > instead of https://< BUCKET >.< HOST >). |
WorkspaceKeyPrefix | string | (Optional) Prefix applied to the state path inside the bucket. |
Defaults
Optional
public System.Collections.Generic.IDictionary< string, object > Defaults { get; set; }
- Type: System.Collections.Generic.IDictionary< string, object >
Workspace
Optional
public string Workspace { get; set; }
- Type: string
Bucket
Required
public string Bucket { get; set; }
- Type: string
Name of the S3 Bucket.
Key
Required
public string Key { get; set; }
- Type: string
Path to the state file inside the S3 Bucket.
When using a non-default workspace, the state path will be /workspace_key_prefix/workspace_name/key
AccessKey
Optional
public string AccessKey { get; set; }
- Type: string
(Optional) AWS access key.
If configured, must also configure secret_key. This can also be sourced from the AWS_ACCESS_KEY_ID environment variable, AWS shared credentials file (e.g. ~/.aws/credentials), or AWS shared configuration file (e.g. ~/.aws/config).
Acl
Optional
public string Acl { get; set; }
- Type: string
(Optional) Canned ACL to be applied to the state file.
AllowedAccountIds
Optional
public string[] AllowedAccountIds { get; set; }