HashiConf 2025 Don't miss the live stream of HashiConf Day 2 happening now View live stream
Terraform
Terraform Home

Java: Structs

AppConfig

Initializer 

import com.hashicorp.cdktf.AppConfig;

AppConfig.builder()
//  .context(java.util.Map< java.lang.String, java.lang.Object >)
//  .hclOutput(java.lang.Boolean)
//  .outdir(java.lang.String)
//  .skipBackendValidation(java.lang.Boolean)
//  .skipValidation(java.lang.Boolean)
//  .stackTraces(java.lang.Boolean)
    .build();

Properties

NameTypeDescription
contextjava.util.Map< java.lang.String, java.lang.Object >Additional context values for the application.
hclOutputjava.lang.BooleanNo description.
outdirjava.lang.StringThe directory to output Terraform resources.
skipBackendValidationjava.lang.BooleanWhether to skip backend validation during synthesis of the app.
skipValidationjava.lang.BooleanWhether to skip all validations during synthesis of the app.
stackTracesjava.lang.BooleanNo description.
contextOptional 
public java.util.Map< java.lang.String, java.lang.Object > getContext();
  • Type: java.util.Map< java.lang.String, java.lang.Object >
  • Default: no additional context

Additional context values for the application.

Context set by the CLI or the context key in cdktf.json has precedence.

Context can be read from any construct using node.getContext(key).

hclOutputOptional 
public java.lang.Boolean getHclOutput();
  • Type: java.lang.Boolean
outdirOptional 
public java.lang.String getOutdir();
  • Type: java.lang.String
  • Default: CDKTF_OUTDIR if defined, otherwise "cdktf.out"

The directory to output Terraform resources.

If you are using the CDKTF CLI, this value is automatically set from one of the following three sources:

  • The -o / --output CLI option
  • The CDKTF_OUTDIR environment variable
  • The outdir key in cdktf.json

If you are using the CDKTF CLI and want to set a different value here, you will also need to set the same value via one of the three ways specified above.

The most common case to set this value is when you are using the CDKTF library directly (e.g. when writing unit tests).

skipBackendValidationOptional 
public java.lang.Boolean getSkipBackendValidation();
  • Type: java.lang.Boolean
  • Default: false

Whether to skip backend validation during synthesis of the app.

skipValidationOptional 
public java.lang.Boolean getSkipValidation();
  • Type: java.lang.Boolean
  • Default: false

Whether to skip all validations during synthesis of the app.

stackTracesOptional 
public java.lang.Boolean getStackTraces();
  • Type: java.lang.Boolean

AzurermBackendConfig

Stores the state as a Blob with the given Key within the Blob Container within the Blob Storage Account.

This backend supports state locking and consistency checking with Azure Blob Storage native capabilities.

Note: By default the Azure Backend uses ADAL for authentication which is deprecated in favour of MSAL - MSAL can be used by setting use_microsoft_graph to true. The default for this will change in Terraform 1.2, so that MSAL authentication is used by default.

Read more about this backend in the Terraform docs: https://developer.hashicorp.com/terraform/language/settings/backends/azurerm

Initializer 

import com.hashicorp.cdktf.AzurermBackendConfig;

AzurermBackendConfig.builder()
    .containerName(java.lang.String)
    .key(java.lang.String)
    .storageAccountName(java.lang.String)
//  .accessKey(java.lang.String)
//  .clientCertificatePassword(java.lang.String)
//  .clientCertificatePath(java.lang.String)
//  .clientId(java.lang.String)
//  .clientSecret(java.lang.String)
//  .endpoint(java.lang.String)
//  .environment(java.lang.String)
//  .metadataHost(java.lang.String)
//  .msiEndpoint(java.lang.String)
//  .oidcRequestToken(java.lang.String)
//  .oidcRequestUrl(java.lang.String)
//  .oidcToken(java.lang.String)
//  .oidcTokenFilePath(java.lang.String)
//  .resourceGroupName(java.lang.String)
//  .sasToken(java.lang.String)
//  .snapshot(java.lang.Boolean)
//  .subscriptionId(java.lang.String)
//  .tenantId(java.lang.String)
//  .useAzureadAuth(java.lang.Boolean)
//  .useMicrosoftGraph(java.lang.Boolean)
//  .useMsi(java.lang.Boolean)
//  .useOidc(java.lang.Boolean)
    .build();

Properties

NameTypeDescription
containerNamejava.lang.String(Required) The Name of the Storage Container within the Storage Account.
keyjava.lang.String(Required) The name of the Blob used to retrieve/store Terraform's State file inside the Storage Container.
storageAccountNamejava.lang.String(Required) The Name of the Storage Account.
accessKeyjava.lang.Stringaccess_key - (Optional) The Access Key used to access the Blob Storage Account.
clientCertificatePasswordjava.lang.String(Optional) The password associated with the Client Certificate specified in client_certificate_path.
clientCertificatePathjava.lang.String(Optional) The path to the PFX file used as the Client Certificate when authenticating as a Service Principal.
clientIdjava.lang.String(Optional) The Client ID of the Service Principal.
clientSecretjava.lang.String(Optional) The Client Secret of the Service Principal.
endpointjava.lang.String(Optional) The Custom Endpoint for Azure Resource Manager. This can also be sourced from the ARM_ENDPOINT environment variable.
environmentjava.lang.String(Optional) The Azure Environment which should be used.
metadataHostjava.lang.String(Optional) The Hostname of the Azure Metadata Service (for example management.azure.com), used to obtain the Cloud Environment when using a Custom Azure Environment. This can also be sourced from the ARM_METADATA_HOSTNAME Environment Variable.).
msiEndpointjava.lang.String(Optional) The path to a custom Managed Service Identity endpoint which is automatically determined if not specified.
oidcRequestTokenjava.lang.String(Optional) The bearer token for the request to the OIDC provider.
oidcRequestUrljava.lang.String(Optional) The URL for the OIDC provider from which to request an ID token.
oidcTokenjava.lang.String(Optional) The ID token when authenticating using OpenID Connect (OIDC).
oidcTokenFilePathjava.lang.String(Optional) The path to a file containing an ID token when authenticating using OpenID Connect (OIDC).
resourceGroupNamejava.lang.String(Required) The Name of the Resource Group in which the Storage Account exists.
sasTokenjava.lang.String(Optional) The SAS Token used to access the Blob Storage Account.
snapshotjava.lang.Boolean(Optional) Should the Blob used to store the Terraform Statefile be snapshotted before use?
subscriptionIdjava.lang.String(Optional) The Subscription ID in which the Storage Account exists.
tenantIdjava.lang.String(Optional) The Tenant ID in which the Subscription exists.
useAzureadAuthjava.lang.Boolean(Optional) Should AzureAD Authentication be used to access the Blob Storage Account.
useMicrosoftGraphjava.lang.Boolean(Optional) Should MSAL be used for authentication instead of ADAL, and should Microsoft Graph be used instead of Azure Active Directory Graph?
useMsijava.lang.Boolean(Optional) Should Managed Service Identity authentication be used?
useOidcjava.lang.Boolean(Optional) Should OIDC authentication be used? This can also be sourced from the ARM_USE_OIDC environment variable.
containerNameRequired 
public java.lang.String getContainerName();
  • Type: java.lang.String

(Required) The Name of the Storage Container within the Storage Account.

keyRequired 
public java.lang.String getKey();
  • Type: java.lang.String

(Required) The name of the Blob used to retrieve/store Terraform's State file inside the Storage Container.

storageAccountNameRequired 
public java.lang.String getStorageAccountName();
  • Type: java.lang.String

(Required) The Name of the Storage Account.

accessKeyOptional 
public java.lang.String getAccessKey();
  • Type: java.lang.String

access_key - (Optional) The Access Key used to access the Blob Storage Account.

This can also be sourced from the ARM_ACCESS_KEY environment variable.

clientCertificatePasswordOptional 
public java.lang.String getClientCertificatePassword();
  • Type: java.lang.String

(Optional) The password associated with the Client Certificate specified in client_certificate_path.

This can also be sourced from the ARM_CLIENT_CERTIFICATE_PASSWORD environment variable.

clientCertificatePathOptional 
public java.lang.String getClientCertificatePath();
  • Type: java.lang.String

(Optional) The path to the PFX file used as the Client Certificate when authenticating as a Service Principal.

This can also be sourced from the ARM_CLIENT_CERTIFICATE_PATH environment variable.

clientIdOptional 
public java.lang.String getClientId();
  • Type: java.lang.String

(Optional) The Client ID of the Service Principal.

This can also be sourced from the ARM_CLIENT_ID environment variable.

clientSecretOptional 
public java.lang.String getClientSecret();
  • Type: java.lang.String

(Optional) The Client Secret of the Service Principal.

This can also be sourced from the ARM_CLIENT_SECRET environment variable.

endpointOptional 
public java.lang.String getEndpoint();
  • Type: java.lang.String

(Optional) The Custom Endpoint for Azure Resource Manager. This can also be sourced from the ARM_ENDPOINT environment variable.

NOTE: An endpoint should only be configured when using Azure Stack.

environmentOptional 
public java.lang.String getEnvironment();
  • Type: java.lang.String

(Optional) The Azure Environment which should be used.

This can also be sourced from the ARM_ENVIRONMENT environment variable. Possible values are public, china, german, stack and usgovernment. Defaults to public.

metadataHostOptional 
public java.lang.String getMetadataHost();
  • Type: java.lang.String

(Optional) The Hostname of the Azure Metadata Service (for example management.azure.com), used to obtain the Cloud Environment when using a Custom Azure Environment. This can also be sourced from the ARM_METADATA_HOSTNAME Environment Variable.).

msiEndpointOptional 
public java.lang.String getMsiEndpoint();
  • Type: java.lang.String

(Optional) The path to a custom Managed Service Identity endpoint which is automatically determined if not specified.

This can also be sourced from the ARM_MSI_ENDPOINT environment variable.

oidcRequestTokenOptional 
public java.lang.String getOidcRequestToken();
  • Type: java.lang.String

(Optional) The bearer token for the request to the OIDC provider.

This can also be sourced from the ARM_OIDC_REQUEST_TOKEN or ACTIONS_ID_TOKEN_REQUEST_TOKEN environment variables.

oidcRequestUrlOptional 
public java.lang.String getOidcRequestUrl();
  • Type: java.lang.String

(Optional) The URL for the OIDC provider from which to request an ID token.

This can also be sourced from the ARM_OIDC_REQUEST_URL or ACTIONS_ID_TOKEN_REQUEST_URL environment variables.

oidcTokenOptional 
public java.lang.String getOidcToken();
  • Type: java.lang.String

(Optional) The ID token when authenticating using OpenID Connect (OIDC).

This can also be sourced from the ARM_OIDC_TOKEN environment variable.

oidcTokenFilePathOptional 
public java.lang.String getOidcTokenFilePath();
  • Type: java.lang.String

(Optional) The path to a file containing an ID token when authenticating using OpenID Connect (OIDC).

This can also be sourced from the ARM_OIDC_TOKEN_FILE_PATH environment variable.

resourceGroupNameOptional 
public java.lang.String getResourceGroupName();
  • Type: java.lang.String

(Required) The Name of the Resource Group in which the Storage Account exists.

sasTokenOptional 
public java.lang.String getSasToken();
  • Type: java.lang.String

(Optional) The SAS Token used to access the Blob Storage Account.

This can also be sourced from the ARM_SAS_TOKEN environment variable.

snapshotOptional 
public java.lang.Boolean getSnapshot();
  • Type: java.lang.Boolean

(Optional) Should the Blob used to store the Terraform Statefile be snapshotted before use?

Defaults to false. This value can also be sourced from the ARM_SNAPSHOT environment variable.

subscriptionIdOptional 
public java.lang.String getSubscriptionId();
  • Type: java.lang.String

(Optional) The Subscription ID in which the Storage Account exists.

This can also be sourced from the ARM_SUBSCRIPTION_ID environment variable.

tenantIdOptional 
public java.lang.String getTenantId();
  • Type: java.lang.String

(Optional) The Tenant ID in which the Subscription exists.

This can also be sourced from the ARM_TENANT_ID environment variable.

useAzureadAuthOptional 
public java.lang.Boolean getUseAzureadAuth();
  • Type: java.lang.Boolean

(Optional) Should AzureAD Authentication be used to access the Blob Storage Account.

This can also be sourced from the ARM_USE_AZUREAD environment variable.

Note: When using AzureAD for Authentication to Storage you also need to ensure the Storage Blob Data Owner role is assigned.

useMicrosoftGraphOptional 
public java.lang.Boolean getUseMicrosoftGraph();
  • Type: java.lang.Boolean

(Optional) Should MSAL be used for authentication instead of ADAL, and should Microsoft Graph be used instead of Azure Active Directory Graph?

Defaults to true.

Note: In Terraform 1.2 the Azure Backend uses MSAL (and Microsoft Graph) rather than ADAL (and Azure Active Directory Graph) for authentication by default - you can disable this by setting use_microsoft_graph to false. This setting will be removed in Terraform 1.3, due to Microsoft's deprecation of ADAL.

useMsiOptional 
public java.lang.Boolean getUseMsi();
  • Type: java.lang.Boolean

(Optional) Should Managed Service Identity authentication be used?

This can also be sourced from the ARM_USE_MSI environment variable.

useOidcOptional 
public java.lang.Boolean getUseOidc();
  • Type: java.lang.Boolean

(Optional) Should OIDC authentication be used? This can also be sourced from the ARM_USE_OIDC environment variable.

Note: When using OIDC for authentication, use_microsoft_graph must be set to true (which is the default).

CloudBackendConfig

The Cloud Backend synthesizes a {@link https://developer.hashicorp.com/terraform/cli/cloud/settings#the-cloud-block cloud block}. The cloud block is a nested block within the top-level terraform settings block. It specifies which Terraform Cloud workspaces to use for the current working directory. The cloud block only affects Terraform CLI's behavior. When Terraform Cloud uses a configuration that contains a cloud block - for example, when a workspace is configured to use a VCS provider directly - it ignores the block and behaves according to its own workspace settings.

https://developer.hashicorp.com/terraform/cli/cloud/settings#arguments

Initializer 

import com.hashicorp.cdktf.CloudBackendConfig;

CloudBackendConfig.builder()
    .organization(java.lang.String)
    .workspaces(NamedCloudWorkspace)
    .workspaces(TaggedCloudWorkspaces)
//  .hostname(java.lang.String)
//  .token(java.lang.String)
    .build();

Properties

NameTypeDescription
organizationjava.lang.StringThe name of the organization containing the workspace(s) the current configuration should use.
workspacesNamedCloudWorkspace OR TaggedCloudWorkspacesA nested block that specifies which remote Terraform Cloud workspaces to use for the current configuration.
hostnamejava.lang.StringThe hostname of a Terraform Enterprise installation, if using Terraform Enterprise.
tokenjava.lang.StringThe token used to authenticate with Terraform Cloud.
organizationRequired 
public java.lang.String getOrganization();
  • Type: java.lang.String

The name of the organization containing the workspace(s) the current configuration should use.

workspacesRequired 
public java.lang.Object getWorkspaces();

A nested block that specifies which remote Terraform Cloud workspaces to use for the current configuration.

The workspaces block must contain exactly one of the following arguments, each denoting a strategy for how workspaces should be mapped:

hostnameOptional 
public java.lang.String getHostname();
  • Type: java.lang.String
  • Default: app.terraform.io

The hostname of a Terraform Enterprise installation, if using Terraform Enterprise.

tokenOptional 
public java.lang.String getToken();
  • Type: java.lang.String

The token used to authenticate with Terraform Cloud.

We recommend omitting the token from the configuration, and instead using terraform login or manually configuring credentials in the CLI config file.

ConsulBackendConfig

Stores the state in the Consul KV store at a given path. This backend supports state locking.

Read more about this backend in the Terraform docs: https://developer.hashicorp.com/terraform/language/settings/backends/consul

Initializer 

import com.hashicorp.cdktf.ConsulBackendConfig;

ConsulBackendConfig.builder()
    .accessToken(java.lang.String)
    .path(java.lang.String)
//  .address(java.lang.String)
//  .caFile(java.lang.String)
//  .certFile(java.lang.String)
//  .datacenter(java.lang.String)
//  .gzip(java.lang.Boolean)
//  .httpAuth(java.lang.String)
//  .keyFile(java.lang.String)
//  .lock(java.lang.Boolean)
//  .scheme(java.lang.String)
    .build();

Properties

NameTypeDescription
accessTokenjava.lang.String(Required) Access token.
pathjava.lang.String(Required) Path in the Consul KV store.
addressjava.lang.String(Optional) DNS name and port of your Consul endpoint specified in the format dnsname:port.
caFilejava.lang.String(Optional) A path to a PEM-encoded certificate authority used to verify the remote agent's certificate.
certFilejava.lang.String(Optional) A path to a PEM-encoded certificate provided to the remote agent;
datacenterjava.lang.String(Optional) The datacenter to use.
gzipjava.lang.Boolean(Optional) true to compress the state data using gzip, or false (the default) to leave it uncompressed.
httpAuthjava.lang.String(Optional) HTTP Basic Authentication credentials to be used when communicating with Consul, in the format of either user or user:pass.
keyFilejava.lang.String(Optional) A path to a PEM-encoded private key, required if cert_file is specified.
lockjava.lang.Boolean(Optional) false to disable locking.
schemejava.lang.String(Optional) Specifies what protocol to use when talking to the given address,either http or https.
accessTokenRequired 
public java.lang.String getAccessToken();
  • Type: java.lang.String

(Required) Access token.

pathRequired 
public java.lang.String getPath();
  • Type: java.lang.String

(Required) Path in the Consul KV store.

addressOptional 
public java.lang.String getAddress();
  • Type: java.lang.String

(Optional) DNS name and port of your Consul endpoint specified in the format dnsname:port.

Defaults to the local agent HTTP listener.

caFileOptional 
public java.lang.String getCaFile();
  • Type: java.lang.String

(Optional) A path to a PEM-encoded certificate authority used to verify the remote agent's certificate.

certFileOptional 
public java.lang.String getCertFile();
  • Type: java.lang.String

(Optional) A path to a PEM-encoded certificate provided to the remote agent;

requires use of key_file.

datacenterOptional 
public java.lang.String getDatacenter();
  • Type: java.lang.String

(Optional) The datacenter to use.

Defaults to that of the agent.

gzipOptional 
public java.lang.Boolean getGzip();
  • Type: java.lang.Boolean

(Optional) true to compress the state data using gzip, or false (the default) to leave it uncompressed.

httpAuthOptional 
public java.lang.String getHttpAuth();
  • Type: java.lang.String

(Optional) HTTP Basic Authentication credentials to be used when communicating with Consul, in the format of either user or user:pass.

keyFileOptional 
public java.lang.String getKeyFile();
  • Type: java.lang.String

(Optional) A path to a PEM-encoded private key, required if cert_file is specified.

lockOptional 
public java.lang.Boolean getLock();
  • Type: java.lang.Boolean

(Optional) false to disable locking.

This defaults to true, but will require session permissions with Consul and at least kv write permissions on $path/.lock to perform locking.

schemeOptional 
public java.lang.String getScheme();
  • Type: java.lang.String

(Optional) Specifies what protocol to use when talking to the given address,either http or https.

SSL support can also be triggered by setting then environment variable CONSUL_HTTP_SSL to true.

CosBackendAssumeRole

Initializer 

import com.hashicorp.cdktf.CosBackendAssumeRole;

CosBackendAssumeRole.builder()
    .roleArn(java.lang.String)
    .sessionDuration(java.lang.Number)
    .sessionName(java.lang.String)
//  .policy(java.lang.Object)
    .build();

Properties

NameTypeDescription
roleArnjava.lang.String(Required) The ARN of the role to assume.
sessionDurationjava.lang.Number(Required) The duration of the session when making the AssumeRole call.
sessionNamejava.lang.String(Required) The session name to use when making the AssumeRole call.
policyjava.lang.Object(Optional) A more restrictive policy when making the AssumeRole call.
roleArnRequired 
public java.lang.String getRoleArn();
  • Type: java.lang.String

(Required) The ARN of the role to assume.

It can be sourced from the TENCENTCLOUD_ASSUME_ROLE_ARN.

sessionDurationRequired 
public java.lang.Number getSessionDuration();
  • Type: java.lang.Number

(Required) The duration of the session when making the AssumeRole call.

Its value ranges from 0 to 43200(seconds), and default is 7200 seconds. It can be sourced from the TENCENTCLOUD_ASSUME_ROLE_SESSION_DURATION.

sessionNameRequired 
public java.lang.String getSessionName();
  • Type: java.lang.String

(Required) The session name to use when making the AssumeRole call.

It can be sourced from the TENCENTCLOUD_ASSUME_ROLE_SESSION_NAME.

policyOptional 
public java.lang.Object getPolicy();
  • Type: java.lang.Object

(Optional) A more restrictive policy when making the AssumeRole call.

Its content must not contains principal elements. Please refer to {@link https://www.tencentcloud.com/document/product/598/10603 policies syntax logic}.

CosBackendConfig

Stores the state as an object in a configurable prefix in a given bucket on Tencent Cloud Object Storage (COS).

This backend supports state locking.

Warning! It is highly recommended that you enable Object Versioning on the COS bucket to allow for state recovery in the case of accidental deletions and human error.

Read more about this backend in the Terraform docs: https://developer.hashicorp.com/terraform/language/settings/backends/cos

Initializer 

import com.hashicorp.cdktf.CosBackendConfig;

CosBackendConfig.builder()
    .bucket(java.lang.String)
//  .accelerate(java.lang.Boolean)
//  .acl(java.lang.String)
//  .assumeRole(CosBackendAssumeRole)
//  .domain(java.lang.String)
//  .encrypt(java.lang.Boolean)
//  .endpoint(java.lang.String)
//  .key(java.lang.String)
//  .prefix(java.lang.String)
//  .region(java.lang.String)
//  .secretId(java.lang.String)
//  .secretKey(java.lang.String)
//  .securityToken(java.lang.String)
    .build();

Properties

NameTypeDescription
bucketjava.lang.String(Required) The name of the COS bucket.
acceleratejava.lang.Boolean(Optional) Whether to enable global Acceleration.
acljava.lang.String(Optional) Object ACL to be applied to the state file, allows private and public-read.
assumeRoleCosBackendAssumeRole(Optional) The assume_role block.
domainjava.lang.String(Optional) The root domain of the API request.
encryptjava.lang.Boolean(Optional) Whether to enable server side encryption of the state file.
endpointjava.lang.String(Optional) The Custom Endpoint for the COS backend.
keyjava.lang.String(Optional) The path for saving the state file in bucket.
prefixjava.lang.String(Optional) The directory for saving the state file in bucket.
regionjava.lang.String(Optional) The region of the COS bucket.
secretIdjava.lang.String(Optional) Secret id of Tencent Cloud.
secretKeyjava.lang.String(Optional) Secret key of Tencent Cloud.
securityTokenjava.lang.String(Optional) TencentCloud Security Token of temporary access credentials.
bucketRequired 
public java.lang.String getBucket();
  • Type: java.lang.String

(Required) The name of the COS bucket.

You shall manually create it first.

accelerateOptional 
public java.lang.Boolean getAccelerate();
  • Type: java.lang.Boolean

(Optional) Whether to enable global Acceleration.

Defaults to false.

aclOptional 
public java.lang.String getAcl();
  • Type: java.lang.String

(Optional) Object ACL to be applied to the state file, allows private and public-read.

Defaults to private.

assumeRoleOptional 
public CosBackendAssumeRole getAssumeRole();

(Optional) The assume_role block.

If provided, terraform will attempt to assume this role using the supplied credentials.

domainOptional 
public java.lang.String getDomain();
  • Type: java.lang.String

(Optional) The root domain of the API request.

Defaults to tencentcloudapi.com. It supports the environment variable TENCENTCLOUD_DOMAIN.

encryptOptional 
public java.lang.Boolean getEncrypt();
  • Type: java.lang.Boolean

(Optional) Whether to enable server side encryption of the state file.

If it is true, COS will use 'AES256' encryption algorithm to encrypt state file.

endpointOptional 
public java.lang.String getEndpoint();
  • Type: java.lang.String

(Optional) The Custom Endpoint for the COS backend.

It supports the environment variable TENCENTCLOUD_ENDPOINT.

keyOptional 
public java.lang.String getKey();
  • Type: java.lang.String

(Optional) The path for saving the state file in bucket.

Defaults to terraform.tfstate.

prefixOptional 
public java.lang.String getPrefix();
  • Type: java.lang.String

(Optional) The directory for saving the state file in bucket.

Default to "env:".

regionOptional 
public java.lang.String getRegion();
  • Type: java.lang.String

(Optional) The region of the COS bucket.

It supports environment variables TENCENTCLOUD_REGION.

secretIdOptional 
public java.lang.String getSecretId();
  • Type: java.lang.String

(Optional) Secret id of Tencent Cloud.

It supports environment variables TENCENTCLOUD_SECRET_ID.

secretKeyOptional 
public java.lang.String getSecretKey();
  • Type: java.lang.String

(Optional) Secret key of Tencent Cloud.

It supports environment variables TENCENTCLOUD_SECRET_KEY.

securityTokenOptional 
public java.lang.String getSecurityToken();
  • Type: java.lang.String

(Optional) TencentCloud Security Token of temporary access credentials.

It supports environment variables TENCENTCLOUD_SECURITY_TOKEN.

DataConfig

Initializer 

import com.hashicorp.cdktf.DataConfig;

DataConfig.builder()
//  .connection(SSHProvisionerConnection)
//  .connection(WinrmProvisionerConnection)
//  .count(java.lang.Number)
//  .count(TerraformCount)
//  .dependsOn(java.util.List< ITerraformDependable >)
//  .forEach(ITerraformIterator)
//  .lifecycle(TerraformResourceLifecycle)
//  .provider(TerraformProvider)
//  .provisioners(java.util.List<  FileProvisioner)
//  .provisioners(LocalExecProvisioner)
//  .provisioners(RemoteExecProvisioner >)
//  .input(java.util.Map< java.lang.String, java.lang.Object >)
//  .triggersReplace(java.util.Map< java.lang.String, java.lang.Object >)
    .build();

Properties

NameTypeDescription
connectionSSHProvisionerConnection OR WinrmProvisionerConnectionNo description.
countjava.lang.Number OR TerraformCountNo description.
dependsOnjava.util.List< ITerraformDependable>No description.
forEachITerraformIteratorNo description.
lifecycleTerraformResourceLifecycleNo description.
providerTerraformProviderNo description.
provisionersjava.util.List< FileProvisioner OR LocalExecProvisioner OR RemoteExecProvisioner>No description.
inputjava.util.Map< java.lang.String, java.lang.Object >(Optional) A value which will be stored in the instance state, and reflected in the output attribute after apply.
triggersReplacejava.util.Map< java.lang.String, java.lang.Object >(Optional) A value which is stored in the instance state, and will force replacement when the value changes.
connectionOptional 
public java.lang.Object getConnection();
countOptional 
public java.lang.Object getCount();
dependsOnOptional 
public java.util.List< ITerraformDependable > getDependsOn();
forEachOptional 
public ITerraformIterator getForEach();
lifecycleOptional 
public TerraformResourceLifecycle getLifecycle();
providerOptional 
public TerraformProvider getProvider();
provisionersOptional 
public java.lang.Object getProvisioners();
inputOptional 
public java.util.Map< java.lang.String, java.lang.Object > getInput();
  • Type: java.util.Map< java.lang.String, java.lang.Object >

(Optional) A value which will be stored in the instance state, and reflected in the output attribute after apply.

https://developer.hashicorp.com/terraform/language/resources/terraform-data#input

triggersReplaceOptional 
public java.util.Map< java.lang.String, java.lang.Object > getTriggersReplace();
  • Type: java.util.Map< java.lang.String, java.lang.Object >

(Optional) A value which is stored in the instance state, and will force replacement when the value changes.

https://developer.hashicorp.com/terraform/language/resources/terraform-data#triggers_replace

DataTerraformRemoteStateAzurermConfig

Initializer 

import com.hashicorp.cdktf.DataTerraformRemoteStateAzurermConfig;

DataTerraformRemoteStateAzurermConfig.builder()
//  .defaults(java.util.Map< java.lang.String, java.lang.Object >)
//  .workspace(java.lang.String)
    .containerName(java.lang.String)
    .key(java.lang.String)
    .storageAccountName(java.lang.String)
//  .accessKey(java.lang.String)
//  .clientCertificatePassword(java.lang.String)
//  .clientCertificatePath(java.lang.String)
//  .clientId(java.lang.String)
//  .clientSecret(java.lang.String)
//  .endpoint(java.lang.String)
//  .environment(java.lang.String)
//  .metadataHost(java.lang.String)
//  .msiEndpoint(java.lang.String)
//  .oidcRequestToken(java.lang.String)
//  .oidcRequestUrl(java.lang.String)
//  .oidcToken(java.lang.String)
//  .oidcTokenFilePath(java.lang.String)
//  .resourceGroupName(java.lang.String)
//  .sasToken(java.lang.String)
//  .snapshot(java.lang.Boolean)
//  .subscriptionId(java.lang.String)
//  .tenantId(java.lang.String)
//  .useAzureadAuth(java.lang.Boolean)
//  .useMicrosoftGraph(java.lang.Boolean)
//  .useMsi(java.lang.Boolean)
//  .useOidc(java.lang.Boolean)
    .build();

Properties

NameTypeDescription
defaultsjava.util.Map< java.lang.String, java.lang.Object >No description.
workspacejava.lang.StringNo description.
containerNamejava.lang.String(Required) The Name of the Storage Container within the Storage Account.
keyjava.lang.String(Required) The name of the Blob used to retrieve/store Terraform's State file inside the Storage Container.
storageAccountNamejava.lang.String(Required) The Name of the Storage Account.
accessKeyjava.lang.Stringaccess_key - (Optional) The Access Key used to access the Blob Storage Account.
clientCertificatePasswordjava.lang.String(Optional) The password associated with the Client Certificate specified in client_certificate_path.
clientCertificatePathjava.lang.String(Optional) The path to the PFX file used as the Client Certificate when authenticating as a Service Principal.
clientIdjava.lang.String(Optional) The Client ID of the Service Principal.
clientSecretjava.lang.String(Optional) The Client Secret of the Service Principal.
endpointjava.lang.String(Optional) The Custom Endpoint for Azure Resource Manager. This can also be sourced from the ARM_ENDPOINT environment variable.
environmentjava.lang.String(Optional) The Azure Environment which should be used.
metadataHostjava.lang.String(Optional) The Hostname of the Azure Metadata Service (for example management.azure.com), used to obtain the Cloud Environment when using a Custom Azure Environment. This can also be sourced from the ARM_METADATA_HOSTNAME Environment Variable.).
msiEndpointjava.lang.String(Optional) The path to a custom Managed Service Identity endpoint which is automatically determined if not specified.
oidcRequestTokenjava.lang.String(Optional) The bearer token for the request to the OIDC provider.
oidcRequestUrljava.lang.String(Optional) The URL for the OIDC provider from which to request an ID token.
oidcTokenjava.lang.String(Optional) The ID token when authenticating using OpenID Connect (OIDC).
oidcTokenFilePathjava.lang.String(Optional) The path to a file containing an ID token when authenticating using OpenID Connect (OIDC).
resourceGroupNamejava.lang.String(Required) The Name of the Resource Group in which the Storage Account exists.
sasTokenjava.lang.String(Optional) The SAS Token used to access the Blob Storage Account.
snapshotjava.lang.Boolean(Optional) Should the Blob used to store the Terraform Statefile be snapshotted before use?
subscriptionIdjava.lang.String(Optional) The Subscription ID in which the Storage Account exists.
tenantIdjava.lang.String(Optional) The Tenant ID in which the Subscription exists.
useAzureadAuthjava.lang.Boolean(Optional) Should AzureAD Authentication be used to access the Blob Storage Account.
useMicrosoftGraphjava.lang.Boolean(Optional) Should MSAL be used for authentication instead of ADAL, and should Microsoft Graph be used instead of Azure Active Directory Graph?
useMsijava.lang.Boolean(Optional) Should Managed Service Identity authentication be used?
useOidcjava.lang.Boolean(Optional) Should OIDC authentication be used? This can also be sourced from the ARM_USE_OIDC environment variable.
defaultsOptional 
public java.util.Map< java.lang.String, java.lang.Object > getDefaults();
  • Type: java.util.Map< java.lang.String, java.lang.Object >
workspaceOptional 
public java.lang.String getWorkspace();
  • Type: java.lang.String
containerNameRequired 
public java.lang.String getContainerName();
  • Type: java.lang.String

(Required) The Name of the Storage Container within the Storage Account.

keyRequired 
public java.lang.String getKey();
  • Type: java.lang.String

(Required) The name of the Blob used to retrieve/store Terraform's State file inside the Storage Container.

storageAccountNameRequired 
public java.lang.String getStorageAccountName();
  • Type: java.lang.String

(Required) The Name of the Storage Account.

accessKeyOptional 
public java.lang.String getAccessKey();
  • Type: java.lang.String

access_key - (Optional) The Access Key used to access the Blob Storage Account.

This can also be sourced from the ARM_ACCESS_KEY environment variable.

clientCertificatePasswordOptional 
public java.lang.String getClientCertificatePassword();
  • Type: java.lang.String

(Optional) The password associated with the Client Certificate specified in client_certificate_path.

This can also be sourced from the ARM_CLIENT_CERTIFICATE_PASSWORD environment variable.

clientCertificatePathOptional 
public java.lang.String getClientCertificatePath();
  • Type: java.lang.String

(Optional) The path to the PFX file used as the Client Certificate when authenticating as a Service Principal.

This can also be sourced from the ARM_CLIENT_CERTIFICATE_PATH environment variable.

clientIdOptional 
public java.lang.String getClientId();
  • Type: java.lang.String

(Optional) The Client ID of the Service Principal.

This can also be sourced from the ARM_CLIENT_ID environment variable.

clientSecretOptional 
public java.lang.String getClientSecret();
  • Type: java.lang.String

(Optional) The Client Secret of the Service Principal.

This can also be sourced from the ARM_CLIENT_SECRET environment variable.

endpointOptional 
public java.lang.String getEndpoint();
  • Type: java.lang.String

(Optional) The Custom Endpoint for Azure Resource Manager. This can also be sourced from the ARM_ENDPOINT environment variable.

NOTE: An endpoint should only be configured when using Azure Stack.

environmentOptional 
public java.lang.String getEnvironment();
  • Type: java.lang.String

(Optional) The Azure Environment which should be used.

This can also be sourced from the ARM_ENVIRONMENT environment variable. Possible values are public, china, german, stack and usgovernment. Defaults to public.

metadataHostOptional 
public java.lang.String getMetadataHost();
  • Type: java.lang.String

(Optional) The Hostname of the Azure Metadata Service (for example management.azure.com), used to obtain the Cloud Environment when using a Custom Azure Environment. This can also be sourced from the ARM_METADATA_HOSTNAME Environment Variable.).

msiEndpointOptional 
public java.lang.String getMsiEndpoint();
  • Type: java.lang.String

(Optional) The path to a custom Managed Service Identity endpoint which is automatically determined if not specified.

This can also be sourced from the ARM_MSI_ENDPOINT environment variable.

oidcRequestTokenOptional 
public java.lang.String getOidcRequestToken();
  • Type: java.lang.String

(Optional) The bearer token for the request to the OIDC provider.

This can also be sourced from the ARM_OIDC_REQUEST_TOKEN or ACTIONS_ID_TOKEN_REQUEST_TOKEN environment variables.

oidcRequestUrlOptional 
public java.lang.String getOidcRequestUrl();
  • Type: java.lang.String

(Optional) The URL for the OIDC provider from which to request an ID token.

This can also be sourced from the ARM_OIDC_REQUEST_URL or ACTIONS_ID_TOKEN_REQUEST_URL environment variables.

oidcTokenOptional 
public java.lang.String getOidcToken();
  • Type: java.lang.String

(Optional) The ID token when authenticating using OpenID Connect (OIDC).

This can also be sourced from the ARM_OIDC_TOKEN environment variable.

oidcTokenFilePathOptional 
public java.lang.String getOidcTokenFilePath();
  • Type: java.lang.String

(Optional) The path to a file containing an ID token when authenticating using OpenID Connect (OIDC).

This can also be sourced from the ARM_OIDC_TOKEN_FILE_PATH environment variable.

resourceGroupNameOptional 
public java.lang.String getResourceGroupName();
  • Type: java.lang.String

(Required) The Name of the Resource Group in which the Storage Account exists.

sasTokenOptional 
public java.lang.String getSasToken();
  • Type: java.lang.String

(Optional) The SAS Token used to access the Blob Storage Account.

This can also be sourced from the ARM_SAS_TOKEN environment variable.

snapshotOptional 
public java.lang.Boolean getSnapshot();
  • Type: java.lang.Boolean

(Optional) Should the Blob used to store the Terraform Statefile be snapshotted before use?

Defaults to false. This value can also be sourced from the ARM_SNAPSHOT environment variable.

subscriptionIdOptional 
public java.lang.String getSubscriptionId();
  • Type: java.lang.String

(Optional) The Subscription ID in which the Storage Account exists.

This can also be sourced from the ARM_SUBSCRIPTION_ID environment variable.

tenantIdOptional 
public java.lang.String getTenantId();
  • Type: java.lang.String

(Optional) The Tenant ID in which the Subscription exists.

This can also be sourced from the ARM_TENANT_ID environment variable.

useAzureadAuthOptional 
public java.lang.Boolean getUseAzureadAuth();
  • Type: java.lang.Boolean

(Optional) Should AzureAD Authentication be used to access the Blob Storage Account.

This can also be sourced from the ARM_USE_AZUREAD environment variable.

Note: When using AzureAD for Authentication to Storage you also need to ensure the Storage Blob Data Owner role is assigned.

useMicrosoftGraphOptional 
public java.lang.Boolean getUseMicrosoftGraph();
  • Type: java.lang.Boolean

(Optional) Should MSAL be used for authentication instead of ADAL, and should Microsoft Graph be used instead of Azure Active Directory Graph?

Defaults to true.

Note: In Terraform 1.2 the Azure Backend uses MSAL (and Microsoft Graph) rather than ADAL (and Azure Active Directory Graph) for authentication by default - you can disable this by setting use_microsoft_graph to false. This setting will be removed in Terraform 1.3, due to Microsoft's deprecation of ADAL.

useMsiOptional 
public java.lang.Boolean getUseMsi();
  • Type: java.lang.Boolean

(Optional) Should Managed Service Identity authentication be used?

This can also be sourced from the ARM_USE_MSI environment variable.

useOidcOptional 
public java.lang.Boolean getUseOidc();
  • Type: java.lang.Boolean

(Optional) Should OIDC authentication be used? This can also be sourced from the ARM_USE_OIDC environment variable.

Note: When using OIDC for authentication, use_microsoft_graph must be set to true (which is the default).

DataTerraformRemoteStateConfig

Initializer 

import com.hashicorp.cdktf.DataTerraformRemoteStateConfig;

DataTerraformRemoteStateConfig.builder()
//  .defaults(java.util.Map< java.lang.String, java.lang.Object >)
//  .workspace(java.lang.String)
    .build();

Properties

NameTypeDescription
defaultsjava.util.Map< java.lang.String, java.lang.Object >No description.
workspacejava.lang.StringNo description.
defaultsOptional 
public java.util.Map< java.lang.String, java.lang.Object > getDefaults();
  • Type: java.util.Map< java.lang.String, java.lang.Object >
workspaceOptional 
public java.lang.String getWorkspace();
  • Type: java.lang.String

DataTerraformRemoteStateConsulConfig

Initializer 

import com.hashicorp.cdktf.DataTerraformRemoteStateConsulConfig;

DataTerraformRemoteStateConsulConfig.builder()
//  .defaults(java.util.Map< java.lang.String, java.lang.Object >)
//  .workspace(java.lang.String)
    .accessToken(java.lang.String)
    .path(java.lang.String)
//  .address(java.lang.String)
//  .caFile(java.lang.String)
//  .certFile(java.lang.String)
//  .datacenter(java.lang.String)
//  .gzip(java.lang.Boolean)
//  .httpAuth(java.lang.String)
//  .keyFile(java.lang.String)
//  .lock(java.lang.Boolean)
//  .scheme(java.lang.String)
    .build();

Properties

NameTypeDescription
defaultsjava.util.Map< java.lang.String, java.lang.Object >No description.
workspacejava.lang.StringNo description.
accessTokenjava.lang.String(Required) Access token.
pathjava.lang.String(Required) Path in the Consul KV store.
addressjava.lang.String(Optional) DNS name and port of your Consul endpoint specified in the format dnsname:port.
caFilejava.lang.String(Optional) A path to a PEM-encoded certificate authority used to verify the remote agent's certificate.
certFilejava.lang.String(Optional) A path to a PEM-encoded certificate provided to the remote agent;
datacenterjava.lang.String(Optional) The datacenter to use.
gzipjava.lang.Boolean(Optional) true to compress the state data using gzip, or false (the default) to leave it uncompressed.
httpAuthjava.lang.String(Optional) HTTP Basic Authentication credentials to be used when communicating with Consul, in the format of either user or user:pass.
keyFilejava.lang.String(Optional) A path to a PEM-encoded private key, required if cert_file is specified.
lockjava.lang.Boolean(Optional) false to disable locking.
schemejava.lang.String(Optional) Specifies what protocol to use when talking to the given address,either http or https.
defaultsOptional 
public java.util.Map< java.lang.String, java.lang.Object > getDefaults();
  • Type: java.util.Map< java.lang.String, java.lang.Object >
workspaceOptional 
public java.lang.String getWorkspace();
  • Type: java.lang.String
accessTokenRequired 
public java.lang.String getAccessToken();
  • Type: java.lang.String

(Required) Access token.

pathRequired 
public java.lang.String getPath();
  • Type: java.lang.String

(Required) Path in the Consul KV store.

addressOptional 
public java.lang.String getAddress();
  • Type: java.lang.String

(Optional) DNS name and port of your Consul endpoint specified in the format dnsname:port.

Defaults to the local agent HTTP listener.

caFileOptional 
public java.lang.String getCaFile();
  • Type: java.lang.String

(Optional) A path to a PEM-encoded certificate authority used to verify the remote agent's certificate.

certFileOptional 
public java.lang.String getCertFile();
  • Type: java.lang.String

(Optional) A path to a PEM-encoded certificate provided to the remote agent;

requires use of key_file.

datacenterOptional 
public java.lang.String getDatacenter();
  • Type: java.lang.String

(Optional) The datacenter to use.

Defaults to that of the agent.

gzipOptional 
public java.lang.Boolean getGzip();
  • Type: java.lang.Boolean

(Optional) true to compress the state data using gzip, or false (the default) to leave it uncompressed.

httpAuthOptional 
public java.lang.String getHttpAuth();
  • Type: java.lang.String

(Optional) HTTP Basic Authentication credentials to be used when communicating with Consul, in the format of either user or user:pass.

keyFileOptional 
public java.lang.String getKeyFile();
  • Type: java.lang.String

(Optional) A path to a PEM-encoded private key, required if cert_file is specified.

lockOptional 
public java.lang.Boolean getLock();
  • Type: java.lang.Boolean

(Optional) false to disable locking.

This defaults to true, but will require session permissions with Consul and at least kv write permissions on $path/.lock to perform locking.

schemeOptional 
public java.lang.String getScheme();
  • Type: java.lang.String

(Optional) Specifies what protocol to use when talking to the given address,either http or https.

SSL support can also be triggered by setting then environment variable CONSUL_HTTP_SSL to true.

DataTerraformRemoteStateCosConfig

Initializer 

import com.hashicorp.cdktf.DataTerraformRemoteStateCosConfig;

DataTerraformRemoteStateCosConfig.builder()
//  .defaults(java.util.Map< java.lang.String, java.lang.Object >)
//  .workspace(java.lang.String)
    .bucket(java.lang.String)
//  .accelerate(java.lang.Boolean)
//  .acl(java.lang.String)
//  .assumeRole(CosBackendAssumeRole)
//  .domain(java.lang.String)
//  .encrypt(java.lang.Boolean)
//  .endpoint(java.lang.String)
//  .key(java.lang.String)
//  .prefix(java.lang.String)
//  .region(java.lang.String)
//  .secretId(java.lang.String)
//  .secretKey(java.lang.String)
//  .securityToken(java.lang.String)
    .build();

Properties

NameTypeDescription
defaultsjava.util.Map< java.lang.String, java.lang.Object >No description.
workspacejava.lang.StringNo description.
bucketjava.lang.String(Required) The name of the COS bucket.
acceleratejava.lang.Boolean(Optional) Whether to enable global Acceleration.
acljava.lang.String(Optional) Object ACL to be applied to the state file, allows private and public-read.
assumeRoleCosBackendAssumeRole(Optional) The assume_role block.
domainjava.lang.String(Optional) The root domain of the API request.
encryptjava.lang.Boolean(Optional) Whether to enable server side encryption of the state file.
endpointjava.lang.String(Optional) The Custom Endpoint for the COS backend.
keyjava.lang.String(Optional) The path for saving the state file in bucket.
prefixjava.lang.String(Optional) The directory for saving the state file in bucket.
regionjava.lang.String(Optional) The region of the COS bucket.
secretIdjava.lang.String(Optional) Secret id of Tencent Cloud.
secretKeyjava.lang.String(Optional) Secret key of Tencent Cloud.
securityTokenjava.lang.String(Optional) TencentCloud Security Token of temporary access credentials.
defaultsOptional 
public java.util.Map< java.lang.String, java.lang.Object > getDefaults();
  • Type: java.util.Map< java.lang.String, java.lang.Object >
workspaceOptional 
public java.lang.String getWorkspace();
  • Type: java.lang.String
bucketRequired 
public java.lang.String getBucket();
  • Type: java.lang.String

(Required) The name of the COS bucket.

You shall manually create it first.

accelerateOptional 
public java.lang.Boolean getAccelerate();
  • Type: java.lang.Boolean

(Optional) Whether to enable global Acceleration.

Defaults to false.

aclOptional 
public java.lang.String getAcl();
  • Type: java.lang.String

(Optional) Object ACL to be applied to the state file, allows private and public-read.

Defaults to private.

assumeRoleOptional 
public CosBackendAssumeRole getAssumeRole();

(Optional) The assume_role block.

If provided, terraform will attempt to assume this role using the supplied credentials.

domainOptional 
public java.lang.String getDomain();
  • Type: java.lang.String

(Optional) The root domain of the API request.

Defaults to tencentcloudapi.com. It supports the environment variable TENCENTCLOUD_DOMAIN.

encryptOptional 
public java.lang.Boolean getEncrypt();
  • Type: java.lang.Boolean

(Optional) Whether to enable server side encryption of the state file.

If it is true, COS will use 'AES256' encryption algorithm to encrypt state file.

endpointOptional 
public java.lang.String getEndpoint();
  • Type: java.lang.String

(Optional) The Custom Endpoint for the COS backend.

It supports the environment variable TENCENTCLOUD_ENDPOINT.

keyOptional 
public java.lang.String getKey();
  • Type: java.lang.String

(Optional) The path for saving the state file in bucket.

Defaults to terraform.tfstate.

prefixOptional 
public java.lang.String getPrefix();
  • Type: java.lang.String

(Optional) The directory for saving the state file in bucket.

Default to "env:".

regionOptional 
public java.lang.String getRegion();
  • Type: java.lang.String

(Optional) The region of the COS bucket.

It supports environment variables TENCENTCLOUD_REGION.

secretIdOptional 
public java.lang.String getSecretId();
  • Type: java.lang.String

(Optional) Secret id of Tencent Cloud.

It supports environment variables TENCENTCLOUD_SECRET_ID.

secretKeyOptional 
public java.lang.String getSecretKey();
  • Type: java.lang.String

(Optional) Secret key of Tencent Cloud.

It supports environment variables TENCENTCLOUD_SECRET_KEY.

securityTokenOptional 
public java.lang.String getSecurityToken();
  • Type: java.lang.String

(Optional) TencentCloud Security Token of temporary access credentials.

It supports environment variables TENCENTCLOUD_SECURITY_TOKEN.

DataTerraformRemoteStateGcsConfig

Initializer 

import com.hashicorp.cdktf.DataTerraformRemoteStateGcsConfig;

DataTerraformRemoteStateGcsConfig.builder()
//  .defaults(java.util.Map< java.lang.String, java.lang.Object >)
//  .workspace(java.lang.String)
    .bucket(java.lang.String)
//  .accessToken(java.lang.String)
//  .credentials(java.lang.String)
//  .encryptionKey(java.lang.String)
//  .impersonateServiceAccount(java.lang.String)
//  .impersonateServiceAccountDelegates(java.util.List< java.lang.String >)
//  .kmsEncryptionKey(java.lang.String)
//  .prefix(java.lang.String)
//  .storeageCustomEndpoint(java.lang.String)
    .build();

Properties

NameTypeDescription
defaultsjava.util.Map< java.lang.String, java.lang.Object >No description.
workspacejava.lang.StringNo description.
bucketjava.lang.String(Required) The name of the GCS bucket.
accessTokenjava.lang.String(Optional) A temporary [OAuth 2.0 access token] obtained from the Google Authorization server, i.e. the Authorization: Bearer token used to authenticate HTTP requests to GCP APIs. This is an alternative to credentials. If both are specified, access_token will be used over the credentials field.
credentialsjava.lang.String(Optional) Local path to Google Cloud Platform account credentials in JSON format.
encryptionKeyjava.lang.String(Optional) A 32 byte base64 encoded 'customer supplied encryption key' used to encrypt all state.
impersonateServiceAccountjava.lang.String(Optional) The service account to impersonate for accessing the State Bucket.
impersonateServiceAccountDelegatesjava.util.List< java.lang.String >(Optional) The delegation chain for an impersonating a service account.
kmsEncryptionKeyjava.lang.String(Optional) A Cloud KMS key ('customer-managed encryption key') used when reading and writing state files in the bucket.
prefixjava.lang.String(Optional) GCS prefix inside the bucket.
storeageCustomEndpointjava.lang.String(Optional) A URL containing three parts: the protocol, the DNS name pointing to a Private Service Connect endpoint, and the path for the Cloud Storage API (/storage/v1/b).
defaultsOptional 
public java.util.Map< java.lang.String, java.lang.Object > getDefaults();
  • Type: java.util.Map< java.lang.String, java.lang.Object >
workspaceOptional 
public java.lang.String getWorkspace();
  • Type: java.lang.String
bucketRequired 
public java.lang.String getBucket();
  • Type: java.lang.String

(Required) The name of the GCS bucket.

This name must be globally unique.

accessTokenOptional 
public java.lang.String getAccessToken();
  • Type: java.lang.String

(Optional) A temporary [OAuth 2.0 access token] obtained from the Google Authorization server, i.e. the Authorization: Bearer token used to authenticate HTTP requests to GCP APIs. This is an alternative to credentials. If both are specified, access_token will be used over the credentials field.

credentialsOptional 
public java.lang.String getCredentials();
  • Type: java.lang.String

(Optional) Local path to Google Cloud Platform account credentials in JSON format.

If unset, Google Application Default Credentials are used. The provided credentials must have Storage Object Admin role on the bucket.

Warning: if using the Google Cloud Platform provider as well, it will also pick up the GOOGLE_CREDENTIALS environment variable.

encryptionKeyOptional 
public java.lang.String getEncryptionKey();
  • Type: java.lang.String

(Optional) A 32 byte base64 encoded 'customer supplied encryption key' used to encrypt all state.

impersonateServiceAccountOptional 
public java.lang.String getImpersonateServiceAccount();
  • Type: java.lang.String

(Optional) The service account to impersonate for accessing the State Bucket.

You must have roles/iam.serviceAccountTokenCreator role on that account for the impersonation to succeed. If you are using a delegation chain, you can specify that using the impersonate_service_account_delegates field. Alternatively, this can be specified using the GOOGLE_IMPERSONATE_SERVICE_ACCOUNT environment variable.

impersonateServiceAccountDelegatesOptional 
public java.util.List< java.lang.String > getImpersonateServiceAccountDelegates();
  • Type: java.util.List< java.lang.String >

(Optional) The delegation chain for an impersonating a service account.

kmsEncryptionKeyOptional 
public java.lang.String getKmsEncryptionKey();
  • Type: java.lang.String

(Optional) A Cloud KMS key ('customer-managed encryption key') used when reading and writing state files in the bucket.

Format should be projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{name}}. For more information, including IAM requirements, see {@link https://cloud.google.com/storage/docs/encryption/customer-managed-keys Customer-managed Encryption Keys}.

prefixOptional 
public java.lang.String getPrefix();
  • Type: java.lang.String

(Optional) GCS prefix inside the bucket.

Named states for workspaces are stored in an object called < prefix >/< name >.tfstate.

storeageCustomEndpointOptional 
public java.lang.String getStoreageCustomEndpoint();
  • Type: java.lang.String

(Optional) A URL containing three parts: the protocol, the DNS name pointing to a Private Service Connect endpoint, and the path for the Cloud Storage API (/storage/v1/b).

{@link https://developer.hashicorp.com/terraform/language/settings/backends/gcs#storage_custom_endpoint See here for more details}

DataTerraformRemoteStateHttpConfig

Initializer 

import com.hashicorp.cdktf.DataTerraformRemoteStateHttpConfig;

DataTerraformRemoteStateHttpConfig.builder()
//  .defaults(java.util.Map< java.lang.String, java.lang.Object >)
//  .workspace(java.lang.String)
    .address(java.lang.String)
//  .clientCaCertificatePem(java.lang.String)
//  .clientCertificatePem(java.lang.String)
//  .clientPrivateKeyPem(java.lang.String)
//  .lockAddress(java.lang.String)
//  .lockMethod(java.lang.String)
//  .password(java.lang.String)
//  .retryMax(java.lang.Number)
//  .retryWaitMax(java.lang.Number)
//  .retryWaitMin(java.lang.Number)
//  .skipCertVerification(java.lang.Boolean)
//  .unlockAddress(java.lang.String)
//  .unlockMethod(java.lang.String)
//  .updateMethod(java.lang.String)
//  .username(java.lang.String)
    .build();

Properties

NameTypeDescription
defaultsjava.util.Map< java.lang.String, java.lang.Object >No description.
workspacejava.lang.StringNo description.
addressjava.lang.String(Required) The address of the REST endpoint.
clientCaCertificatePemjava.lang.String(Optional) A PEM-encoded CA certificate chain used by the client to verify server certificates during TLS authentication.
clientCertificatePemjava.lang.String(Optional) A PEM-encoded certificate used by the server to verify the client during mutual TLS (mTLS) authentication.
clientPrivateKeyPemjava.lang.String(Optional) A PEM-encoded private key, required if client_certificate_pem is specified.
lockAddressjava.lang.String(Optional) The address of the lock REST endpoint.
lockMethodjava.lang.String(Optional) The HTTP method to use when locking.
passwordjava.lang.String(Optional) The password for HTTP basic authentication.
retryMaxjava.lang.Number(Optional) The number of HTTP request retries.
retryWaitMaxjava.lang.Number(Optional) The maximum time in seconds to wait between HTTP request attempts.
retryWaitMinjava.lang.Number(Optional) The minimum time in seconds to wait between HTTP request attempts.
skipCertVerificationjava.lang.Boolean(Optional) Whether to skip TLS verification.
unlockAddressjava.lang.String(Optional) The address of the unlock REST endpoint.
unlockMethodjava.lang.String(Optional) The HTTP method to use when unlocking.
updateMethodjava.lang.String(Optional) HTTP method to use when updating state.
usernamejava.lang.String(Optional) The username for HTTP basic authentication.
defaultsOptional 
public java.util.Map< java.lang.String, java.lang.Object > getDefaults();
  • Type: java.util.Map< java.lang.String, java.lang.Object >
workspaceOptional 
public java.lang.String getWorkspace();
  • Type: java.lang.String
addressRequired 
public java.lang.String getAddress();
  • Type: java.lang.String

(Required) The address of the REST endpoint.

clientCaCertificatePemOptional 
public java.lang.String getClientCaCertificatePem();
  • Type: java.lang.String

(Optional) A PEM-encoded CA certificate chain used by the client to verify server certificates during TLS authentication.

clientCertificatePemOptional 
public java.lang.String getClientCertificatePem();
  • Type: java.lang.String

(Optional) A PEM-encoded certificate used by the server to verify the client during mutual TLS (mTLS) authentication.

clientPrivateKeyPemOptional 
public java.lang.String getClientPrivateKeyPem();
  • Type: java.lang.String

(Optional) A PEM-encoded private key, required if client_certificate_pem is specified.

lockAddressOptional 
public java.lang.String getLockAddress();
  • Type: java.lang.String

(Optional) The address of the lock REST endpoint.

Defaults to disabled.

lockMethodOptional 
public java.lang.String getLockMethod();
  • Type: java.lang.String

(Optional) The HTTP method to use when locking.

Defaults to LOCK.

passwordOptional 
public java.lang.String getPassword();
  • Type: java.lang.String

(Optional) The password for HTTP basic authentication.

retryMaxOptional 
public java.lang.Number getRetryMax();
  • Type: java.lang.Number

(Optional) The number of HTTP request retries.

Defaults to 2.

retryWaitMaxOptional 
public java.lang.Number getRetryWaitMax();
  • Type: java.lang.Number

(Optional) The maximum time in seconds to wait between HTTP request attempts.

Defaults to 30.

retryWaitMinOptional 
public java.lang.Number getRetryWaitMin();
  • Type: java.lang.Number

(Optional) The minimum time in seconds to wait between HTTP request attempts.

Defaults to 1.

skipCertVerificationOptional 
public java.lang.Boolean getSkipCertVerification();
  • Type: java.lang.Boolean

(Optional) Whether to skip TLS verification.

Defaults to false.

unlockAddressOptional 
public java.lang.String getUnlockAddress();
  • Type: java.lang.String

(Optional) The address of the unlock REST endpoint.

Defaults to disabled.

unlockMethodOptional 
public java.lang.String getUnlockMethod();
  • Type: java.lang.String

(Optional) The HTTP method to use when unlocking.

Defaults to UNLOCK.

updateMethodOptional 
public java.lang.String getUpdateMethod();
  • Type: java.lang.String

(Optional) HTTP method to use when updating state.

Defaults to POST.

usernameOptional 
public java.lang.String getUsername();
  • Type: java.lang.String

(Optional) The username for HTTP basic authentication.

DataTerraformRemoteStateLocalConfig

Initializer 

import com.hashicorp.cdktf.DataTerraformRemoteStateLocalConfig;

DataTerraformRemoteStateLocalConfig.builder()
//  .defaults(java.util.Map< java.lang.String, java.lang.Object >)
//  .workspace(java.lang.String)
//  .path(java.lang.String)
//  .workspaceDir(java.lang.String)
    .build();

Properties

NameTypeDescription
defaultsjava.util.Map< java.lang.String, java.lang.Object >No description.
workspacejava.lang.StringNo description.
pathjava.lang.StringPath where the state file is stored.
workspaceDirjava.lang.String(Optional) The path to non-default workspaces.
defaultsOptional 
public java.util.Map< java.lang.String, java.lang.Object > getDefaults();
  • Type: java.util.Map< java.lang.String, java.lang.Object >
workspaceOptional 
public java.lang.String getWorkspace();
  • Type: java.lang.String
pathOptional 
public java.lang.String getPath();
  • Type: java.lang.String
  • Default: defaults to terraform.${stackId}.tfstate

Path where the state file is stored.

workspaceDirOptional 
public java.lang.String getWorkspaceDir();
  • Type: java.lang.String

(Optional) The path to non-default workspaces.

DataTerraformRemoteStateOssConfig

Initializer 

import com.hashicorp.cdktf.DataTerraformRemoteStateOssConfig;

DataTerraformRemoteStateOssConfig.builder()
//  .defaults(java.util.Map< java.lang.String, java.lang.Object >)
//  .workspace(java.lang.String)
    .bucket(java.lang.String)
//  .accessKey(java.lang.String)
//  .acl(java.lang.String)
//  .assumeRole(OssAssumeRole)
//  .assumeRolePolicy(java.lang.String)
//  .assumeRoleRoleArn(java.lang.String)
//  .assumeRoleSessionExpiration(java.lang.Number)
//  .assumeRoleSessionName(java.lang.String)
//  .ecsRoleName(java.lang.String)
//  .encrypt(java.lang.Boolean)
//  .endpoint(java.lang.String)
//  .key(java.lang.String)
//  .prefix(java.lang.String)
//  .profile(java.lang.String)
//  .region(java.lang.String)
//  .secretKey(java.lang.String)
//  .securityToken(java.lang.String)
//  .sharedCredentialsFile(java.lang.String)
//  .stsEndpoint(java.lang.String)
//  .tablestoreEndpoint(java.lang.String)
//  .tablestoreTable(java.lang.String)
    .build();

Properties

NameTypeDescription
defaultsjava.util.Map< java.lang.String, java.lang.Object >No description.
workspacejava.lang.StringNo description.
bucketjava.lang.String(Required) The name of the OSS bucket.
accessKeyjava.lang.String(Optional) Alibaba Cloud access key.
acljava.lang.String(Optional) Object ACL to be applied to the state file.
assumeRoleOssAssumeRoleNo description.
assumeRolePolicyjava.lang.String(Optional, Available in 1.1.0+) A more restrictive policy to apply to the temporary credentials. This gives you a way to further restrict the permissions for the resulting temporary security credentials. You cannot use this policy to grant permissions that exceed those of the role that is being assumed.
assumeRoleRoleArnjava.lang.String(Optional, Available in 1.1.0+) The ARN of the role to assume. If ARN is set to an empty string, it does not perform role switching. It supports the environment variable ALICLOUD_ASSUME_ROLE_ARN. Terraform executes configuration on account with provided credentials.
assumeRoleSessionExpirationjava.lang.Number(Optional, Available in 1.1.0+) The time after which the established session for assuming role expires. Valid value range: [900-3600] seconds. Default to 3600 (in this case Alibaba Cloud uses its own default value). It supports environment variable ALICLOUD_ASSUME_ROLE_SESSION_EXPIRATION.
assumeRoleSessionNamejava.lang.String(Optional, Available in 1.1.0+) The session name to use when assuming the role. If omitted, 'terraform' is passed to the AssumeRole call as session name. It supports environment variable ALICLOUD_ASSUME_ROLE_SESSION_NAME.
ecsRoleNamejava.lang.String(Optional, Available in 0.12.14+) The RAM Role Name attached on a ECS instance for API operations. You can retrieve this from the 'Access Control' section of the Alibaba Cloud console.
encryptjava.lang.Boolean(Optional) Whether to enable server side encryption of the state file.
endpointjava.lang.String(Optional) A custom endpoint for the OSS API.
keyjava.lang.String(Optional) The name of the state file.
prefixjava.lang.String(Optional) The path directory of the state file will be stored.
profilejava.lang.String(Optional, Available in 0.12.8+) This is the Alibaba Cloud profile name as set in the shared credentials file. It can also be sourced from the ALICLOUD_PROFILE environment variable.
regionjava.lang.String(Optional) The region of the OSS bucket.
secretKeyjava.lang.String(Optional) Alibaba Cloud secret access key.
securityTokenjava.lang.String(Optional) STS access token.
sharedCredentialsFilejava.lang.String(Optional, Available in 0.12.8+) This is the path to the shared credentials file. It can also be sourced from the ALICLOUD_SHARED_CREDENTIALS_FILE environment variable. If this is not set and a profile is specified, ~/.aliyun/config.json will be used.
stsEndpointjava.lang.String(Optional, Available in 1.0.11+) Custom endpoint for the AliCloud Security Token Service (STS) API. It supports environment variable ALICLOUD_STS_ENDPOINT.
tablestoreEndpointjava.lang.String(Optional) A custom endpoint for the TableStore API.
tablestoreTablejava.lang.String(Optional) A TableStore table for state locking and consistency.
defaultsOptional 
public java.util.Map< java.lang.String, java.lang.Object > getDefaults();
  • Type: java.util.Map< java.lang.String, java.lang.Object >
workspaceOptional 
public java.lang.String getWorkspace();
  • Type: java.lang.String
bucketRequired 
public java.lang.String getBucket();
  • Type: java.lang.String

(Required) The name of the OSS bucket.

accessKeyOptional 
public java.lang.String getAccessKey();
  • Type: java.lang.String

(Optional) Alibaba Cloud access key.

It supports environment variables ALICLOUD_ACCESS_KEY and ALICLOUD_ACCESS_KEY_ID.

aclOptional 
public java.lang.String getAcl();
  • Type: java.lang.String

(Optional) Object ACL to be applied to the state file.

assumeRoleOptional
  • Deprecated: Use flattened assume role options
public OssAssumeRole getAssumeRole();
assumeRolePolicyOptional 
public java.lang.String getAssumeRolePolicy();
  • Type: java.lang.String

(Optional, Available in 1.1.0+) A more restrictive policy to apply to the temporary credentials. This gives you a way to further restrict the permissions for the resulting temporary security credentials. You cannot use this policy to grant permissions that exceed those of the role that is being assumed.

assumeRoleRoleArnOptional 
public java.lang.String getAssumeRoleRoleArn();
  • Type: java.lang.String

(Optional, Available in 1.1.0+) The ARN of the role to assume. If ARN is set to an empty string, it does not perform role switching. It supports the environment variable ALICLOUD_ASSUME_ROLE_ARN. Terraform executes configuration on account with provided credentials.

assumeRoleSessionExpirationOptional 
public java.lang.Number getAssumeRoleSessionExpiration();
  • Type: java.lang.Number

(Optional, Available in 1.1.0+) The time after which the established session for assuming role expires. Valid value range: [900-3600] seconds. Default to 3600 (in this case Alibaba Cloud uses its own default value). It supports environment variable ALICLOUD_ASSUME_ROLE_SESSION_EXPIRATION.

assumeRoleSessionNameOptional 
public java.lang.String getAssumeRoleSessionName();
  • Type: java.lang.String

(Optional, Available in 1.1.0+) The session name to use when assuming the role. If omitted, 'terraform' is passed to the AssumeRole call as session name. It supports environment variable ALICLOUD_ASSUME_ROLE_SESSION_NAME.

ecsRoleNameOptional 
public java.lang.String getEcsRoleName();
  • Type: java.lang.String

(Optional, Available in 0.12.14+) The RAM Role Name attached on a ECS instance for API operations. You can retrieve this from the 'Access Control' section of the Alibaba Cloud console.

encryptOptional 
public java.lang.Boolean getEncrypt();
  • Type: java.lang.Boolean

(Optional) Whether to enable server side encryption of the state file.

If it is true, OSS will use 'AES256' encryption algorithm to encrypt state file.

endpointOptional 
public java.lang.String getEndpoint();
  • Type: java.lang.String

(Optional) A custom endpoint for the OSS API.

It supports environment variables ALICLOUD_OSS_ENDPOINT and OSS_ENDPOINT.

keyOptional 
public java.lang.String getKey();
  • Type: java.lang.String

(Optional) The name of the state file.

Defaults to terraform.tfstate.

prefixOptional 
public java.lang.String getPrefix();
  • Type: java.lang.String

(Optional) The path directory of the state file will be stored.

Default to "env:".

profileOptional 
public java.lang.String getProfile();
  • Type: java.lang.String

(Optional, Available in 0.12.8+) This is the Alibaba Cloud profile name as set in the shared credentials file. It can also be sourced from the ALICLOUD_PROFILE environment variable.

regionOptional 
public java.lang.String getRegion();
  • Type: java.lang.String

(Optional) The region of the OSS bucket.

It supports environment variables ALICLOUD_REGION and ALICLOUD_DEFAULT_REGION.

secretKeyOptional 
public java.lang.String getSecretKey();
  • Type: java.lang.String

(Optional) Alibaba Cloud secret access key.

It supports environment variables ALICLOUD_SECRET_KEY and ALICLOUD_ACCESS_KEY_SECRET.

securityTokenOptional 
public java.lang.String getSecurityToken();
  • Type: java.lang.String

(Optional) STS access token.

It supports environment variable ALICLOUD_SECURITY_TOKEN.

sharedCredentialsFileOptional 
public java.lang.String getSharedCredentialsFile();
  • Type: java.lang.String

(Optional, Available in 0.12.8+) This is the path to the shared credentials file. It can also be sourced from the ALICLOUD_SHARED_CREDENTIALS_FILE environment variable. If this is not set and a profile is specified, ~/.aliyun/config.json will be used.

stsEndpointOptional 
public java.lang.String getStsEndpoint();
  • Type: java.lang.String

(Optional, Available in 1.0.11+) Custom endpoint for the AliCloud Security Token Service (STS) API. It supports environment variable ALICLOUD_STS_ENDPOINT.

tablestoreEndpointOptional 
public java.lang.String getTablestoreEndpoint();
  • Type: java.lang.String

(Optional) A custom endpoint for the TableStore API.

tablestoreTableOptional 
public java.lang.String getTablestoreTable();
  • Type: java.lang.String

(Optional) A TableStore table for state locking and consistency.

The table must have a primary key named LockID of type String.

DataTerraformRemoteStatePgConfig

Initializer 

import com.hashicorp.cdktf.DataTerraformRemoteStatePgConfig;

DataTerraformRemoteStatePgConfig.builder()
//  .defaults(java.util.Map< java.lang.String, java.lang.Object >)
//  .workspace(java.lang.String)
    .connStr(java.lang.String)
//  .schemaName(java.lang.String)
//  .skipIndexCreation(java.lang.Boolean)
//  .skipSchemaCreation(java.lang.Boolean)
//  .skipTableCreation(java.lang.Boolean)
    .build();

Properties

NameTypeDescription
defaultsjava.util.Map< java.lang.String, java.lang.Object >No description.
workspacejava.lang.StringNo description.
connStrjava.lang.StringPostgres connection string;
schemaNamejava.lang.StringName of the automatically-managed Postgres schema, default to terraform_remote_state.
skipIndexCreationjava.lang.BooleanIf set to true, the Postgres index must already exist.
skipSchemaCreationjava.lang.BooleanIf set to true, the Postgres schema must already exist.
skipTableCreationjava.lang.BooleanIf set to true, the Postgres table must already exist.
defaultsOptional 
public java.util.Map< java.lang.String, java.lang.Object > getDefaults();
  • Type: java.util.Map< java.lang.String, java.lang.Object >
workspaceOptional 
public java.lang.String getWorkspace();
  • Type: java.lang.String
connStrRequired 
public java.lang.String getConnStr();
  • Type: java.lang.String

Postgres connection string;

a postgres:// URL. The PG_CONN_STR and standard libpq environment variables can also be used to indicate how to connect to the PostgreSQL database.

schemaNameOptional 
public java.lang.String getSchemaName();
  • Type: java.lang.String

Name of the automatically-managed Postgres schema, default to terraform_remote_state.

Can also be set using the PG_SCHEMA_NAME environment variable.

skipIndexCreationOptional 
public java.lang.Boolean getSkipIndexCreation();
  • Type: java.lang.Boolean

If set to true, the Postgres index must already exist.

Can also be set using the PG_SKIP_INDEX_CREATION environment variable. Terraform won't try to create the index, this is useful when it has already been created by a database administrator.

skipSchemaCreationOptional 
public java.lang.Boolean getSkipSchemaCreation();
  • Type: java.lang.Boolean

If set to true, the Postgres schema must already exist.

Can also be set using the PG_SKIP_SCHEMA_CREATION environment variable. Terraform won't try to create the schema, this is useful when it has already been created by a database administrator.

skipTableCreationOptional 
public java.lang.Boolean getSkipTableCreation();
  • Type: java.lang.Boolean

If set to true, the Postgres table must already exist.

Can also be set using the PG_SKIP_TABLE_CREATION environment variable. Terraform won't try to create the table, this is useful when it has already been created by a database administrator.

DataTerraformRemoteStateRemoteConfig

Initializer 

import com.hashicorp.cdktf.DataTerraformRemoteStateRemoteConfig;

DataTerraformRemoteStateRemoteConfig.builder()
//  .defaults(java.util.Map< java.lang.String, java.lang.Object >)
//  .workspace(java.lang.String)
    .organization(java.lang.String)
    .workspaces(IRemoteWorkspace)
//  .hostname(java.lang.String)
//  .token(java.lang.String)
    .build();

Properties

NameTypeDescription
defaultsjava.util.Map< java.lang.String, java.lang.Object >No description.
workspacejava.lang.StringNo description.
organizationjava.lang.StringNo description.
workspacesIRemoteWorkspaceNo description.
hostnamejava.lang.StringNo description.
tokenjava.lang.StringNo description.
defaultsOptional 
public java.util.Map< java.lang.String, java.lang.Object > getDefaults();
  • Type: java.util.Map< java.lang.String, java.lang.Object >
workspaceOptional 
public java.lang.String getWorkspace();
  • Type: java.lang.String
organizationRequired 
public java.lang.String getOrganization();
  • Type: java.lang.String
workspacesRequired 
public IRemoteWorkspace getWorkspaces();
hostnameOptional 
public java.lang.String getHostname();
  • Type: java.lang.String
tokenOptional 
public java.lang.String getToken();
  • Type: java.lang.String

DataTerraformRemoteStateS3Config

Initializer 

import com.hashicorp.cdktf.DataTerraformRemoteStateS3Config;

DataTerraformRemoteStateS3Config.builder()
//  .defaults(java.util.Map< java.lang.String, java.lang.Object >)
//  .workspace(java.lang.String)
    .bucket(java.lang.String)
    .key(java.lang.String)
//  .accessKey(java.lang.String)
//  .acl(java.lang.String)
//  .allowedAccountIds(java.util.List< java.lang.String >)
//  .assumeRole(S3BackendAssumeRoleConfig)
//  .assumeRolePolicy(java.lang.String)
//  .assumeRolePolicyArns(java.util.List< java.lang.String >)
//  .assumeRoleTags(java.util.Map< java.lang.String, java.lang.String >)
//  .assumeRoleTransitiveTagKeys(java.util.List< java.lang.String >)
//  .assumeRoleWithWebIdentity(S3BackendAssumeRoleWithWebIdentityConfig)
//  .customCaBundle(java.lang.String)
//  .dynamodbEndpoint(java.lang.String)
//  .dynamodbTable(java.lang.String)
//  .ec2MetadataServiceEndpoint(java.lang.String)
//  .ec2MetadataServiceEndpointMode(java.lang.String)
//  .encrypt(java.lang.Boolean)
//  .endpoint(java.lang.String)
//  .endpoints(S3BackendEndpointConfig)
//  .externalId(java.lang.String)
//  .forbiddenAccountIds(java.util.List< java.lang.String >)
//  .forcePathStyle(java.lang.Boolean)
//  .httpProxy(java.lang.String)
//  .httpsProxy(java.lang.String)
//  .iamEndpoint(java.lang.String)
//  .insecure(java.lang.Boolean)
//  .kmsKeyId(java.lang.String)
//  .maxRetries(java.lang.Number)
//  .noProxy(java.lang.String)
//  .profile(java.lang.String)
//  .region(java.lang.String)
//  .retryMode(java.lang.String)
//  .roleArn(java.lang.String)
//  .secretKey(java.lang.String)
//  .sessionName(java.lang.String)
//  .sharedConfigFiles(java.util.List< java.lang.String >)
//  .sharedCredentialsFile(java.lang.String)
//  .sharedCredentialsFiles(java.util.List< java.lang.String >)
//  .skipCredentialsValidation(java.lang.Boolean)
//  .skipMetadataApiCheck(java.lang.Boolean)
//  .skipRegionValidation(java.lang.Boolean)
//  .skipRequestingAccountId(java.lang.Boolean)
//  .skipS3Checksum(java.lang.Boolean)
//  .sseCustomerKey(java.lang.String)
//  .stsEndpoint(java.lang.String)
//  .stsRegion(java.lang.String)
//  .token(java.lang.String)
//  .useLegacyWorkflow(java.lang.Boolean)
//  .usePathStyle(java.lang.Boolean)
//  .workspaceKeyPrefix(java.lang.String)
    .build();

Properties

NameTypeDescription
defaultsjava.util.Map< java.lang.String, java.lang.Object >No description.
workspacejava.lang.StringNo description.
bucketjava.lang.StringName of the S3 Bucket.
keyjava.lang.StringPath to the state file inside the S3 Bucket.
accessKeyjava.lang.String(Optional) AWS access key.
acljava.lang.String(Optional) Canned ACL to be applied to the state file.
allowedAccountIdsjava.util.List< java.lang.String >(Optional) List of allowed AWS account IDs to prevent potential destruction of a live environment.
assumeRoleS3BackendAssumeRoleConfigAssuming an IAM Role can be configured in two ways.
assumeRolePolicyjava.lang.String(Optional) IAM Policy JSON describing further restricting permissions for the IAM Role being assumed.
assumeRolePolicyArnsjava.util.List< java.lang.String >(Optional) Set of Amazon Resource Names (ARNs) of IAM Policies describing further restricting permissions for the IAM Role being assumed.
assumeRoleTagsjava.util.Map< java.lang.String, java.lang.String >(Optional) Map of assume role session tags.
assumeRoleTransitiveTagKeysjava.util.List< java.lang.String >(Optional) Set of assume role session tag keys to pass to any subsequent sessions.
assumeRoleWithWebIdentityS3BackendAssumeRoleWithWebIdentityConfigAssume Role With Web Identity Configuration.
customCaBundlejava.lang.String(Optional) File containing custom root and intermediate certificates.
dynamodbEndpointjava.lang.String(Optional) Custom endpoint for the AWS DynamoDB API.
dynamodbTablejava.lang.String(Optional) Name of DynamoDB Table to use for state locking and consistency.
ec2MetadataServiceEndpointjava.lang.StringOptional) Custom endpoint URL for the EC2 Instance Metadata Service (IMDS) API.
ec2MetadataServiceEndpointModejava.lang.String(Optional) Mode to use in communicating with the metadata service.
encryptjava.lang.Boolean(Optional) Enable server side encryption of the state file.
endpointjava.lang.String(Optional) Custom endpoint for the AWS S3 API.
endpointsS3BackendEndpointConfig(Optional) The endpoint configuration block.
externalIdjava.lang.String(Optional) External identifier to use when assuming the role.
forbiddenAccountIdsjava.util.List< java.lang.String >(Optional) List of forbidden AWS account IDs to prevent potential destruction of a live environment.
forcePathStylejava.lang.Boolean(Optional) Enable path-style S3 URLs (https://< HOST >/< BUCKET > instead of https://< BUCKET >.< HOST >).
httpProxyjava.lang.String(Optional) URL of a proxy to use for HTTP requests when accessing the AWS API.
httpsProxyjava.lang.String(Optional) URL of a proxy to use for HTTPS requests when accessing the AWS API.
iamEndpointjava.lang.String(Optional) Custom endpoint for the AWS Identity and Access Management (IAM) API.
insecurejava.lang.BooleanOptional) Whether to explicitly allow the backend to perform "insecure" SSL requests.
kmsKeyIdjava.lang.String(Optional) Amazon Resource Name (ARN) of a Key Management Service (KMS) Key to use for encrypting the state.
maxRetriesjava.lang.Number(Optional) The maximum number of times an AWS API request is retried on retryable failure.
noProxyjava.lang.String(Optional) Comma-separated list of hosts that should not use HTTP or HTTPS proxies.
profilejava.lang.String(Optional) Name of AWS profile in AWS shared credentials file (e.g. ~/.aws/credentials) or AWS shared configuration file (e.g. ~/.aws/config) to use for credentials and/or configuration. This can also be sourced from the AWS_PROFILE environment variable.
regionjava.lang.StringAWS Region of the S3 Bucket and DynamoDB Table (if used).
retryModejava.lang.String(Optional) Specifies how retries are attempted.
roleArnjava.lang.String(Optional) Amazon Resource Name (ARN) of the IAM Role to assume.
secretKeyjava.lang.String(Optional) AWS secret access key.
sessionNamejava.lang.String(Optional) Session name to use when assuming the role.
sharedConfigFilesjava.util.List< java.lang.String >(Optional) List of paths to AWS shared configuration files.
sharedCredentialsFilejava.lang.String(Optional) Path to the AWS shared credentials file.
sharedCredentialsFilesjava.util.List< java.lang.String >(Optional) List of paths to AWS shared credentials files.
skipCredentialsValidationjava.lang.Boolean(Optional) Skip credentials validation via the STS API.
skipMetadataApiCheckjava.lang.Boolean(Optional) Skip usage of EC2 Metadata API.
skipRegionValidationjava.lang.Boolean(Optional) Skip validation of provided region name.
skipRequestingAccountIdjava.lang.Boolean(Optional) Whether to skip requesting the account ID.
skipS3Checksumjava.lang.Boolean(Optional) Do not include checksum when uploading S3 Objects.
sseCustomerKeyjava.lang.String(Optional) The key to use for encrypting state with Server-Side Encryption with Customer-Provided Keys (SSE-C).
stsEndpointjava.lang.String(Optional) Custom endpoint for the AWS Security Token Service (STS) API.
stsRegionjava.lang.String(Optional) AWS region for STS.
tokenjava.lang.String(Optional) Multi-Factor Authentication (MFA) token.
useLegacyWorkflowjava.lang.Boolean(Optional) Use the legacy authentication workflow, preferring environment variables over backend configuration.
usePathStylejava.lang.Boolean(Optional) Enable path-style S3 URLs (https://< HOST >/< BUCKET > instead of https://< BUCKET >.< HOST >).
workspaceKeyPrefixjava.lang.String(Optional) Prefix applied to the state path inside the bucket.
defaultsOptional 
public java.util.Map< java.lang.String, java.lang.Object > getDefaults();
  • Type: java.util.Map< java.lang.String, java.lang.Object >
workspaceOptional 
public java.lang.String getWorkspace();
  • Type: java.lang.String
bucketRequired 
public java.lang.String getBucket();
  • Type: java.lang.String

Name of the S3 Bucket.

keyRequired 
public java.lang.String getKey();
  • Type: java.lang.String

Path to the state file inside the S3 Bucket.

When using a non-default workspace, the state path will be /workspace_key_prefix/workspace_name/key

accessKeyOptional 
public java.lang.String getAccessKey();
  • Type: java.lang.String

(Optional) AWS access key.

If configured, must also configure secret_key. This can also be sourced from the AWS_ACCESS_KEY_ID environment variable, AWS shared credentials file (e.g. ~/.aws/credentials), or AWS shared configuration file (e.g. ~/.aws/config).

aclOptional 
public java.lang.String getAcl();
  • Type: java.lang.String

(Optional) Canned ACL to be applied to the state file.

allowedAccountIdsOptional 
public java.util.List< java.lang.String > getAllowedAccountIds();
  • Type: java.util.List< java.lang.String >

(Optional) List of allowed AWS account IDs to prevent potential destruction of a live environment.

Conflicts with forbidden_account_ids.

assumeRoleOptional 
public S3BackendAssumeRoleConfig getAssumeRole();

Assuming an IAM Role can be configured in two ways.

The preferred way is to use the argument assume_role, the other, which is deprecated, is with arguments at the top level.

assumeRolePolicyOptional
  • Deprecated: Use assumeRole.policy instead.
public java.lang.String getAssumeRolePolicy();
  • Type: java.lang.String

(Optional) IAM Policy JSON describing further restricting permissions for the IAM Role being assumed.

assumeRolePolicyArnsOptional
  • Deprecated: Use assumeRole.policyArns instead.
public java.util.List< java.lang.String > getAssumeRolePolicyArns();
  • Type: java.util.List< java.lang.String >

(Optional) Set of Amazon Resource Names (ARNs) of IAM Policies describing further restricting permissions for the IAM Role being assumed.

assumeRoleTagsOptional
  • Deprecated: Use assumeRole.tags instead.
public java.util.Map< java.lang.String, java.lang.String > getAssumeRoleTags();
  • Type: java.util.Map< java.lang.String, java.lang.String >

(Optional) Map of assume role session tags.

assumeRoleTransitiveTagKeysOptional
  • Deprecated: Use assumeRole.transitiveTagKeys instead.
public java.util.List< java.lang.String > getAssumeRoleTransitiveTagKeys();
  • Type: java.util.List< java.lang.String >

(Optional) Set of assume role session tag keys to pass to any subsequent sessions.

assumeRoleWithWebIdentityOptional 
public S3BackendAssumeRoleWithWebIdentityConfig getAssumeRoleWithWebIdentity();

Assume Role With Web Identity Configuration.

customCaBundleOptional 
public java.lang.String getCustomCaBundle();
  • Type: java.lang.String

(Optional) File containing custom root and intermediate certificates.

Can also be set using the AWS_CA_BUNDLE environment variable. Setting ca_bundle in the shared config file is not supported.

dynamodbEndpointOptional
  • Deprecated: Use endpoints.dynamodb instead
public java.lang.String getDynamodbEndpoint();
  • Type: java.lang.String

(Optional) Custom endpoint for the AWS DynamoDB API.

This can also be sourced from the AWS_DYNAMODB_ENDPOINT environment variable.

dynamodbTableOptional 
public java.lang.String getDynamodbTable();
  • Type: java.lang.String

(Optional) Name of DynamoDB Table to use for state locking and consistency.

The table must have a partition key named LockID with type of String. If not configured, state locking will be disabled.

ec2MetadataServiceEndpointOptional 
public java.lang.String getEc2MetadataServiceEndpoint();
  • Type: java.lang.String

Optional) Custom endpoint URL for the EC2 Instance Metadata Service (IMDS) API.

Can also be set with the AWS_EC2_METADATA_SERVICE_ENDPOINT environment variable.

ec2MetadataServiceEndpointModeOptional 
public java.lang.String getEc2MetadataServiceEndpointMode();
  • Type: java.lang.String

(Optional) Mode to use in communicating with the metadata service.

Valid values are IPv4 and IPv6. Can also be set with the AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE environment variable.

encryptOptional 
public java.lang.Boolean getEncrypt();
  • Type: java.lang.Boolean

(Optional) Enable server side encryption of the state file.

endpointOptional
  • Deprecated: Use endpoints.s3 instead
public java.lang.String getEndpoint();
  • Type: java.lang.String

(Optional) Custom endpoint for the AWS S3 API.

This can also be sourced from the AWS_S3_ENDPOINT environment variable.

endpointsOptional 
public S3BackendEndpointConfig getEndpoints();

(Optional) The endpoint configuration block.

externalIdOptional
  • Deprecated: Use assume_role.external_id instead.
public java.lang.String getExternalId();
  • Type: java.lang.String

(Optional) External identifier to use when assuming the role.

forbiddenAccountIdsOptional 
public java.util.List< java.lang.String > getForbiddenAccountIds();
  • Type: java.util.List< java.lang.String >

(Optional) List of forbidden AWS account IDs to prevent potential destruction of a live environment.

Conflicts with allowed_account_ids.

forcePathStyleOptional
  • Deprecated: Use usePathStyle instead
public java.lang.Boolean getForcePathStyle();
  • Type: java.lang.Boolean

(Optional) Enable path-style S3 URLs (https://< HOST >/< BUCKET > instead of https://< BUCKET >.< HOST >).

httpProxyOptional 
public java.lang.String getHttpProxy();
  • Type: java.lang.String

(Optional) URL of a proxy to use for HTTP requests when accessing the AWS API.

Can also be set using the HTTP_PROXY or http_proxy environment variables.

httpsProxyOptional 
public java.lang.String getHttpsProxy();
  • Type: java.lang.String

(Optional) URL of a proxy to use for HTTPS requests when accessing the AWS API.

Can also be set using the HTTPS_PROXY or https_proxy environment variables.

iamEndpointOptional
  • Deprecated: Use endpoints.iam instead
public java.lang.String getIamEndpoint();
  • Type: java.lang.String

(Optional) Custom endpoint for the AWS Identity and Access Management (IAM) API.

This can also be sourced from the AWS_IAM_ENDPOINT environment variable.

insecureOptional 
public java.lang.Boolean getInsecure();
  • Type: java.lang.Boolean

Optional) Whether to explicitly allow the backend to perform "insecure" SSL requests.

If omitted, the default value is false.

kmsKeyIdOptional 
public java.lang.String getKmsKeyId();
  • Type: java.lang.String

(Optional) Amazon Resource Name (ARN) of a Key Management Service (KMS) Key to use for encrypting the state.

Note that if this value is specified, Terraform will need kms:Encrypt, kms:Decrypt and kms:GenerateDataKey permissions on this KMS key.

maxRetriesOptional 
public java.lang.Number getMaxRetries();
  • Type: java.lang.Number

(Optional) The maximum number of times an AWS API request is retried on retryable failure.

Defaults to 5.

noProxyOptional 
public java.lang.String getNoProxy();
  • Type: java.lang.String

(Optional) Comma-separated list of hosts that should not use HTTP or HTTPS proxies.

Each value can be one of:

  • A domain name
  • An IP address
  • A CIDR address
  • An asterisk (*), to indicate that no proxying should be performed Domain name and IP address values can also include a port number. Can also be set using the NO_PROXY or no_proxy environment variables.
profileOptional 
public java.lang.String getProfile();
  • Type: java.lang.String

(Optional) Name of AWS profile in AWS shared credentials file (e.g. ~/.aws/credentials) or AWS shared configuration file (e.g. ~/.aws/config) to use for credentials and/or configuration. This can also be sourced from the AWS_PROFILE environment variable.

regionOptional 
public java.lang.String getRegion();
  • Type: java.lang.String

AWS Region of the S3 Bucket and DynamoDB Table (if used).

This can also be sourced from the AWS_DEFAULT_REGION and AWS_REGION environment variables.

retryModeOptional 
public java.lang.String getRetryMode();
  • Type: java.lang.String

(Optional) Specifies how retries are attempted.

Valid values are standard and adaptive. Can also be configured using the AWS_RETRY_MODE environment variable or the shared config file parameter retry_mode.

roleArnOptional
  • Deprecated: Use assumeRole.roleArn instead.
public java.lang.String getRoleArn();
  • Type: java.lang.String

(Optional) Amazon Resource Name (ARN) of the IAM Role to assume.

secretKeyOptional 
public java.lang.String getSecretKey();
  • Type: java.lang.String

(Optional) AWS secret access key.

If configured, must also configure access_key. This can also be sourced from the AWS_SECRET_ACCESS_KEY environment variable, AWS shared credentials file (e.g. ~/.aws/credentials), or AWS shared configuration file (e.g. ~/.aws/config)

sessionNameOptional
  • Deprecated: Use assumeRole.sessionName instead.
public java.lang.String getSessionName();
  • Type: java.lang.String

(Optional) Session name to use when assuming the role.

sharedConfigFilesOptional 
public java.util.List< java.lang.String > getSharedConfigFiles();
  • Type: java.util.List< java.lang.String >

(Optional) List of paths to AWS shared configuration files.

Defaults to ~/.aws/config.

sharedCredentialsFileOptional 
public java.lang.String getSharedCredentialsFile();
  • Type: java.lang.String

(Optional) Path to the AWS shared credentials file.

Defaults to ~/.aws/credentials.

sharedCredentialsFilesOptional 
public java.util.List< java.lang.String > getSharedCredentialsFiles();
  • Type: java.util.List< java.lang.String >

(Optional) List of paths to AWS shared credentials files.

Defaults to ~/.aws/credentials.

skipCredentialsValidationOptional 
public java.lang.Boolean getSkipCredentialsValidation();
  • Type: java.lang.Boolean

(Optional) Skip credentials validation via the STS API.

skipMetadataApiCheckOptional 
public java.lang.Boolean getSkipMetadataApiCheck();
  • Type: java.lang.Boolean

(Optional) Skip usage of EC2 Metadata API.

skipRegionValidationOptional 
public java.lang.Boolean getSkipRegionValidation();
  • Type: java.lang.Boolean

(Optional) Skip validation of provided region name.

skipRequestingAccountIdOptional 
public java.lang.Boolean getSkipRequestingAccountId();
  • Type: java.lang.Boolean

(Optional) Whether to skip requesting the account ID.

Useful for AWS API implementations that do not have the IAM, STS API, or metadata API.

skipS3ChecksumOptional 
public java.lang.Boolean getSkipS3Checksum();
  • Type: java.lang.Boolean

(Optional) Do not include checksum when uploading S3 Objects.

Useful for some S3-Compatible APIs.

sseCustomerKeyOptional 
public java.lang.String getSseCustomerKey();
  • Type: java.lang.String

(Optional) The key to use for encrypting state with Server-Side Encryption with Customer-Provided Keys (SSE-C).

This is the base64-encoded value of the key, which must decode to 256 bits. This can also be sourced from the AWS_SSE_CUSTOMER_KEY environment variable, which is recommended due to the sensitivity of the value. Setting it inside a terraform file will cause it to be persisted to disk in terraform.tfstate.

stsEndpointOptional
  • Deprecated: Use endpoints.sts instead
public java.lang.String getStsEndpoint();
  • Type: java.lang.String

(Optional) Custom endpoint for the AWS Security Token Service (STS) API.

This can also be sourced from the AWS_STS_ENDPOINT environment variable.

stsRegionOptional 
public java.lang.String getStsRegion();
  • Type: java.lang.String

(Optional) AWS region for STS.

If unset, AWS will use the same region for STS as other non-STS operations.

tokenOptional 
public java.lang.String getToken();
  • Type: java.lang.String

(Optional) Multi-Factor Authentication (MFA) token.

This can also be sourced from the AWS_SESSION_TOKEN environment variable.

useLegacyWorkflowOptional 
public java.lang.Boolean getUseLegacyWorkflow();
  • Type: java.lang.Boolean

(Optional) Use the legacy authentication workflow, preferring environment variables over backend configuration.

Defaults to true. This behavior does not align with the authentication flow of the AWS CLI or SDK's, and will be removed in the future.

usePathStyleOptional 
public java.lang.Boolean getUsePathStyle();
  • Type: java.lang.Boolean

(Optional) Enable path-style S3 URLs (https://< HOST >/< BUCKET > instead of https://< BUCKET >.< HOST >).

workspaceKeyPrefixOptional 
public java.lang.String getWorkspaceKeyPrefix();
  • Type: java.lang.String

(Optional) Prefix applied to the state path inside the bucket.

This is only relevant when using a non-default workspace. Defaults to env:

DataTerraformRemoteStateSwiftConfig

Initializer 

import com.hashicorp.cdktf.DataTerraformRemoteStateSwiftConfig;

DataTerraformRemoteStateSwiftConfig.builder()
//  .defaults(java.util.Map< java.lang.String, java.lang.Object >)
//  .workspace(java.lang.String)
    .container(java.lang.String)
//  .applicationCredentialId(java.lang.String)
//  .applicationCredentialName(java.lang.String)
//  .applicationCredentialSecret(java.lang.String)
//  .archiveContainer(java.lang.String)
//  .authUrl(java.lang.String)
//  .cacertFile(java.lang.String)
//  .cert(java.lang.String)
//  .cloud(java.lang.String)
//  .defaultDomain(java.lang.String)
//  .domainId(java.lang.String)
//  .domainName(java.lang.String)
//  .expireAfter(java.lang.String)
//  .insecure(java.lang.Boolean)
//  .key(java.lang.String)
//  .password(java.lang.String)
//  .projectDomainId(java.lang.String)
//  .projectDomainName(java.lang.String)
//  .regionName(java.lang.String)
//  .stateName(java.lang.String)
//  .tenantId(java.lang.String)
//  .tenantName(java.lang.String)
//  .token(java.lang.String)
//  .userDomainId(java.lang.String)
//  .userDomainName(java.lang.String)
//  .userId(java.lang.String)
//  .userName(java.lang.String)
    .build();

Properties

NameTypeDescription
defaultsjava.util.Map< java.lang.String, java.lang.Object >No description.
workspacejava.lang.StringNo description.
containerjava.lang.StringNo description.
applicationCredentialIdjava.lang.StringNo description.
applicationCredentialNamejava.lang.StringNo description.
applicationCredentialSecretjava.lang.StringNo description.
archiveContainerjava.lang.StringNo description.
authUrljava.lang.StringNo description.
cacertFilejava.lang.StringNo description.
certjava.lang.StringNo description.
cloudjava.lang.StringNo description.
defaultDomainjava.lang.StringNo description.
domainIdjava.lang.StringNo description.
domainNamejava.lang.StringNo description.
expireAfterjava.lang.StringNo description.
insecurejava.lang.BooleanNo description.
keyjava.lang.StringNo description.
passwordjava.lang.StringNo description.
projectDomainIdjava.lang.StringNo description.
projectDomainNamejava.lang.StringNo description.
regionNamejava.lang.StringNo description.
stateNamejava.lang.StringNo description.
tenantIdjava.lang.StringNo description.
tenantNamejava.lang.StringNo description.
tokenjava.lang.StringNo description.
userDomainIdjava.lang.StringNo description.
userDomainNamejava.lang.StringNo description.
userIdjava.lang.StringNo description.
userNamejava.lang.StringNo description.
defaultsOptional
  • Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public java.util.Map< java.lang.String, java.lang.Object > getDefaults();
  • Type: java.util.Map< java.lang.String, java.lang.Object >
workspaceOptional
  • Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public java.lang.String getWorkspace();
  • Type: java.lang.String
containerRequired
  • Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public java.lang.String getContainer();
  • Type: java.lang.String
applicationCredentialIdOptional
  • Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public java.lang.String getApplicationCredentialId();
  • Type: java.lang.String
applicationCredentialNameOptional
  • Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public java.lang.String getApplicationCredentialName();
  • Type: java.lang.String
applicationCredentialSecretOptional
  • Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public java.lang.String getApplicationCredentialSecret();
  • Type: java.lang.String
archiveContainerOptional
  • Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public java.lang.String getArchiveContainer();
  • Type: java.lang.String
authUrlOptional
  • Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public java.lang.String getAuthUrl();
  • Type: java.lang.String
cacertFileOptional
  • Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public java.lang.String getCacertFile();
  • Type: java.lang.String
certOptional
  • Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public java.lang.String getCert();
  • Type: java.lang.String
cloudOptional
  • Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public java.lang.String getCloud();
  • Type: java.lang.String
defaultDomainOptional
  • Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public java.lang.String getDefaultDomain();
  • Type: java.lang.String
domainIdOptional
  • Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public java.lang.String getDomainId();
  • Type: java.lang.String
domainNameOptional
  • Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public java.lang.String getDomainName();
  • Type: java.lang.String
expireAfterOptional
  • Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public java.lang.String getExpireAfter();
  • Type: java.lang.String
insecureOptional
  • Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public java.lang.Boolean getInsecure();
  • Type: java.lang.Boolean
keyOptional
  • Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public java.lang.String getKey();
  • Type: java.lang.String
passwordOptional
  • Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public java.lang.String getPassword();
  • Type: java.lang.String
projectDomainIdOptional
  • Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public java.lang.String getProjectDomainId();
  • Type: java.lang.String
projectDomainNameOptional
  • Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public java.lang.String getProjectDomainName();
  • Type: java.lang.String
regionNameOptional
  • Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public java.lang.String getRegionName();
  • Type: java.lang.String
stateNameOptional
  • Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public java.lang.String getStateName();
  • Type: java.lang.String
tenantIdOptional
  • Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public java.lang.String getTenantId();
  • Type: java.lang.String
tenantNameOptional
  • Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public java.lang.String getTenantName();
  • Type: java.lang.String
tokenOptional
  • Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public java.lang.String getToken();
  • Type: java.lang.String
userDomainIdOptional
  • Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public java.lang.String getUserDomainId();
  • Type: java.lang.String
userDomainNameOptional
  • Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public java.lang.String getUserDomainName();
  • Type: java.lang.String
userIdOptional
  • Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public java.lang.String getUserId();
  • Type: java.lang.String
userNameOptional
  • Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public java.lang.String getUserName();
  • Type: java.lang.String

EncodingOptions

Properties to string encodings.

Initializer 

import com.hashicorp.cdktf.EncodingOptions;

EncodingOptions.builder()
//  .displayHint(java.lang.String)
    .build();

Properties

NameTypeDescription
displayHintjava.lang.StringA hint for the Token's purpose when stringifying it.
displayHintOptional 
public java.lang.String getDisplayHint();
  • Type: java.lang.String
  • Default: no display hint

A hint for the Token's purpose when stringifying it.

FileProvisioner

The file provisioner copies files or directories from the machine running Terraform to the newly created resource.

The file provisioner supports both ssh and winrm type connections.

See {@link https://developer.hashicorp.com/terraform/language/resources/provisioners/file file}

Initializer 

import com.hashicorp.cdktf.FileProvisioner;

FileProvisioner.builder()
    .destination(java.lang.String)
    .type(java.lang.String)
//  .connection(SSHProvisionerConnection)
//  .connection(WinrmProvisionerConnection)
//  .content(java.lang.String)
//  .source(java.lang.String)
    .build();

Properties

NameTypeDescription
destinationjava.lang.StringThe source file or directory.
typejava.lang.StringNo description.
connectionSSHProvisionerConnection OR WinrmProvisionerConnectionMost provisioners require access to the remote resource via SSH or WinRM and expect a nested connection block with details about how to connect.
contentjava.lang.StringThe destination path to write to on the remote system.
sourcejava.lang.StringThe direct content to copy on the destination.
destinationRequired 
public java.lang.String getDestination();
  • Type: java.lang.String

The source file or directory.

Specify it either relative to the current working directory or as an absolute path. This argument cannot be combined with content.

typeRequired 
public java.lang.String getType();
  • Type: java.lang.String
connectionOptional 
public java.lang.Object getConnection();

Most provisioners require access to the remote resource via SSH or WinRM and expect a nested connection block with details about how to connect.

contentOptional 
public java.lang.String getContent();
  • Type: java.lang.String

The destination path to write to on the remote system.

See Destination Paths below for more information.

sourceOptional 
public java.lang.String getSource();
  • Type: java.lang.String

The direct content to copy on the destination.

If destination is a file, the content will be written on that file. In case of a directory, a file named tf-file-content is created inside that directory. We recommend using a file as the destination when using content. This argument cannot be combined with source.

GcsBackendConfig

Stores the state as an object in a configurable prefix in a pre-existing bucket on Google Cloud Storage (GCS).

The bucket must exist prior to configuring the backend.

This backend supports state locking.

Warning! It is highly recommended that you enable Object Versioning on the GCS bucket to allow for state recovery in the case of accidental deletions and human error.

Read more about this backend in the Terraform docs: https://developer.hashicorp.com/terraform/language/settings/backends/gcs

Initializer 

import com.hashicorp.cdktf.GcsBackendConfig;

GcsBackendConfig.builder()
    .bucket(java.lang.String)
//  .accessToken(java.lang.String)
//  .credentials(java.lang.String)
//  .encryptionKey(java.lang.String)
//  .impersonateServiceAccount(java.lang.String)
//  .impersonateServiceAccountDelegates(java.util.List< java.lang.String >)
//  .kmsEncryptionKey(java.lang.String)
//  .prefix(java.lang.String)
//  .storeageCustomEndpoint(java.lang.String)
    .build();

Properties

NameTypeDescription
bucketjava.lang.String(Required) The name of the GCS bucket.
accessTokenjava.lang.String(Optional) A temporary [OAuth 2.0 access token] obtained from the Google Authorization server, i.e. the Authorization: Bearer token used to authenticate HTTP requests to GCP APIs. This is an alternative to credentials. If both are specified, access_token will be used over the credentials field.
credentialsjava.lang.String(Optional) Local path to Google Cloud Platform account credentials in JSON format.
encryptionKeyjava.lang.String(Optional) A 32 byte base64 encoded 'customer supplied encryption key' used to encrypt all state.
impersonateServiceAccountjava.lang.String(Optional) The service account to impersonate for accessing the State Bucket.
impersonateServiceAccountDelegatesjava.util.List< java.lang.String >(Optional) The delegation chain for an impersonating a service account.
kmsEncryptionKeyjava.lang.String(Optional) A Cloud KMS key ('customer-managed encryption key') used when reading and writing state files in the bucket.
prefixjava.lang.String(Optional) GCS prefix inside the bucket.
storeageCustomEndpointjava.lang.String(Optional) A URL containing three parts: the protocol, the DNS name pointing to a Private Service Connect endpoint, and the path for the Cloud Storage API (/storage/v1/b).
bucketRequired 
public java.lang.String getBucket();
  • Type: java.lang.String

(Required) The name of the GCS bucket.

This name must be globally unique.

accessTokenOptional 
public java.lang.String getAccessToken();
  • Type: java.lang.String

(Optional) A temporary [OAuth 2.0 access token] obtained from the Google Authorization server, i.e. the Authorization: Bearer token used to authenticate HTTP requests to GCP APIs. This is an alternative to credentials. If both are specified, access_token will be used over the credentials field.

credentialsOptional 
public java.lang.String getCredentials();
  • Type: java.lang.String

(Optional) Local path to Google Cloud Platform account credentials in JSON format.

If unset, Google Application Default Credentials are used. The provided credentials must have Storage Object Admin role on the bucket.

Warning: if using the Google Cloud Platform provider as well, it will also pick up the GOOGLE_CREDENTIALS environment variable.

encryptionKeyOptional 
public java.lang.String getEncryptionKey();
  • Type: java.lang.String

(Optional) A 32 byte base64 encoded 'customer supplied encryption key' used to encrypt all state.

impersonateServiceAccountOptional 
public java.lang.String getImpersonateServiceAccount();
  • Type: java.lang.String

(Optional) The service account to impersonate for accessing the State Bucket.

You must have roles/iam.serviceAccountTokenCreator role on that account for the impersonation to succeed. If you are using a delegation chain, you can specify that using the impersonate_service_account_delegates field. Alternatively, this can be specified using the GOOGLE_IMPERSONATE_SERVICE_ACCOUNT environment variable.

impersonateServiceAccountDelegatesOptional 
public java.util.List< java.lang.String > getImpersonateServiceAccountDelegates();
  • Type: java.util.List< java.lang.String >

(Optional) The delegation chain for an impersonating a service account.

kmsEncryptionKeyOptional 
public java.lang.String getKmsEncryptionKey();
  • Type: java.lang.String

(Optional) A Cloud KMS key ('customer-managed encryption key') used when reading and writing state files in the bucket.

Format should be projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{name}}. For more information, including IAM requirements, see {@link https://cloud.google.com/storage/docs/encryption/customer-managed-keys Customer-managed Encryption Keys}.

prefixOptional 
public java.lang.String getPrefix();
  • Type: java.lang.String

(Optional) GCS prefix inside the bucket.

Named states for workspaces are stored in an object called < prefix >/< name >.tfstate.

storeageCustomEndpointOptional 
public java.lang.String getStoreageCustomEndpoint();
  • Type: java.lang.String

(Optional) A URL containing three parts: the protocol, the DNS name pointing to a Private Service Connect endpoint, and the path for the Cloud Storage API (/storage/v1/b).

{@link https://developer.hashicorp.com/terraform/language/settings/backends/gcs#storage_custom_endpoint See here for more details}

HttpBackendConfig

Stores the state using a simple REST client.

State will be fetched via GET, updated via POST, and purged with DELETE. The method used for updating is configurable.

This backend optionally supports state locking. When locking support is enabled it will use LOCK and UNLOCK requests providing the lock info in the body. The endpoint should return a 423: Locked or 409: Conflict with the holding lock info when it's already taken, 200: OK for success. Any other status will be considered an error. The ID of the holding lock info will be added as a query parameter to state updates requests.

Read more about this backend in the Terraform docs: https://developer.hashicorp.com/terraform/language/settings/backends/http

Initializer 

import com.hashicorp.cdktf.HttpBackendConfig;

HttpBackendConfig.builder()
    .address(java.lang.String)
//  .clientCaCertificatePem(java.lang.String)
//  .clientCertificatePem(java.lang.String)
//  .clientPrivateKeyPem(java.lang.String)
//  .lockAddress(java.lang.String)
//  .lockMethod(java.lang.String)
//  .password(java.lang.String)
//  .retryMax(java.lang.Number)
//  .retryWaitMax(java.lang.Number)
//  .retryWaitMin(java.lang.Number)
//  .skipCertVerification(java.lang.Boolean)
//  .unlockAddress(java.lang.String)
//  .unlockMethod(java.lang.String)
//  .updateMethod(java.lang.String)
//  .username(java.lang.String)
    .build();

Properties

NameTypeDescription
addressjava.lang.String(Required) The address of the REST endpoint.
clientCaCertificatePemjava.lang.String(Optional) A PEM-encoded CA certificate chain used by the client to verify server certificates during TLS authentication.
clientCertificatePemjava.lang.String(Optional) A PEM-encoded certificate used by the server to verify the client during mutual TLS (mTLS) authentication.
clientPrivateKeyPemjava.lang.String(Optional) A PEM-encoded private key, required if client_certificate_pem is specified.
lockAddressjava.lang.String(Optional) The address of the lock REST endpoint.
lockMethodjava.lang.String(Optional) The HTTP method to use when locking.
passwordjava.lang.String(Optional) The password for HTTP basic authentication.
retryMaxjava.lang.Number(Optional) The number of HTTP request retries.
retryWaitMaxjava.lang.Number(Optional) The maximum time in seconds to wait between HTTP request attempts.
retryWaitMinjava.lang.Number(Optional) The minimum time in seconds to wait between HTTP request attempts.
skipCertVerificationjava.lang.Boolean(Optional) Whether to skip TLS verification.
unlockAddressjava.lang.String(Optional) The address of the unlock REST endpoint.
unlockMethodjava.lang.String(Optional) The HTTP method to use when unlocking.
updateMethodjava.lang.String(Optional) HTTP method to use when updating state.
usernamejava.lang.String(Optional) The username for HTTP basic authentication.
addressRequired 
public java.lang.String getAddress();
  • Type: java.lang.String

(Required) The address of the REST endpoint.

clientCaCertificatePemOptional 
public java.lang.String getClientCaCertificatePem();
  • Type: java.lang.String

(Optional) A PEM-encoded CA certificate chain used by the client to verify server certificates during TLS authentication.

clientCertificatePemOptional 
public java.lang.String getClientCertificatePem();
  • Type: java.lang.String

(Optional) A PEM-encoded certificate used by the server to verify the client during mutual TLS (mTLS) authentication.

clientPrivateKeyPemOptional 
public java.lang.String getClientPrivateKeyPem();
  • Type: java.lang.String

(Optional) A PEM-encoded private key, required if client_certificate_pem is specified.

lockAddressOptional 
public java.lang.String getLockAddress();
  • Type: java.lang.String

(Optional) The address of the lock REST endpoint.

Defaults to disabled.

lockMethodOptional 
public java.lang.String getLockMethod();
  • Type: java.lang.String

(Optional) The HTTP method to use when locking.

Defaults to LOCK.

passwordOptional 
public java.lang.String getPassword();
  • Type: java.lang.String

(Optional) The password for HTTP basic authentication.

retryMaxOptional 
public java.lang.Number getRetryMax();
  • Type: java.lang.Number

(Optional) The number of HTTP request retries.

Defaults to 2.

retryWaitMaxOptional 
public java.lang.Number getRetryWaitMax();
  • Type: java.lang.Number

(Optional) The maximum time in seconds to wait between HTTP request attempts.

Defaults to 30.

retryWaitMinOptional 
public java.lang.Number getRetryWaitMin();
  • Type: java.lang.Number

(Optional) The minimum time in seconds to wait between HTTP request attempts.

Defaults to 1.

skipCertVerificationOptional 
public java.lang.Boolean getSkipCertVerification();
  • Type: java.lang.Boolean

(Optional) Whether to skip TLS verification.

Defaults to false.

unlockAddressOptional 
public java.lang.String getUnlockAddress();
  • Type: java.lang.String

(Optional) The address of the unlock REST endpoint.

Defaults to disabled.

unlockMethodOptional 
public java.lang.String getUnlockMethod();
  • Type: java.lang.String

(Optional) The HTTP method to use when unlocking.

Defaults to UNLOCK.

updateMethodOptional 
public java.lang.String getUpdateMethod();
  • Type: java.lang.String

(Optional) HTTP method to use when updating state.

Defaults to POST.

usernameOptional 
public java.lang.String getUsername();
  • Type: java.lang.String

(Optional) The username for HTTP basic authentication.

LazyAnyValueOptions

Options for creating lazy untyped tokens.

Initializer 

import com.hashicorp.cdktf.LazyAnyValueOptions;

LazyAnyValueOptions.builder()
//  .displayHint(java.lang.String)
//  .omitEmptyArray(java.lang.Boolean)
    .build();

Properties

NameTypeDescription
displayHintjava.lang.StringUse the given name as a display hint.
omitEmptyArrayjava.lang.BooleanIf the produced value is an array and it is empty, return 'undefined' instead.
displayHintOptional 
public java.lang.String getDisplayHint();
  • Type: java.lang.String
  • Default: No hint

Use the given name as a display hint.

omitEmptyArrayOptional 
public java.lang.Boolean getOmitEmptyArray();
  • Type: java.lang.Boolean
  • Default: false

If the produced value is an array and it is empty, return 'undefined' instead.

LazyListValueOptions

Options for creating a lazy list token.

Initializer 

import com.hashicorp.cdktf.LazyListValueOptions;

LazyListValueOptions.builder()
//  .displayHint(java.lang.String)
//  .omitEmpty(java.lang.Boolean)
    .build();

Properties

NameTypeDescription
displayHintjava.lang.StringUse the given name as a display hint.
omitEmptyjava.lang.BooleanIf the produced list is empty, return 'undefined' instead.
displayHintOptional 
public java.lang.String getDisplayHint();
  • Type: java.lang.String
  • Default: No hint

Use the given name as a display hint.

omitEmptyOptional 
public java.lang.Boolean getOmitEmpty();
  • Type: java.lang.Boolean
  • Default: false

If the produced list is empty, return 'undefined' instead.

LazyStringValueOptions

Options for creating a lazy string token.

Initializer 

import com.hashicorp.cdktf.LazyStringValueOptions;

LazyStringValueOptions.builder()
//  .displayHint(java.lang.String)
    .build();

Properties

NameTypeDescription
displayHintjava.lang.StringUse the given name as a display hint.
displayHintOptional 
public java.lang.String getDisplayHint();
  • Type: java.lang.String
  • Default: No hint

Use the given name as a display hint.

LocalBackendConfig

The local backend stores state on the local filesystem, locks that state using system APIs, and performs operations locally.

Read more about this backend in the Terraform docs: https://developer.hashicorp.com/terraform/language/settings/backends/local

Initializer 

import com.hashicorp.cdktf.LocalBackendConfig;

LocalBackendConfig.builder()
//  .path(java.lang.String)
//  .workspaceDir(java.lang.String)
    .build();

Properties

NameTypeDescription
pathjava.lang.StringPath where the state file is stored.
workspaceDirjava.lang.String(Optional) The path to non-default workspaces.
pathOptional 
public java.lang.String getPath();
  • Type: java.lang.String
  • Default: defaults to terraform.${stackId}.tfstate

Path where the state file is stored.

workspaceDirOptional 
public java.lang.String getWorkspaceDir();
  • Type: java.lang.String

(Optional) The path to non-default workspaces.

LocalExecProvisioner

The local-exec provisioner invokes a local executable after a resource is created.

This invokes a process on the machine running Terraform, not on the resource.

See {@link https://developer.hashicorp.com/terraform/language/resources/provisioners/local-exec local-exec}

Initializer 

import com.hashicorp.cdktf.LocalExecProvisioner;

LocalExecProvisioner.builder()
    .command(java.lang.String)
    .type(java.lang.String)
//  .environment(java.util.Map< java.lang.String, java.lang.String >)
//  .interpreter(java.util.List< java.lang.String >)
//  .when(java.lang.String)
//  .workingDir(java.lang.String)
    .build();

Properties

NameTypeDescription
commandjava.lang.StringThis is the command to execute.
typejava.lang.StringNo description.
environmentjava.util.Map< java.lang.String, java.lang.String >A record of key value pairs representing the environment of the executed command.
interpreterjava.util.List< java.lang.String >If provided, this is a list of interpreter arguments used to execute the command.
whenjava.lang.StringIf provided, specifies when Terraform will execute the command.
workingDirjava.lang.StringIf provided, specifies the working directory where command will be executed.
commandRequired 
public java.lang.String getCommand();
  • Type: java.lang.String

This is the command to execute.

It can be provided as a relative path to the current working directory or as an absolute path. It is evaluated in a shell, and can use environment variables or Terraform variables.

typeRequired 
public java.lang.String getType();
  • Type: java.lang.String
environmentOptional 
public java.util.Map< java.lang.String, java.lang.String > getEnvironment();
  • Type: java.util.Map< java.lang.String, java.lang.String >

A record of key value pairs representing the environment of the executed command.

It inherits the current process environment.

interpreterOptional 
public java.util.List< java.lang.String > getInterpreter();
  • Type: java.util.List< java.lang.String >

If provided, this is a list of interpreter arguments used to execute the command.

The first argument is the interpreter itself. It can be provided as a relative path to the current working directory or as an absolute path The remaining arguments are appended prior to the command. This allows building command lines of the form "/bin/bash", "-c", "echo foo". If interpreter is unspecified, sensible defaults will be chosen based on the system OS.

whenOptional 
public java.lang.String getWhen();
  • Type: java.lang.String

If provided, specifies when Terraform will execute the command.

For example, when = destroy specifies that the provisioner will run when the associated resource is destroyed

workingDirOptional 
public java.lang.String getWorkingDir();
  • Type: java.lang.String

If provided, specifies the working directory where command will be executed.

It can be provided as a relative path to the current working directory or as an absolute path. The directory must exist.

OssAssumeRole

Initializer 

import com.hashicorp.cdktf.OssAssumeRole;

OssAssumeRole.builder()
    .roleArn(java.lang.String)
//  .policy(java.lang.String)
//  .sessionExpiration(java.lang.Number)
//  .sessionName(java.lang.String)
    .build();

Properties

NameTypeDescription
roleArnjava.lang.StringNo description.
policyjava.lang.StringNo description.
sessionExpirationjava.lang.NumberNo description.
sessionNamejava.lang.StringNo description.
roleArnRequired 
public java.lang.String getRoleArn();
  • Type: java.lang.String
policyOptional 
public java.lang.String getPolicy();
  • Type: java.lang.String
sessionExpirationOptional 
public java.lang.Number getSessionExpiration();
  • Type: java.lang.Number
sessionNameOptional 
public java.lang.String getSessionName();
  • Type: java.lang.String

OssBackendConfig

Initializer 

import com.hashicorp.cdktf.OssBackendConfig;

OssBackendConfig.builder()
    .bucket(java.lang.String)
//  .accessKey(java.lang.String)
//  .acl(java.lang.String)
//  .assumeRole(OssAssumeRole)
//  .assumeRolePolicy(java.lang.String)
//  .assumeRoleRoleArn(java.lang.String)
//  .assumeRoleSessionExpiration(java.lang.Number)
//  .assumeRoleSessionName(java.lang.String)
//  .ecsRoleName(java.lang.String)
//  .encrypt(java.lang.Boolean)
//  .endpoint(java.lang.String)
//  .key(java.lang.String)
//  .prefix(java.lang.String)
//  .profile(java.lang.String)
//  .region(java.lang.String)
//  .secretKey(java.lang.String)
//  .securityToken(java.lang.String)
//  .sharedCredentialsFile(java.lang.String)
//  .stsEndpoint(java.lang.String)
//  .tablestoreEndpoint(java.lang.String)
//  .tablestoreTable(java.lang.String)
    .build();

Properties

NameTypeDescription
bucketjava.lang.String(Required) The name of the OSS bucket.
accessKeyjava.lang.String(Optional) Alibaba Cloud access key.
acljava.lang.String(Optional) Object ACL to be applied to the state file.
assumeRoleOssAssumeRoleNo description.
assumeRolePolicyjava.lang.String(Optional, Available in 1.1.0+) A more restrictive policy to apply to the temporary credentials. This gives you a way to further restrict the permissions for the resulting temporary security credentials. You cannot use this policy to grant permissions that exceed those of the role that is being assumed.
assumeRoleRoleArnjava.lang.String(Optional, Available in 1.1.0+) The ARN of the role to assume. If ARN is set to an empty string, it does not perform role switching. It supports the environment variable ALICLOUD_ASSUME_ROLE_ARN. Terraform executes configuration on account with provided credentials.
assumeRoleSessionExpirationjava.lang.Number(Optional, Available in 1.1.0+) The time after which the established session for assuming role expires. Valid value range: [900-3600] seconds. Default to 3600 (in this case Alibaba Cloud uses its own default value). It supports environment variable ALICLOUD_ASSUME_ROLE_SESSION_EXPIRATION.
assumeRoleSessionNamejava.lang.String(Optional, Available in 1.1.0+) The session name to use when assuming the role. If omitted, 'terraform' is passed to the AssumeRole call as session name. It supports environment variable ALICLOUD_ASSUME_ROLE_SESSION_NAME.
ecsRoleNamejava.lang.String(Optional, Available in 0.12.14+) The RAM Role Name attached on a ECS instance for API operations. You can retrieve this from the 'Access Control' section of the Alibaba Cloud console.
encryptjava.lang.Boolean(Optional) Whether to enable server side encryption of the state file.
endpointjava.lang.String(Optional) A custom endpoint for the OSS API.
keyjava.lang.String(Optional) The name of the state file.
prefixjava.lang.String(Optional) The path directory of the state file will be stored.
profilejava.lang.String(Optional, Available in 0.12.8+) This is the Alibaba Cloud profile name as set in the shared credentials file. It can also be sourced from the ALICLOUD_PROFILE environment variable.
regionjava.lang.String(Optional) The region of the OSS bucket.
secretKeyjava.lang.String(Optional) Alibaba Cloud secret access key.
securityTokenjava.lang.String(Optional) STS access token.
sharedCredentialsFilejava.lang.String(Optional, Available in 0.12.8+) This is the path to the shared credentials file. It can also be sourced from the ALICLOUD_SHARED_CREDENTIALS_FILE environment variable. If this is not set and a profile is specified, ~/.aliyun/config.json will be used.
stsEndpointjava.lang.String(Optional, Available in 1.0.11+) Custom endpoint for the AliCloud Security Token Service (STS) API. It supports environment variable ALICLOUD_STS_ENDPOINT.
tablestoreEndpointjava.lang.String(Optional) A custom endpoint for the TableStore API.
tablestoreTablejava.lang.String(Optional) A TableStore table for state locking and consistency.
bucketRequired 
public java.lang.String getBucket();
  • Type: java.lang.String

(Required) The name of the OSS bucket.

accessKeyOptional 
public java.lang.String getAccessKey();
  • Type: java.lang.String

(Optional) Alibaba Cloud access key.

It supports environment variables ALICLOUD_ACCESS_KEY and ALICLOUD_ACCESS_KEY_ID.

aclOptional 
public java.lang.String getAcl();
  • Type: java.lang.String

(Optional) Object ACL to be applied to the state file.

assumeRoleOptional
  • Deprecated: Use flattened assume role options
public OssAssumeRole getAssumeRole();
assumeRolePolicyOptional 
public java.lang.String getAssumeRolePolicy();
  • Type: java.lang.String

(Optional, Available in 1.1.0+) A more restrictive policy to apply to the temporary credentials. This gives you a way to further restrict the permissions for the resulting temporary security credentials. You cannot use this policy to grant permissions that exceed those of the role that is being assumed.

assumeRoleRoleArnOptional 
public java.lang.String getAssumeRoleRoleArn();
  • Type: java.lang.String

(Optional, Available in 1.1.0+) The ARN of the role to assume. If ARN is set to an empty string, it does not perform role switching. It supports the environment variable ALICLOUD_ASSUME_ROLE_ARN. Terraform executes configuration on account with provided credentials.

assumeRoleSessionExpirationOptional 
public java.lang.Number getAssumeRoleSessionExpiration();
  • Type: java.lang.Number

(Optional, Available in 1.1.0+) The time after which the established session for assuming role expires. Valid value range: [900-3600] seconds. Default to 3600 (in this case Alibaba Cloud uses its own default value). It supports environment variable ALICLOUD_ASSUME_ROLE_SESSION_EXPIRATION.

assumeRoleSessionNameOptional 
public java.lang.String getAssumeRoleSessionName();
  • Type: java.lang.String

(Optional, Available in 1.1.0+) The session name to use when assuming the role. If omitted, 'terraform' is passed to the AssumeRole call as session name. It supports environment variable ALICLOUD_ASSUME_ROLE_SESSION_NAME.

ecsRoleNameOptional 
public java.lang.String getEcsRoleName();
  • Type: java.lang.String

(Optional, Available in 0.12.14+) The RAM Role Name attached on a ECS instance for API operations. You can retrieve this from the 'Access Control' section of the Alibaba Cloud console.

encryptOptional 
public java.lang.Boolean getEncrypt();
  • Type: java.lang.Boolean

(Optional) Whether to enable server side encryption of the state file.

If it is true, OSS will use 'AES256' encryption algorithm to encrypt state file.

endpointOptional 
public java.lang.String getEndpoint();
  • Type: java.lang.String

(Optional) A custom endpoint for the OSS API.

It supports environment variables ALICLOUD_OSS_ENDPOINT and OSS_ENDPOINT.

keyOptional 
public java.lang.String getKey();
  • Type: java.lang.String

(Optional) The name of the state file.

Defaults to terraform.tfstate.

prefixOptional 
public java.lang.String getPrefix();
  • Type: java.lang.String

(Optional) The path directory of the state file will be stored.

Default to "env:".

profileOptional 
public java.lang.String getProfile();
  • Type: java.lang.String

(Optional, Available in 0.12.8+) This is the Alibaba Cloud profile name as set in the shared credentials file. It can also be sourced from the ALICLOUD_PROFILE environment variable.

regionOptional 
public java.lang.String getRegion();
  • Type: java.lang.String

(Optional) The region of the OSS bucket.

It supports environment variables ALICLOUD_REGION and ALICLOUD_DEFAULT_REGION.

secretKeyOptional 
public java.lang.String getSecretKey();
  • Type: java.lang.String

(Optional) Alibaba Cloud secret access key.

It supports environment variables ALICLOUD_SECRET_KEY and ALICLOUD_ACCESS_KEY_SECRET.

securityTokenOptional 
public java.lang.String getSecurityToken();
  • Type: java.lang.String

(Optional) STS access token.

It supports environment variable ALICLOUD_SECURITY_TOKEN.

sharedCredentialsFileOptional 
public java.lang.String getSharedCredentialsFile();
  • Type: java.lang.String

(Optional, Available in 0.12.8+) This is the path to the shared credentials file. It can also be sourced from the ALICLOUD_SHARED_CREDENTIALS_FILE environment variable. If this is not set and a profile is specified, ~/.aliyun/config.json will be used.

stsEndpointOptional 
public java.lang.String getStsEndpoint();
  • Type: java.lang.String

(Optional, Available in 1.0.11+) Custom endpoint for the AliCloud Security Token Service (STS) API. It supports environment variable ALICLOUD_STS_ENDPOINT.

tablestoreEndpointOptional 
public java.lang.String getTablestoreEndpoint();
  • Type: java.lang.String

(Optional) A custom endpoint for the TableStore API.

tablestoreTableOptional 
public java.lang.String getTablestoreTable();
  • Type: java.lang.String

(Optional) A TableStore table for state locking and consistency.

The table must have a primary key named LockID of type String.

PgBackendConfig

Initializer 

import com.hashicorp.cdktf.PgBackendConfig;

PgBackendConfig.builder()
    .connStr(java.lang.String)
//  .schemaName(java.lang.String)
//  .skipIndexCreation(java.lang.Boolean)
//  .skipSchemaCreation(java.lang.Boolean)
//  .skipTableCreation(java.lang.Boolean)
    .build();

Properties

NameTypeDescription
connStrjava.lang.StringPostgres connection string;
schemaNamejava.lang.StringName of the automatically-managed Postgres schema, default to terraform_remote_state.
skipIndexCreationjava.lang.BooleanIf set to true, the Postgres index must already exist.
skipSchemaCreationjava.lang.BooleanIf set to true, the Postgres schema must already exist.
skipTableCreationjava.lang.BooleanIf set to true, the Postgres table must already exist.
connStrRequired 
public java.lang.String getConnStr();
  • Type: java.lang.String

Postgres connection string;

a postgres:// URL. The PG_CONN_STR and standard libpq environment variables can also be used to indicate how to connect to the PostgreSQL database.

schemaNameOptional 
public java.lang.String getSchemaName();
  • Type: java.lang.String

Name of the automatically-managed Postgres schema, default to terraform_remote_state.

Can also be set using the PG_SCHEMA_NAME environment variable.

skipIndexCreationOptional 
public java.lang.Boolean getSkipIndexCreation();
  • Type: java.lang.Boolean

If set to true, the Postgres index must already exist.

Can also be set using the PG_SKIP_INDEX_CREATION environment variable. Terraform won't try to create the index, this is useful when it has already been created by a database administrator.

skipSchemaCreationOptional 
public java.lang.Boolean getSkipSchemaCreation();
  • Type: java.lang.Boolean

If set to true, the Postgres schema must already exist.

Can also be set using the PG_SKIP_SCHEMA_CREATION environment variable. Terraform won't try to create the schema, this is useful when it has already been created by a database administrator.

skipTableCreationOptional 
public java.lang.Boolean getSkipTableCreation();
  • Type: java.lang.Boolean

If set to true, the Postgres table must already exist.

Can also be set using the PG_SKIP_TABLE_CREATION environment variable. Terraform won't try to create the table, this is useful when it has already been created by a database administrator.

Postcondition

Terraform checks a postcondition after evaluating the object it is associated with.

Initializer 

import com.hashicorp.cdktf.Postcondition;

Postcondition.builder()
    .condition(java.lang.Object)
    .errorMessage(java.lang.String)
    .build();

Properties

NameTypeDescription
conditionjava.lang.ObjectThis is a boolean expression that should return true if the intended assumption or guarantee is fulfilled or false if it does not.
errorMessagejava.lang.StringThis contains the text that Terraform will include as part of error messages when it detects an unmet condition.
conditionRequired 
public java.lang.Object getCondition();
  • Type: java.lang.Object

This is a boolean expression that should return true if the intended assumption or guarantee is fulfilled or false if it does not.

errorMessageRequired 
public java.lang.String getErrorMessage();
  • Type: java.lang.String

This contains the text that Terraform will include as part of error messages when it detects an unmet condition.

Precondition

Terraform checks a precondition before evaluating the object it is associated with.

Initializer 

import com.hashicorp.cdktf.Precondition;

Precondition.builder()
    .condition(java.lang.Object)
    .errorMessage(java.lang.String)
    .build();

Properties

NameTypeDescription
conditionjava.lang.ObjectThis is a boolean expression that should return true if the intended assumption or guarantee is fulfilled or false if it does not.
errorMessagejava.lang.StringThis contains the text that Terraform will include as part of error messages when it detects an unmet condition.
conditionRequired 
public java.lang.Object getCondition();
  • Type: java.lang.Object

This is a boolean expression that should return true if the intended assumption or guarantee is fulfilled or false if it does not.

errorMessageRequired 
public java.lang.String getErrorMessage();
  • Type: java.lang.String

This contains the text that Terraform will include as part of error messages when it detects an unmet condition.

RemoteBackendConfig

Initializer 

import com.hashicorp.cdktf.RemoteBackendConfig;

RemoteBackendConfig.builder()
    .organization(java.lang.String)
    .workspaces(IRemoteWorkspace)
//  .hostname(java.lang.String)
//  .token(java.lang.String)
    .build();

Properties

NameTypeDescription
organizationjava.lang.StringNo description.
workspacesIRemoteWorkspaceNo description.
hostnamejava.lang.StringNo description.
tokenjava.lang.StringNo description.
organizationRequired 
public java.lang.String getOrganization();
  • Type: java.lang.String
workspacesRequired 
public IRemoteWorkspace getWorkspaces();
hostnameOptional 
public java.lang.String getHostname();
  • Type: java.lang.String
tokenOptional 
public java.lang.String getToken();
  • Type: java.lang.String

RemoteExecProvisioner

The remote-exec provisioner invokes a script on a remote resource after it is created.

This can be used to run a configuration management tool, bootstrap into a cluster, etc The remote-exec provisioner requires a connection and supports both ssh and winrm.

See {@link https://developer.hashicorp.com/terraform/language/resources/provisioners/remote-exec remote-exec}

Initializer 

import com.hashicorp.cdktf.RemoteExecProvisioner;

RemoteExecProvisioner.builder()
    .type(java.lang.String)
//  .connection(SSHProvisionerConnection)
//  .connection(WinrmProvisionerConnection)
//  .inline(java.util.List< java.lang.String >)
//  .script(java.lang.String)
//  .scripts(java.util.List< java.lang.String >)
    .build();

Properties

NameTypeDescription
typejava.lang.StringNo description.
connectionSSHProvisionerConnection OR WinrmProvisionerConnectionMost provisioners require access to the remote resource via SSH or WinRM and expect a nested connection block with details about how to connect.
inlinejava.util.List< java.lang.String >This is a list of command strings.
scriptjava.lang.StringThis is a path (relative or absolute) to a local script that will be copied to the remote resource and then executed.
scriptsjava.util.List< java.lang.String >This is a list of paths (relative or absolute) to local scripts that will be copied to the remote resource and then executed.
typeRequired 
public java.lang.String getType();
  • Type: java.lang.String
connectionOptional 
public java.lang.Object getConnection();

Most provisioners require access to the remote resource via SSH or WinRM and expect a nested connection block with details about how to connect.

A connection must be provided here or in the parent resource.

inlineOptional 
public java.util.List< java.lang.String > getInline();
  • Type: java.util.List< java.lang.String >

This is a list of command strings.

They are executed in the order they are provided. This cannot be provided with script or scripts.

scriptOptional 
public java.lang.String getScript();
  • Type: java.lang.String

This is a path (relative or absolute) to a local script that will be copied to the remote resource and then executed.

This cannot be provided with inline or scripts.

scriptsOptional 
public java.util.List< java.lang.String > getScripts();
  • Type: java.util.List< java.lang.String >

This is a list of paths (relative or absolute) to local scripts that will be copied to the remote resource and then executed.

They are executed in the order they are provided. This cannot be provided with inline or script.

ResolveOptions

Options to the resolve() operation.

NOT the same as the ResolveContext; ResolveContext is exposed to Token implementors and resolution hooks, whereas this struct is just to bundle a number of things that would otherwise be arguments to resolve() in a readable way.

Initializer 

import com.hashicorp.cdktf.ResolveOptions;

ResolveOptions.builder()
    .resolver(ITokenResolver)
    .scope(IConstruct)
//  .preparing(java.lang.Boolean)
    .build();

Properties

NameTypeDescription
resolverITokenResolverThe resolver to apply to any resolvable tokens found.
scopesoftware.constructs.IConstructThe scope from which resolution is performed.
preparingjava.lang.BooleanWhether the resolution is being executed during the prepare phase or not.
resolverRequired 
public ITokenResolver getResolver();

The resolver to apply to any resolvable tokens found.

scopeRequired 
public IConstruct getScope();
  • Type: software.constructs.IConstruct

The scope from which resolution is performed.

preparingOptional 
public java.lang.Boolean getPreparing();
  • Type: java.lang.Boolean
  • Default: false

Whether the resolution is being executed during the prepare phase or not.

S3BackendAssumeRoleConfig

Initializer 

import com.hashicorp.cdktf.S3BackendAssumeRoleConfig;

S3BackendAssumeRoleConfig.builder()
    .roleArn(java.lang.String)
//  .duration(java.lang.String)
//  .externalId(java.lang.String)
//  .policy(java.lang.String)
//  .policyArns(java.util.List< java.lang.String >)
//  .sessionName(java.lang.String)
//  .sourceIdentity(java.lang.String)
//  .tags(java.util.Map< java.lang.String, java.lang.String >)
//  .transitiveTagKeys(java.util.List< java.lang.String >)
    .build();

Properties

NameTypeDescription
roleArnjava.lang.String(Required) Amazon Resource Name (ARN) of the IAM Role to assume.
durationjava.lang.String(Optional) The duration individual credentials will be valid.
externalIdjava.lang.String(Optional) External identifier to use when assuming the role.
policyjava.lang.String(Optional) IAM Policy JSON describing further restricting permissions for the IAM Role being assumed.
policyArnsjava.util.List< java.lang.String >(Optional) Set of Amazon Resource Names (ARNs) of IAM Policies describing further restricting permissions for the IAM Role being assumed.
sessionNamejava.lang.String(Optional) Session name to use when assuming the role.
sourceIdentityjava.lang.String(Optional) Source identity specified by the principal assuming the.
tagsjava.util.Map< java.lang.String, java.lang.String >(Optional) Map of assume role session tags.
transitiveTagKeysjava.util.List< java.lang.String >(Optional) Set of assume role session tag keys to pass to any subsequent sessions.
roleArnRequired 
public java.lang.String getRoleArn();
  • Type: java.lang.String

(Required) Amazon Resource Name (ARN) of the IAM Role to assume.

durationOptional 
public java.lang.String getDuration();
  • Type: java.lang.String

(Optional) The duration individual credentials will be valid.

Credentials are automatically renewed up to the maximum defined by the AWS account. Specified using the format < hours >h< minutes >m< seconds >s with any unit being optional. For example, an hour and a half can be specified as 1h30m or 90m. Must be between 15 minutes (15m) and 12 hours (12h).

externalIdOptional 
public java.lang.String getExternalId();
  • Type: java.lang.String

(Optional) External identifier to use when assuming the role.

policyOptional 
public java.lang.String getPolicy();
  • Type: java.lang.String

(Optional) IAM Policy JSON describing further restricting permissions for the IAM Role being assumed.

policyArnsOptional 
public java.util.List< java.lang.String > getPolicyArns();
  • Type: java.util.List< java.lang.String >

(Optional) Set of Amazon Resource Names (ARNs) of IAM Policies describing further restricting permissions for the IAM Role being assumed.

sessionNameOptional 
public java.lang.String getSessionName();
  • Type: java.lang.String

(Optional) Session name to use when assuming the role.

sourceIdentityOptional 
public java.lang.String getSourceIdentity();
  • Type: java.lang.String

(Optional) Source identity specified by the principal assuming the.

tagsOptional 
public java.util.Map< java.lang.String, java.lang.String > getTags();
  • Type: java.util.Map< java.lang.String, java.lang.String >

(Optional) Map of assume role session tags.

transitiveTagKeysOptional 
public java.util.List< java.lang.String > getTransitiveTagKeys();
  • Type: java.util.List< java.lang.String >

(Optional) Set of assume role session tag keys to pass to any subsequent sessions.

S3BackendAssumeRoleWithWebIdentityConfig

Initializer 

import com.hashicorp.cdktf.S3BackendAssumeRoleWithWebIdentityConfig;

S3BackendAssumeRoleWithWebIdentityConfig.builder()
//  .duration(java.lang.String)
//  .policy(java.lang.String)
//  .policyArns(java.util.List< java.lang.String >)
//  .roleArn(java.lang.String)
//  .sessionName(java.lang.String)
//  .webIdentityToken(java.lang.String)
//  .webIdentityTokenFile(java.lang.String)
    .build();

Properties

NameTypeDescription
durationjava.lang.String(Optional) The duration individual credentials will be valid.
policyjava.lang.String(Optional) IAM Policy JSON describing further restricting permissions for the IAM Role being assumed.
policyArnsjava.util.List< java.lang.String >(Optional) Set of Amazon Resource Names (ARNs) of IAM Policies describing further restricting permissions for the IAM Role being assumed.
roleArnjava.lang.String(Required) Amazon Resource Name (ARN) of the IAM Role to assume.
sessionNamejava.lang.String(Optional) Session name to use when assuming the role.
webIdentityTokenjava.lang.String(Optional) The value of a web identity token from an OpenID Connect (OIDC) or OAuth provider.
webIdentityTokenFilejava.lang.String(Optional) File containing a web identity token from an OpenID Connect (OIDC) or OAuth provider.
durationOptional 
public java.lang.String getDuration();
  • Type: java.lang.String

(Optional) The duration individual credentials will be valid.

Credentials are automatically renewed up to the maximum defined by the AWS account. Specified using the format < hours >h< minutes >m< seconds >s with any unit being optional. For example, an hour and a half can be specified as 1h30m or 90m. Must be between 15 minutes (15m) and 12 hours (12h).

policyOptional 
public java.lang.String getPolicy();
  • Type: java.lang.String

(Optional) IAM Policy JSON describing further restricting permissions for the IAM Role being assumed.

policyArnsOptional 
public java.util.List< java.lang.String > getPolicyArns();
  • Type: java.util.List< java.lang.String >

(Optional) Set of Amazon Resource Names (ARNs) of IAM Policies describing further restricting permissions for the IAM Role being assumed.

roleArnOptional 
public java.lang.String getRoleArn();
  • Type: java.lang.String

(Required) Amazon Resource Name (ARN) of the IAM Role to assume.

Can also be set with the AWS_ROLE_ARN environment variable.

sessionNameOptional 
public java.lang.String getSessionName();
  • Type: java.lang.String

(Optional) Session name to use when assuming the role.

Can also be set with the AWS_ROLE_SESSION_NAME environment variable.

webIdentityTokenOptional 
public java.lang.String getWebIdentityToken();
  • Type: java.lang.String

(Optional) The value of a web identity token from an OpenID Connect (OIDC) or OAuth provider.

One of web_identity_token or web_identity_token_file is required.

webIdentityTokenFileOptional 
public java.lang.String getWebIdentityTokenFile();
  • Type: java.lang.String

(Optional) File containing a web identity token from an OpenID Connect (OIDC) or OAuth provider.

One of web_identity_token_file or web_identity_token is required. Can also be set with the AWS_WEB_IDENTITY_TOKEN_FILE environment variable.

S3BackendConfig

Stores the state as a given key in a given bucket on Amazon S3.

This backend also supports state locking and consistency checking via Dynamo DB, which can be enabled by setting the dynamodb_table field to an existing DynamoDB table name. A single DynamoDB table can be used to lock multiple remote state files. Terraform generates key names that include the values of the bucket and key variables.

Warning! It is highly recommended that you enable Bucket Versioning on the S3 bucket to allow for state recovery in the case of accidental deletions and human error.

Read more about this backend in the Terraform docs: https://developer.hashicorp.com/terraform/language/settings/backends/s3

Initializer 

import com.hashicorp.cdktf.S3BackendConfig;

S3BackendConfig.builder()
    .bucket(java.lang.String)
    .key(java.lang.String)
//  .accessKey(java.lang.String)
//  .acl(java.lang.String)
//  .allowedAccountIds(java.util.List< java.lang.String >)
//  .assumeRole(S3BackendAssumeRoleConfig)
//  .assumeRolePolicy(java.lang.String)
//  .assumeRolePolicyArns(java.util.List< java.lang.String >)
//  .assumeRoleTags(java.util.Map< java.lang.String, java.lang.String >)
//  .assumeRoleTransitiveTagKeys(java.util.List< java.lang.String >)
//  .assumeRoleWithWebIdentity(S3BackendAssumeRoleWithWebIdentityConfig)
//  .customCaBundle(java.lang.String)
//  .dynamodbEndpoint(java.lang.String)
//  .dynamodbTable(java.lang.String)
//  .ec2MetadataServiceEndpoint(java.lang.String)
//  .ec2MetadataServiceEndpointMode(java.lang.String)
//  .encrypt(java.lang.Boolean)
//  .endpoint(java.lang.String)
//  .endpoints(S3BackendEndpointConfig)
//  .externalId(java.lang.String)
//  .forbiddenAccountIds(java.util.List< java.lang.String >)
//  .forcePathStyle(java.lang.Boolean)
//  .httpProxy(java.lang.String)
//  .httpsProxy(java.lang.String)
//  .iamEndpoint(java.lang.String)
//  .insecure(java.lang.Boolean)
//  .kmsKeyId(java.lang.String)
//  .maxRetries(java.lang.Number)
//  .noProxy(java.lang.String)
//  .profile(java.lang.String)
//  .region(java.lang.String)
//  .retryMode(java.lang.String)
//  .roleArn(java.lang.String)
//  .secretKey(java.lang.String)
//  .sessionName(java.lang.String)
//  .sharedConfigFiles(java.util.List< java.lang.String >)
//  .sharedCredentialsFile(java.lang.String)
//  .sharedCredentialsFiles(java.util.List< java.lang.String >)
//  .skipCredentialsValidation(java.lang.Boolean)
//  .skipMetadataApiCheck(java.lang.Boolean)
//  .skipRegionValidation(java.lang.Boolean)
//  .skipRequestingAccountId(java.lang.Boolean)
//  .skipS3Checksum(java.lang.Boolean)
//  .sseCustomerKey(java.lang.String)
//  .stsEndpoint(java.lang.String)
//  .stsRegion(java.lang.String)
//  .token(java.lang.String)
//  .useLegacyWorkflow(java.lang.Boolean)
//  .usePathStyle(java.lang.Boolean)
//  .workspaceKeyPrefix(java.lang.String)
    .build();

Properties

NameTypeDescription
bucketjava.lang.StringName of the S3 Bucket.
keyjava.lang.StringPath to the state file inside the S3 Bucket.
accessKeyjava.lang.String(Optional) AWS access key.
acljava.lang.String(Optional) Canned ACL to be applied to the state file.
allowedAccountIdsjava.util.List< java.lang.String >(Optional) List of allowed AWS account IDs to prevent potential destruction of a live environment.
assumeRoleS3BackendAssumeRoleConfigAssuming an IAM Role can be configured in two ways.
assumeRolePolicyjava.lang.String(Optional) IAM Policy JSON describing further restricting permissions for the IAM Role being assumed.
assumeRolePolicyArnsjava.util.List< java.lang.String >(Optional) Set of Amazon Resource Names (ARNs) of IAM Policies describing further restricting permissions for the IAM Role being assumed.
assumeRoleTagsjava.util.Map< java.lang.String, java.lang.String >(Optional) Map of assume role session tags.
assumeRoleTransitiveTagKeysjava.util.List< java.lang.String >(Optional) Set of assume role session tag keys to pass to any subsequent sessions.
assumeRoleWithWebIdentityS3BackendAssumeRoleWithWebIdentityConfigAssume Role With Web Identity Configuration.
customCaBundlejava.lang.String(Optional) File containing custom root and intermediate certificates.
dynamodbEndpointjava.lang.String(Optional) Custom endpoint for the AWS DynamoDB API.
dynamodbTablejava.lang.String(Optional) Name of DynamoDB Table to use for state locking and consistency.
ec2MetadataServiceEndpointjava.lang.StringOptional) Custom endpoint URL for the EC2 Instance Metadata Service (IMDS) API.
ec2MetadataServiceEndpointModejava.lang.String(Optional) Mode to use in communicating with the metadata service.
encryptjava.lang.Boolean(Optional) Enable server side encryption of the state file.
endpointjava.lang.String(Optional) Custom endpoint for the AWS S3 API.
endpointsS3BackendEndpointConfig(Optional) The endpoint configuration block.
externalIdjava.lang.String(Optional) External identifier to use when assuming the role.
forbiddenAccountIdsjava.util.List< java.lang.String >(Optional) List of forbidden AWS account IDs to prevent potential destruction of a live environment.
forcePathStylejava.lang.Boolean(Optional) Enable path-style S3 URLs (https://< HOST >/< BUCKET > instead of https://< BUCKET >.< HOST >).
httpProxyjava.lang.String(Optional) URL of a proxy to use for HTTP requests when accessing the AWS API.
httpsProxyjava.lang.String(Optional) URL of a proxy to use for HTTPS requests when accessing the AWS API.
iamEndpointjava.lang.String(Optional) Custom endpoint for the AWS Identity and Access Management (IAM) API.
insecurejava.lang.BooleanOptional) Whether to explicitly allow the backend to perform "insecure" SSL requests.
kmsKeyIdjava.lang.String(Optional) Amazon Resource Name (ARN) of a Key Management Service (KMS) Key to use for encrypting the state.
maxRetriesjava.lang.Number(Optional) The maximum number of times an AWS API request is retried on retryable failure.
noProxyjava.lang.String(Optional) Comma-separated list of hosts that should not use HTTP or HTTPS proxies.
profilejava.lang.String(Optional) Name of AWS profile in AWS shared credentials file (e.g. ~/.aws/credentials) or AWS shared configuration file (e.g. ~/.aws/config) to use for credentials and/or configuration. This can also be sourced from the AWS_PROFILE environment variable.
regionjava.lang.StringAWS Region of the S3 Bucket and DynamoDB Table (if used).
retryModejava.lang.String(Optional) Specifies how retries are attempted.
roleArnjava.lang.String(Optional) Amazon Resource Name (ARN) of the IAM Role to assume.
secretKeyjava.lang.String(Optional) AWS secret access key.
sessionNamejava.lang.String(Optional) Session name to use when assuming the role.
sharedConfigFilesjava.util.List< java.lang.String >(Optional) List of paths to AWS shared configuration files.
sharedCredentialsFilejava.lang.String(Optional) Path to the AWS shared credentials file.
sharedCredentialsFilesjava.util.List< java.lang.String >(Optional) List of paths to AWS shared credentials files.
skipCredentialsValidationjava.lang.Boolean(Optional) Skip credentials validation via the STS API.
skipMetadataApiCheckjava.lang.Boolean(Optional) Skip usage of EC2 Metadata API.
skipRegionValidationjava.lang.Boolean(Optional) Skip validation of provided region name.
skipRequestingAccountIdjava.lang.Boolean(Optional) Whether to skip requesting the account ID.
skipS3Checksumjava.lang.Boolean(Optional) Do not include checksum when uploading S3 Objects.
sseCustomerKeyjava.lang.String(Optional) The key to use for encrypting state with Server-Side Encryption with Customer-Provided Keys (SSE-C).
stsEndpointjava.lang.String(Optional) Custom endpoint for the AWS Security Token Service (STS) API.
stsRegionjava.lang.String(Optional) AWS region for STS.
tokenjava.lang.String(Optional) Multi-Factor Authentication (MFA) token.
useLegacyWorkflowjava.lang.Boolean(Optional) Use the legacy authentication workflow, preferring environment variables over backend configuration.
usePathStylejava.lang.Boolean(Optional) Enable path-style S3 URLs (https://< HOST >/< BUCKET > instead of https://< BUCKET >.< HOST >).
workspaceKeyPrefixjava.lang.String(Optional) Prefix applied to the state path inside the bucket.
bucketRequired 
public java.lang.String getBucket();
  • Type: java.lang.String

Name of the S3 Bucket.

keyRequired 
public java.lang.String getKey();
  • Type: java.lang.String

Path to the state file inside the S3 Bucket.

When using a non-default workspace, the state path will be /workspace_key_prefix/workspace_name/key

accessKeyOptional 
public java.lang.String getAccessKey();
  • Type: java.lang.String

(Optional) AWS access key.

If configured, must also configure secret_key. This can also be sourced from the AWS_ACCESS_KEY_ID environment variable, AWS shared credentials file (e.g. ~/.aws/credentials), or AWS shared configuration file (e.g. ~/.aws/config).

aclOptional 
public java.lang.String getAcl();
  • Type: java.lang.String

(Optional) Canned ACL to be applied to the state file.

allowedAccountIdsOptional 
public java.util.List< java.lang.String > getAllowedAccountIds();
  • Type: java.util.List< java.lang.String >

(Optional) List of allowed AWS account IDs to prevent potential destruction of a live environment.

Conflicts with forbidden_account_ids.

assumeRoleOptional 
public S3BackendAssumeRoleConfig getAssumeRole();

Assuming an IAM Role can be configured in two ways.

The preferred way is to use the argument assume_role, the other, which is deprecated, is with arguments at the top level.

assumeRolePolicyOptional
  • Deprecated: Use assumeRole.policy instead.
public java.lang.String getAssumeRolePolicy();
  • Type: java.lang.String

(Optional) IAM Policy JSON describing further restricting permissions for the IAM Role being assumed.

assumeRolePolicyArnsOptional
  • Deprecated: Use assumeRole.policyArns instead.
public java.util.List< java.lang.String > getAssumeRolePolicyArns();
  • Type: java.util.List< java.lang.String >

(Optional) Set of Amazon Resource Names (ARNs) of IAM Policies describing further restricting permissions for the IAM Role being assumed.

assumeRoleTagsOptional
  • Deprecated: Use assumeRole.tags instead.
public java.util.Map< java.lang.String, java.lang.String > getAssumeRoleTags();
  • Type: java.util.Map< java.lang.String, java.lang.String >

(Optional) Map of assume role session tags.

assumeRoleTransitiveTagKeysOptional
  • Deprecated: Use assumeRole.transitiveTagKeys instead.
public java.util.List< java.lang.String > getAssumeRoleTransitiveTagKeys();
  • Type: java.util.List< java.lang.String >

(Optional) Set of assume role session tag keys to pass to any subsequent sessions.

assumeRoleWithWebIdentityOptional 
public S3BackendAssumeRoleWithWebIdentityConfig getAssumeRoleWithWebIdentity();

Assume Role With Web Identity Configuration.

customCaBundleOptional 
public java.lang.String getCustomCaBundle();
  • Type: java.lang.String

(Optional) File containing custom root and intermediate certificates.

Can also be set using the AWS_CA_BUNDLE environment variable. Setting ca_bundle in the shared config file is not supported.

dynamodbEndpointOptional
  • Deprecated: Use endpoints.dynamodb instead
public java.lang.String getDynamodbEndpoint();
  • Type: java.lang.String

(Optional) Custom endpoint for the AWS DynamoDB API.

This can also be sourced from the AWS_DYNAMODB_ENDPOINT environment variable.

dynamodbTableOptional 
public java.lang.String getDynamodbTable();
  • Type: java.lang.String

(Optional) Name of DynamoDB Table to use for state locking and consistency.

The table must have a partition key named LockID with type of String. If not configured, state locking will be disabled.

ec2MetadataServiceEndpointOptional 
public java.lang.String getEc2MetadataServiceEndpoint();
  • Type: java.lang.String

Optional) Custom endpoint URL for the EC2 Instance Metadata Service (IMDS) API.

Can also be set with the AWS_EC2_METADATA_SERVICE_ENDPOINT environment variable.

ec2MetadataServiceEndpointModeOptional 
public java.lang.String getEc2MetadataServiceEndpointMode();
  • Type: java.lang.String

(Optional) Mode to use in communicating with the metadata service.

Valid values are IPv4 and IPv6. Can also be set with the AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE environment variable.

encryptOptional 
public java.lang.Boolean getEncrypt();
  • Type: java.lang.Boolean

(Optional) Enable server side encryption of the state file.

endpointOptional
  • Deprecated: Use endpoints.s3 instead
public java.lang.String getEndpoint();
  • Type: java.lang.String

(Optional) Custom endpoint for the AWS S3 API.

This can also be sourced from the AWS_S3_ENDPOINT environment variable.

endpointsOptional 
public S3BackendEndpointConfig getEndpoints();

(Optional) The endpoint configuration block.

externalIdOptional
  • Deprecated: Use assume_role.external_id instead.
public java.lang.String getExternalId();
  • Type: java.lang.String

(Optional) External identifier to use when assuming the role.

forbiddenAccountIdsOptional 
public java.util.List< java.lang.String > getForbiddenAccountIds();
  • Type: java.util.List< java.lang.String >

(Optional) List of forbidden AWS account IDs to prevent potential destruction of a live environment.

Conflicts with allowed_account_ids.

forcePathStyleOptional
  • Deprecated: Use usePathStyle instead
public java.lang.Boolean getForcePathStyle();
  • Type: java.lang.Boolean

(Optional) Enable path-style S3 URLs (https://< HOST >/< BUCKET > instead of https://< BUCKET >.< HOST >).

httpProxyOptional 
public java.lang.String getHttpProxy();
  • Type: java.lang.String

(Optional) URL of a proxy to use for HTTP requests when accessing the AWS API.

Can also be set using the HTTP_PROXY or http_proxy environment variables.

httpsProxyOptional 
public java.lang.String getHttpsProxy();
  • Type: java.lang.String

(Optional) URL of a proxy to use for HTTPS requests when accessing the AWS API.

Can also be set using the HTTPS_PROXY or https_proxy environment variables.

iamEndpointOptional
  • Deprecated: Use endpoints.iam instead
public java.lang.String getIamEndpoint();
  • Type: java.lang.String

(Optional) Custom endpoint for the AWS Identity and Access Management (IAM) API.

This can also be sourced from the AWS_IAM_ENDPOINT environment variable.

insecureOptional 
public java.lang.Boolean getInsecure();
  • Type: java.lang.Boolean

Optional) Whether to explicitly allow the backend to perform "insecure" SSL requests.

If omitted, the default value is false.

kmsKeyIdOptional 
public java.lang.String getKmsKeyId();
  • Type: java.lang.String

(Optional) Amazon Resource Name (ARN) of a Key Management Service (KMS) Key to use for encrypting the state.

Note that if this value is specified, Terraform will need kms:Encrypt, kms:Decrypt and kms:GenerateDataKey permissions on this KMS key.

maxRetriesOptional 
public java.lang.Number getMaxRetries();
  • Type: java.lang.Number

(Optional) The maximum number of times an AWS API request is retried on retryable failure.

Defaults to 5.

noProxyOptional 
public java.lang.String getNoProxy();
  • Type: java.lang.String

(Optional) Comma-separated list of hosts that should not use HTTP or HTTPS proxies.

Each value can be one of:

  • A domain name
  • An IP address
  • A CIDR address
  • An asterisk (*), to indicate that no proxying should be performed Domain name and IP address values can also include a port number. Can also be set using the NO_PROXY or no_proxy environment variables.
profileOptional 
public java.lang.String getProfile();
  • Type: java.lang.String

(Optional) Name of AWS profile in AWS shared credentials file (e.g. ~/.aws/credentials) or AWS shared configuration file (e.g. ~/.aws/config) to use for credentials and/or configuration. This can also be sourced from the AWS_PROFILE environment variable.

regionOptional 
public java.lang.String getRegion();
  • Type: java.lang.String

AWS Region of the S3 Bucket and DynamoDB Table (if used).

This can also be sourced from the AWS_DEFAULT_REGION and AWS_REGION environment variables.

retryModeOptional 
public java.lang.String getRetryMode();
  • Type: java.lang.String

(Optional) Specifies how retries are attempted.

Valid values are standard and adaptive. Can also be configured using the AWS_RETRY_MODE environment variable or the shared config file parameter retry_mode.

roleArnOptional
  • Deprecated: Use assumeRole.roleArn instead.
public java.lang.String getRoleArn();
  • Type: java.lang.String

(Optional) Amazon Resource Name (ARN) of the IAM Role to assume.

secretKeyOptional 
public java.lang.String getSecretKey();
  • Type: java.lang.String

(Optional) AWS secret access key.

If configured, must also configure access_key. This can also be sourced from the AWS_SECRET_ACCESS_KEY environment variable, AWS shared credentials file (e.g. ~/.aws/credentials), or AWS shared configuration file (e.g. ~/.aws/config)

sessionNameOptional
  • Deprecated: Use assumeRole.sessionName instead.
public java.lang.String getSessionName();
  • Type: java.lang.String

(Optional) Session name to use when assuming the role.

sharedConfigFilesOptional 
public java.util.List< java.lang.String > getSharedConfigFiles();
  • Type: java.util.List< java.lang.String >

(Optional) List of paths to AWS shared configuration files.

Defaults to ~/.aws/config.

sharedCredentialsFileOptional 
public java.lang.String getSharedCredentialsFile();
  • Type: java.lang.String

(Optional) Path to the AWS shared credentials file.

Defaults to ~/.aws/credentials.

sharedCredentialsFilesOptional 
public java.util.List< java.lang.String > getSharedCredentialsFiles();
  • Type: java.util.List< java.lang.String >

(Optional) List of paths to AWS shared credentials files.

Defaults to ~/.aws/credentials.

skipCredentialsValidationOptional 
public java.lang.Boolean getSkipCredentialsValidation();
  • Type: java.lang.Boolean

(Optional) Skip credentials validation via the STS API.

skipMetadataApiCheckOptional 
public java.lang.Boolean getSkipMetadataApiCheck();
  • Type: java.lang.Boolean

(Optional) Skip usage of EC2 Metadata API.

skipRegionValidationOptional 
public java.lang.Boolean getSkipRegionValidation();
  • Type: java.lang.Boolean

(Optional) Skip validation of provided region name.

skipRequestingAccountIdOptional 
public java.lang.Boolean getSkipRequestingAccountId();
  • Type: java.lang.Boolean

(Optional) Whether to skip requesting the account ID.

Useful for AWS API implementations that do not have the IAM, STS API, or metadata API.

skipS3ChecksumOptional 
public java.lang.Boolean getSkipS3Checksum();
  • Type: java.lang.Boolean

(Optional) Do not include checksum when uploading S3 Objects.

Useful for some S3-Compatible APIs.

sseCustomerKeyOptional 
public java.lang.String getSseCustomerKey();
  • Type: java.lang.String

(Optional) The key to use for encrypting state with Server-Side Encryption with Customer-Provided Keys (SSE-C).

This is the base64-encoded value of the key, which must decode to 256 bits. This can also be sourced from the AWS_SSE_CUSTOMER_KEY environment variable, which is recommended due to the sensitivity of the value. Setting it inside a terraform file will cause it to be persisted to disk in terraform.tfstate.

stsEndpointOptional
  • Deprecated: Use endpoints.sts instead
public java.lang.String getStsEndpoint();
  • Type: java.lang.String

(Optional) Custom endpoint for the AWS Security Token Service (STS) API.

This can also be sourced from the AWS_STS_ENDPOINT environment variable.

stsRegionOptional 
public java.lang.String getStsRegion();
  • Type: java.lang.String

(Optional) AWS region for STS.

If unset, AWS will use the same region for STS as other non-STS operations.

tokenOptional 
public java.lang.String getToken();
  • Type: java.lang.String

(Optional) Multi-Factor Authentication (MFA) token.

This can also be sourced from the AWS_SESSION_TOKEN environment variable.

useLegacyWorkflowOptional 
public java.lang.Boolean getUseLegacyWorkflow();
  • Type: java.lang.Boolean

(Optional) Use the legacy authentication workflow, preferring environment variables over backend configuration.

Defaults to true. This behavior does not align with the authentication flow of the AWS CLI or SDK's, and will be removed in the future.

usePathStyleOptional 
public java.lang.Boolean getUsePathStyle();
  • Type: java.lang.Boolean

(Optional) Enable path-style S3 URLs (https://< HOST >/< BUCKET > instead of https://< BUCKET >.< HOST >).

workspaceKeyPrefixOptional 
public java.lang.String getWorkspaceKeyPrefix();
  • Type: java.lang.String

(Optional) Prefix applied to the state path inside the bucket.

This is only relevant when using a non-default workspace. Defaults to env:

S3BackendEndpointConfig

Initializer 

import com.hashicorp.cdktf.S3BackendEndpointConfig;

S3BackendEndpointConfig.builder()
//  .dynamodb(java.lang.String)
//  .iam(java.lang.String)
//  .s3(java.lang.String)
//  .sso(java.lang.String)
//  .sts(java.lang.String)
    .build();

Properties

NameTypeDescription
dynamodbjava.lang.String(Optional) Custom endpoint URL for the AWS DynamoDB API.
iamjava.lang.String(Optional) Custom endpoint URL for the AWS IAM API.
s3java.lang.String(Optional) Custom endpoint URL for the AWS S3 API.
ssojava.lang.String(Optional) Custom endpoint URL for the AWS IAM Identity Center (formerly known as AWS SSO) API.
stsjava.lang.String(Optional) Custom endpoint URL for the AWS STS API.
dynamodbOptional 
public java.lang.String getDynamodb();
  • Type: java.lang.String

(Optional) Custom endpoint URL for the AWS DynamoDB API.

This can also be sourced from the environment variable AWS_ENDPOINT_URL_DYNAMODB or the deprecated environment variable AWS_DYNAMODB_ENDPOINT.

iamOptional 
public java.lang.String getIam();
  • Type: java.lang.String

(Optional) Custom endpoint URL for the AWS IAM API.

This can also be sourced from the environment variable AWS_ENDPOINT_URL_IAM or the deprecated environment variable AWS_IAM_ENDPOINT.

s3Optional 
public java.lang.String getS3();
  • Type: java.lang.String

(Optional) Custom endpoint URL for the AWS S3 API.

This can also be sourced from the environment variable AWS_ENDPOINT_URL_S3 or the deprecated environment variable AWS_S3_ENDPOINT.

ssoOptional 
public java.lang.String getSso();
  • Type: java.lang.String

(Optional) Custom endpoint URL for the AWS IAM Identity Center (formerly known as AWS SSO) API.

This can also be sourced from the environment variable AWS_ENDPOINT_URL_SSO.

stsOptional 
public java.lang.String getSts();
  • Type: java.lang.String

(Optional) Custom endpoint URL for the AWS STS API.

This can also be sourced from the environment variable AWS_ENDPOINT_URL_STS or the deprecated environment variable AWS_STS_ENDPOINT.

SSHProvisionerConnection

Most provisioners require access to the remote resource via SSH or WinRM and expect a nested connection block with details about how to connect.

Refer to {@link https://developer.hashicorp.com/terraform/language/resources/provisioners/connection connection}

Initializer 

import com.hashicorp.cdktf.SSHProvisionerConnection;

SSHProvisionerConnection.builder()
    .host(java.lang.String)
    .type(java.lang.String)
//  .agent(java.lang.String)
//  .agentIdentity(java.lang.String)
//  .bastionCertificate(java.lang.String)
//  .bastionHost(java.lang.String)
//  .bastionHostKey(java.lang.String)
//  .bastionPassword(java.lang.String)
//  .bastionPort(java.lang.Number)
//  .bastionPrivateKey(java.lang.String)
//  .bastionUser(java.lang.String)
//  .certificate(java.lang.String)
//  .hostKey(java.lang.String)
//  .password(java.lang.String)
//  .port(java.lang.Number)
//  .privateKey(java.lang.String)
//  .proxyHost(java.lang.String)
//  .proxyPort(java.lang.Number)
//  .proxyScheme(java.lang.String)
//  .proxyUserName(java.lang.String)
//  .proxyUserPassword(java.lang.String)
//  .scriptPath(java.lang.String)
//  .targetPlatform(java.lang.String)
//  .timeout(java.lang.String)
//  .user(java.lang.String)
    .build();

Properties

NameTypeDescription
hostjava.lang.StringThe address of the resource to connect to.
typejava.lang.StringThe connection type.
agentjava.lang.StringSet to false to disable using ssh-agent to authenticate.
agentIdentityjava.lang.StringThe preferred identity from the ssh agent for authentication.
bastionCertificatejava.lang.StringThe contents of a signed CA Certificate.
bastionHostjava.lang.StringSetting this enables the bastion Host connection.
bastionHostKeyjava.lang.StringThe public key from the remote host or the signing CA, used to verify the host connection.
bastionPasswordjava.lang.StringThe password to use for the bastion host.
bastionPortjava.lang.NumberThe port to use connect to the bastion host.
bastionPrivateKeyjava.lang.StringThe contents of an SSH key file to use for the bastion host.
bastionUserjava.lang.StringThe user for the connection to the bastion host.
certificatejava.lang.StringThe contents of a signed CA Certificate.
hostKeyjava.lang.StringThe public key from the remote host or the signing CA, used to verify the connection.
passwordjava.lang.StringThe password to use for the connection.
portjava.lang.NumberThe port to connect to.
privateKeyjava.lang.StringThe contents of an SSH key to use for the connection.
proxyHostjava.lang.StringSetting this enables the SSH over HTTP connection.
proxyPortjava.lang.NumberThe port to use connect to the proxy host.
proxySchemejava.lang.StringThe ssh connection also supports the following fields to facilitate connections by SSH over HTTP proxy.
proxyUserNamejava.lang.StringThe username to use connect to the private proxy host.
proxyUserPasswordjava.lang.StringThe password to use connect to the private proxy host.
scriptPathjava.lang.StringThe path used to copy scripts meant for remote execution.
targetPlatformjava.lang.StringThe target platform to connect to.
timeoutjava.lang.StringThe timeout to wait for the connection to become available.
userjava.lang.StringThe user to use for the connection.
hostRequired 
public java.lang.String getHost();
  • Type: java.lang.String

The address of the resource to connect to.

typeRequired 
public java.lang.String getType();
  • Type: java.lang.String

The connection type.

Valid values are "ssh" and "winrm". Provisioners typically assume that the remote system runs Microsoft Windows when using WinRM. Behaviors based on the SSH target_platform will force Windows-specific behavior for WinRM, unless otherwise specified.

agentOptional 
public java.lang.String getAgent();
  • Type: java.lang.String

Set to false to disable using ssh-agent to authenticate.

On Windows the only supported SSH authentication agent is Pageant.

agentIdentityOptional 
public java.lang.String getAgentIdentity();
  • Type: java.lang.String

The preferred identity from the ssh agent for authentication.

bastionCertificateOptional 
public java.lang.String getBastionCertificate();
  • Type: java.lang.String

The contents of a signed CA Certificate.

The certificate argument must be used in conjunction with a bastion_private_key. These can be loaded from a file on disk using the the file function.

bastionHostOptional 
public java.lang.String getBastionHost();
  • Type: java.lang.String

Setting this enables the bastion Host connection.

The provisioner will connect to bastion_host first, and then connect from there to host.

bastionHostKeyOptional 
public java.lang.String getBastionHostKey();
  • Type: java.lang.String

The public key from the remote host or the signing CA, used to verify the host connection.

bastionPasswordOptional 
public java.lang.String getBastionPassword();
  • Type: java.lang.String

The password to use for the bastion host.

bastionPortOptional 
public java.lang.Number getBastionPort();
  • Type: java.lang.Number

The port to use connect to the bastion host.

bastionPrivateKeyOptional 
public java.lang.String getBastionPrivateKey();
  • Type: java.lang.String

The contents of an SSH key file to use for the bastion host.

These can be loaded from a file on disk using the file function.

bastionUserOptional 
public java.lang.String getBastionUser();
  • Type: java.lang.String

The user for the connection to the bastion host.

certificateOptional 
public java.lang.String getCertificate();
  • Type: java.lang.String

The contents of a signed CA Certificate.

The certificate argument must be used in conjunction with a private_key. These can be loaded from a file on disk using the the file function.

hostKeyOptional 
public java.lang.String getHostKey();
  • Type: java.lang.String

The public key from the remote host or the signing CA, used to verify the connection.

passwordOptional 
public java.lang.String getPassword();
  • Type: java.lang.String

The password to use for the connection.

portOptional 
public java.lang.Number getPort();
  • Type: java.lang.Number
  • Default: 22

The port to connect to.

privateKeyOptional 
public java.lang.String getPrivateKey();
  • Type: java.lang.String

The contents of an SSH key to use for the connection.

These can be loaded from a file on disk using the file function. This takes preference over password if provided.

proxyHostOptional 
public java.lang.String getProxyHost();
  • Type: java.lang.String

Setting this enables the SSH over HTTP connection.

This host will be connected to first, and then the host or bastion_host connection will be made from there.

proxyPortOptional 
public java.lang.Number getProxyPort();
  • Type: java.lang.Number

The port to use connect to the proxy host.

proxySchemeOptional 
public java.lang.String getProxyScheme();
  • Type: java.lang.String

The ssh connection also supports the following fields to facilitate connections by SSH over HTTP proxy.

proxyUserNameOptional 
public java.lang.String getProxyUserName();
  • Type: java.lang.String

The username to use connect to the private proxy host.

This argument should be specified only if authentication is required for the HTTP Proxy server.

proxyUserPasswordOptional 
public java.lang.String getProxyUserPassword();
  • Type: java.lang.String

The password to use connect to the private proxy host.

This argument should be specified only if authentication is required for the HTTP Proxy server.

scriptPathOptional 
public java.lang.String getScriptPath();
  • Type: java.lang.String

The path used to copy scripts meant for remote execution.

Refer to {@link https://developer.hashicorp.com/terraform/language/resources/provisioners/connection#how-provisioners-execute-remote-scripts How Provisioners Execute Remote Scripts below for more details}

targetPlatformOptional 
public java.lang.String getTargetPlatform();
  • Type: java.lang.String
  • Default: unix

The target platform to connect to.

Valid values are "windows" and "unix". If the platform is set to windows, the default scriptpath is c:\windows\temp\terraform%RAND%.cmd, assuming the SSH default shell is cmd.exe. If the SSH default shell is PowerShell, set scriptpath to "c:/windows/temp/terraform%RAND%.ps1"

timeoutOptional 
public java.lang.String getTimeout();
  • Type: java.lang.String
  • Default: 5m

The timeout to wait for the connection to become available.

Should be provided as a string (e.g., "30s" or "5m".)

userOptional 
public java.lang.String getUser();
  • Type: java.lang.String
  • Default: root

The user to use for the connection.

StackAnnotation

Initializer 

import com.hashicorp.cdktf.StackAnnotation;

StackAnnotation.builder()
    .constructPath(java.lang.String)
    .level(AnnotationMetadataEntryType)
    .message(java.lang.String)
//  .stacktrace(java.util.List< java.lang.String >)
    .build();

Properties

NameTypeDescription
constructPathjava.lang.StringNo description.
levelAnnotationMetadataEntryTypeNo description.
messagejava.lang.StringNo description.
stacktracejava.util.List< java.lang.String >No description.
constructPathRequired 
public java.lang.String getConstructPath();
  • Type: java.lang.String
levelRequired 
public AnnotationMetadataEntryType getLevel();
messageRequired 
public java.lang.String getMessage();
  • Type: java.lang.String
stacktraceOptional 
public java.util.List< java.lang.String > getStacktrace();
  • Type: java.util.List< java.lang.String >

StackManifest

Initializer 

import com.hashicorp.cdktf.StackManifest;

StackManifest.builder()
    .annotations(java.util.List< StackAnnotation >)
    .constructPath(java.lang.String)
    .dependencies(java.util.List< java.lang.String >)
    .name(java.lang.String)
    .stackMetadataPath(java.lang.String)
    .synthesizedStackPath(java.lang.String)
    .workingDirectory(java.lang.String)
    .build();

Properties

NameTypeDescription
annotationsjava.util.List< StackAnnotation>No description.
constructPathjava.lang.StringNo description.
dependenciesjava.util.List< java.lang.String >No description.
namejava.lang.StringNo description.
stackMetadataPathjava.lang.StringNo description.
synthesizedStackPathjava.lang.StringNo description.
workingDirectoryjava.lang.StringNo description.
annotationsRequired 
public java.util.List< StackAnnotation > getAnnotations();
constructPathRequired 
public java.lang.String getConstructPath();
  • Type: java.lang.String
dependenciesRequired 
public java.util.List< java.lang.String > getDependencies();
  • Type: java.util.List< java.lang.String >
nameRequired 
public java.lang.String getName();
  • Type: java.lang.String
stackMetadataPathRequired 
public java.lang.String getStackMetadataPath();
  • Type: java.lang.String
synthesizedStackPathRequired 
public java.lang.String getSynthesizedStackPath();
  • Type: java.lang.String
workingDirectoryRequired 
public java.lang.String getWorkingDirectory();
  • Type: java.lang.String

SwiftBackendConfig

Initializer 

import com.hashicorp.cdktf.SwiftBackendConfig;

SwiftBackendConfig.builder()
    .container(java.lang.String)
//  .applicationCredentialId(java.lang.String)
//  .applicationCredentialName(java.lang.String)
//  .applicationCredentialSecret(java.lang.String)
//  .archiveContainer(java.lang.String)
//  .authUrl(java.lang.String)
//  .cacertFile(java.lang.String)
//  .cert(java.lang.String)
//  .cloud(java.lang.String)
//  .defaultDomain(java.lang.String)
//  .domainId(java.lang.String)
//  .domainName(java.lang.String)
//  .expireAfter(java.lang.String)
//  .insecure(java.lang.Boolean)
//  .key(java.lang.String)
//  .password(java.lang.String)
//  .projectDomainId(java.lang.String)
//  .projectDomainName(java.lang.String)
//  .regionName(java.lang.String)
//  .stateName(java.lang.String)
//  .tenantId(java.lang.String)
//  .tenantName(java.lang.String)
//  .token(java.lang.String)
//  .userDomainId(java.lang.String)
//  .userDomainName(java.lang.String)
//  .userId(java.lang.String)
//  .userName(java.lang.String)
    .build();

Properties

NameTypeDescription
containerjava.lang.StringNo description.
applicationCredentialIdjava.lang.StringNo description.
applicationCredentialNamejava.lang.StringNo description.
applicationCredentialSecretjava.lang.StringNo description.
archiveContainerjava.lang.StringNo description.
authUrljava.lang.StringNo description.
cacertFilejava.lang.StringNo description.
certjava.lang.StringNo description.
cloudjava.lang.StringNo description.
defaultDomainjava.lang.StringNo description.
domainIdjava.lang.StringNo description.
domainNamejava.lang.StringNo description.
expireAfterjava.lang.StringNo description.
insecurejava.lang.BooleanNo description.
keyjava.lang.StringNo description.
passwordjava.lang.StringNo description.
projectDomainIdjava.lang.StringNo description.
projectDomainNamejava.lang.StringNo description.
regionNamejava.lang.StringNo description.
stateNamejava.lang.StringNo description.
tenantIdjava.lang.StringNo description.
tenantNamejava.lang.StringNo description.
tokenjava.lang.StringNo description.
userDomainIdjava.lang.StringNo description.
userDomainNamejava.lang.StringNo description.
userIdjava.lang.StringNo description.
userNamejava.lang.StringNo description.
containerRequired
  • Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public java.lang.String getContainer();
  • Type: java.lang.String
applicationCredentialIdOptional
  • Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public java.lang.String getApplicationCredentialId();
  • Type: java.lang.String
applicationCredentialNameOptional
  • Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public java.lang.String getApplicationCredentialName();
  • Type: java.lang.String
applicationCredentialSecretOptional
  • Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public java.lang.String getApplicationCredentialSecret();
  • Type: java.lang.String
archiveContainerOptional
  • Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public java.lang.String getArchiveContainer();
  • Type: java.lang.String
authUrlOptional
  • Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public java.lang.String getAuthUrl();
  • Type: java.lang.String
cacertFileOptional
  • Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public java.lang.String getCacertFile();
  • Type: java.lang.String
certOptional
  • Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public java.lang.String getCert();
  • Type: java.lang.String
cloudOptional
  • Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public java.lang.String getCloud();
  • Type: java.lang.String
defaultDomainOptional
  • Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public java.lang.String getDefaultDomain();
  • Type: java.lang.String
domainIdOptional
  • Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public java.lang.String getDomainId();
  • Type: java.lang.String
domainNameOptional
  • Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public java.lang.String getDomainName();
  • Type: java.lang.String
expireAfterOptional
  • Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public java.lang.String getExpireAfter();
  • Type: java.lang.String
insecureOptional
  • Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public java.lang.Boolean getInsecure();
  • Type: java.lang.Boolean
keyOptional
  • Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public java.lang.String getKey();
  • Type: java.lang.String
passwordOptional
  • Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public java.lang.String getPassword();
  • Type: java.lang.String
projectDomainIdOptional
  • Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public java.lang.String getProjectDomainId();
  • Type: java.lang.String
projectDomainNameOptional
  • Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public java.lang.String getProjectDomainName();
  • Type: java.lang.String
regionNameOptional
  • Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public java.lang.String getRegionName();
  • Type: java.lang.String
stateNameOptional
  • Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public java.lang.String getStateName();
  • Type: java.lang.String
tenantIdOptional
  • Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public java.lang.String getTenantId();
  • Type: java.lang.String
tenantNameOptional
  • Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public java.lang.String getTenantName();
  • Type: java.lang.String
tokenOptional
  • Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public java.lang.String getToken();
  • Type: java.lang.String
userDomainIdOptional
  • Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public java.lang.String getUserDomainId();
  • Type: java.lang.String
userDomainNameOptional
  • Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public java.lang.String getUserDomainName();
  • Type: java.lang.String
userIdOptional
  • Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public java.lang.String getUserId();
  • Type: java.lang.String
userNameOptional
  • Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public java.lang.String getUserName();
  • Type: java.lang.String

TerraformAssetConfig

Initializer 

import com.hashicorp.cdktf.TerraformAssetConfig;

TerraformAssetConfig.builder()
    .path(java.lang.String)
//  .assetHash(java.lang.String)
//  .type(AssetType)
    .build();

Properties

NameTypeDescription
pathjava.lang.StringNo description.
assetHashjava.lang.StringNo description.
typeAssetTypeNo description.
pathRequired 
public java.lang.String getPath();
  • Type: java.lang.String
assetHashOptional 
public java.lang.String getAssetHash();
  • Type: java.lang.String
typeOptional 
public AssetType getType();

TerraformCondition

Initializer 

import com.hashicorp.cdktf.TerraformCondition;

TerraformCondition.builder()
    .condition(java.lang.Object)
    .errorMessage(java.lang.String)
    .build();

Properties

NameTypeDescription
conditionjava.lang.ObjectThis is a boolean expression that should return true if the intended assumption or guarantee is fulfilled or false if it does not.
errorMessagejava.lang.StringThis contains the text that Terraform will include as part of error messages when it detects an unmet condition.
conditionRequired 
public java.lang.Object getCondition();
  • Type: java.lang.Object

This is a boolean expression that should return true if the intended assumption or guarantee is fulfilled or false if it does not.

errorMessageRequired 
public java.lang.String getErrorMessage();
  • Type: java.lang.String

This contains the text that Terraform will include as part of error messages when it detects an unmet condition.

TerraformConstructor

Initializer 

import com.hashicorp.cdktf.testing_matchers.TerraformConstructor;

TerraformConstructor.builder()
    .tfResourceType(java.lang.String)
    .build();

Properties

NameTypeDescription
tfResourceTypejava.lang.StringNo description.
tfResourceTypeRequired 
public java.lang.String getTfResourceType();
  • Type: java.lang.String

TerraformElementMetadata

Initializer 

import com.hashicorp.cdktf.TerraformElementMetadata;

TerraformElementMetadata.builder()
    .path(java.lang.String)
    .stackTrace(java.util.List< java.lang.String >)
    .uniqueId(java.lang.String)
    .build();

Properties

NameTypeDescription
pathjava.lang.StringNo description.
stackTracejava.util.List< java.lang.String >No description.
uniqueIdjava.lang.StringNo description.
pathRequired 
public java.lang.String getPath();
  • Type: java.lang.String
stackTraceRequired 
public java.util.List< java.lang.String > getStackTrace();
  • Type: java.util.List< java.lang.String >
uniqueIdRequired 
public java.lang.String getUniqueId();
  • Type: java.lang.String

TerraformHclModuleConfig

Initializer 

import com.hashicorp.cdktf.TerraformHclModuleConfig;

TerraformHclModuleConfig.builder()
//  .dependsOn(java.util.List< ITerraformDependable >)
//  .forEach(ITerraformIterator)
//  .providers(java.util.List<  TerraformProvider)
//  .providers(TerraformModuleProvider >)
//  .skipAssetCreationFromLocalModules(java.lang.Boolean)
    .source(java.lang.String)
//  .version(java.lang.String)
//  .variables(java.util.Map< java.lang.String, java.lang.Object >)
    .build();

Properties

NameTypeDescription
dependsOnjava.util.List< ITerraformDependable>No description.
forEachITerraformIteratorNo description.
providersjava.util.List< TerraformProvider OR TerraformModuleProvider>No description.
skipAssetCreationFromLocalModulesjava.lang.BooleanNo description.
sourcejava.lang.StringNo description.
versionjava.lang.StringNo description.
variablesjava.util.Map< java.lang.String, java.lang.Object >No description.
dependsOnOptional 
public java.util.List< ITerraformDependable > getDependsOn();
forEachOptional 
public ITerraformIterator getForEach();
providersOptional 
public java.lang.Object getProviders();
skipAssetCreationFromLocalModulesOptional 
public java.lang.Boolean getSkipAssetCreationFromLocalModules();
  • Type: java.lang.Boolean
sourceRequired 
public java.lang.String getSource();
  • Type: java.lang.String
versionOptional 
public java.lang.String getVersion();
  • Type: java.lang.String
variablesOptional 
public java.util.Map< java.lang.String, java.lang.Object > getVariables();
  • Type: java.util.Map< java.lang.String, java.lang.Object >

TerraformMetaArguments

Initializer 

import com.hashicorp.cdktf.TerraformMetaArguments;

TerraformMetaArguments.builder()
//  .connection(SSHProvisionerConnection)
//  .connection(WinrmProvisionerConnection)
//  .count(java.lang.Number)
//  .count(TerraformCount)
//  .dependsOn(java.util.List< ITerraformDependable >)
//  .forEach(ITerraformIterator)
//  .lifecycle(TerraformResourceLifecycle)
//  .provider(TerraformProvider)
//  .provisioners(java.util.List<  FileProvisioner)
//  .provisioners(LocalExecProvisioner)
//  .provisioners(RemoteExecProvisioner >)
    .build();

Properties

NameTypeDescription
connectionSSHProvisionerConnection OR WinrmProvisionerConnectionNo description.
countjava.lang.Number OR TerraformCountNo description.
dependsOnjava.util.List< ITerraformDependable>No description.
forEachITerraformIteratorNo description.
lifecycleTerraformResourceLifecycleNo description.
providerTerraformProviderNo description.
provisionersjava.util.List< FileProvisioner OR LocalExecProvisioner OR RemoteExecProvisioner>No description.
connectionOptional 
public java.lang.Object getConnection();
countOptional 
public java.lang.Object getCount();
dependsOnOptional 
public java.util.List< ITerraformDependable > getDependsOn();
forEachOptional 
public ITerraformIterator getForEach();
lifecycleOptional 
public TerraformResourceLifecycle getLifecycle();
providerOptional 
public TerraformProvider getProvider();
provisionersOptional 
public java.lang.Object getProvisioners();

TerraformModuleConfig

Initializer 

import com.hashicorp.cdktf.TerraformModuleConfig;

TerraformModuleConfig.builder()
//  .dependsOn(java.util.List< ITerraformDependable >)
//  .forEach(ITerraformIterator)
//  .providers(java.util.List<  TerraformProvider)
//  .providers(TerraformModuleProvider >)
//  .skipAssetCreationFromLocalModules(java.lang.Boolean)
    .source(java.lang.String)
//  .version(java.lang.String)
    .build();

Properties

NameTypeDescription
dependsOnjava.util.List< ITerraformDependable>No description.
forEachITerraformIteratorNo description.
providersjava.util.List< TerraformProvider OR TerraformModuleProvider>No description.
skipAssetCreationFromLocalModulesjava.lang.BooleanNo description.
sourcejava.lang.StringNo description.
versionjava.lang.StringNo description.
dependsOnOptional 
public java.util.List< ITerraformDependable > getDependsOn();
forEachOptional 
public ITerraformIterator getForEach();
providersOptional 
public java.lang.Object getProviders();
skipAssetCreationFromLocalModulesOptional 
public java.lang.Boolean getSkipAssetCreationFromLocalModules();
  • Type: java.lang.Boolean
sourceRequired 
public java.lang.String getSource();
  • Type: java.lang.String
versionOptional 
public java.lang.String getVersion();
  • Type: java.lang.String

TerraformModuleProvider

Initializer 

import com.hashicorp.cdktf.TerraformModuleProvider;

TerraformModuleProvider.builder()
    .moduleAlias(java.lang.String)
    .provider(TerraformProvider)
    .build();

Properties

NameTypeDescription
moduleAliasjava.lang.StringNo description.
providerTerraformProviderNo description.
moduleAliasRequired 
public java.lang.String getModuleAlias();
  • Type: java.lang.String
providerRequired 
public TerraformProvider getProvider();

TerraformModuleUserConfig

Initializer 

import com.hashicorp.cdktf.TerraformModuleUserConfig;

TerraformModuleUserConfig.builder()
//  .dependsOn(java.util.List< ITerraformDependable >)
//  .forEach(ITerraformIterator)
//  .providers(java.util.List<  TerraformProvider)
//  .providers(TerraformModuleProvider >)
//  .skipAssetCreationFromLocalModules(java.lang.Boolean)
    .build();

Properties

NameTypeDescription
dependsOnjava.util.List< ITerraformDependable>No description.
forEachITerraformIteratorNo description.
providersjava.util.List< TerraformProvider OR TerraformModuleProvider>No description.
skipAssetCreationFromLocalModulesjava.lang.BooleanNo description.
dependsOnOptional 
public java.util.List< ITerraformDependable > getDependsOn();
forEachOptional 
public ITerraformIterator getForEach();
providersOptional 
public java.lang.Object getProviders();
skipAssetCreationFromLocalModulesOptional 
public java.lang.Boolean getSkipAssetCreationFromLocalModules();
  • Type: java.lang.Boolean

TerraformOutputConfig

Initializer 

import com.hashicorp.cdktf.TerraformOutputConfig;

TerraformOutputConfig.builder()
    .value(java.lang.Object)
//  .dependsOn(java.util.List< ITerraformDependable >)
//  .description(java.lang.String)
//  .precondition(Precondition)
//  .sensitive(java.lang.Boolean)
//  .staticId(java.lang.Boolean)
    .build();

Properties

NameTypeDescription
valuejava.lang.ObjectNo description.
dependsOnjava.util.List< ITerraformDependable>No description.
descriptionjava.lang.StringNo description.
preconditionPreconditionNo description.
sensitivejava.lang.BooleanNo description.
staticIdjava.lang.BooleanIf set to true the synthesized Terraform Output will be named after the id passed to the constructor instead of the default (TerraformOutput.friendlyUniqueId).
valueRequired 
public java.lang.Object getValue();
  • Type: java.lang.Object
dependsOnOptional 
public java.util.List< ITerraformDependable > getDependsOn();
descriptionOptional 
public java.lang.String getDescription();
  • Type: java.lang.String
preconditionOptional 
public Precondition getPrecondition();
sensitiveOptional 
public java.lang.Boolean getSensitive();
  • Type: java.lang.Boolean
staticIdOptional 
public java.lang.Boolean getStaticId();
  • Type: java.lang.Boolean
  • Default: false

If set to true the synthesized Terraform Output will be named after the id passed to the constructor instead of the default (TerraformOutput.friendlyUniqueId).

TerraformProviderConfig

Initializer 

import com.hashicorp.cdktf.TerraformProviderConfig;

TerraformProviderConfig.builder()
    .terraformResourceType(java.lang.String)
//  .terraformGeneratorMetadata(TerraformProviderGeneratorMetadata)
//  .terraformProviderSource(java.lang.String)
    .build();

Properties

NameTypeDescription
terraformResourceTypejava.lang.StringNo description.
terraformGeneratorMetadataTerraformProviderGeneratorMetadataNo description.
terraformProviderSourcejava.lang.StringNo description.
terraformResourceTypeRequired 
public java.lang.String getTerraformResourceType();
  • Type: java.lang.String
terraformGeneratorMetadataOptional 
public TerraformProviderGeneratorMetadata getTerraformGeneratorMetadata();
terraformProviderSourceOptional 
public java.lang.String getTerraformProviderSource();
  • Type: java.lang.String

TerraformProviderGeneratorMetadata

Initializer 

import com.hashicorp.cdktf.TerraformProviderGeneratorMetadata;

TerraformProviderGeneratorMetadata.builder()
    .providerName(java.lang.String)
//  .providerVersion(java.lang.String)
//  .providerVersionConstraint(java.lang.String)
    .build();

Properties

NameTypeDescription
providerNamejava.lang.StringNo description.
providerVersionjava.lang.StringNo description.
providerVersionConstraintjava.lang.StringNo description.
providerNameRequired 
public java.lang.String getProviderName();
  • Type: java.lang.String
providerVersionOptional 
public java.lang.String getProviderVersion();
  • Type: java.lang.String
providerVersionConstraintOptional 
public java.lang.String getProviderVersionConstraint();
  • Type: java.lang.String

TerraformResourceConfig

Initializer 

import com.hashicorp.cdktf.TerraformResourceConfig;

TerraformResourceConfig.builder()
//  .connection(SSHProvisionerConnection)
//  .connection(WinrmProvisionerConnection)
//  .count(java.lang.Number)
//  .count(TerraformCount)
//  .dependsOn(java.util.List< ITerraformDependable >)
//  .forEach(ITerraformIterator)
//  .lifecycle(TerraformResourceLifecycle)
//  .provider(TerraformProvider)
//  .provisioners(java.util.List<  FileProvisioner)
//  .provisioners(LocalExecProvisioner)
//  .provisioners(RemoteExecProvisioner >)
    .terraformResourceType(java.lang.String)
//  .terraformGeneratorMetadata(TerraformProviderGeneratorMetadata)
    .build();

Properties

NameTypeDescription
connectionSSHProvisionerConnection OR WinrmProvisionerConnectionNo description.
countjava.lang.Number OR TerraformCountNo description.
dependsOnjava.util.List< ITerraformDependable>No description.
forEachITerraformIteratorNo description.
lifecycleTerraformResourceLifecycleNo description.
providerTerraformProviderNo description.
provisionersjava.util.List< FileProvisioner OR LocalExecProvisioner OR RemoteExecProvisioner>No description.
terraformResourceTypejava.lang.StringNo description.
terraformGeneratorMetadataTerraformProviderGeneratorMetadataNo description.
connectionOptional 
public java.lang.Object getConnection();
countOptional 
public java.lang.Object getCount();
dependsOnOptional 
public java.util.List< ITerraformDependable > getDependsOn();
forEachOptional 
public ITerraformIterator getForEach();
lifecycleOptional 
public TerraformResourceLifecycle getLifecycle();
providerOptional 
public TerraformProvider getProvider();
provisionersOptional 
public java.lang.Object getProvisioners();
terraformResourceTypeRequired 
public java.lang.String getTerraformResourceType();
  • Type: java.lang.String
terraformGeneratorMetadataOptional 
public TerraformProviderGeneratorMetadata getTerraformGeneratorMetadata();

TerraformResourceImport

Initializer 

import com.hashicorp.cdktf.TerraformResourceImport;

TerraformResourceImport.builder()
    .id(java.lang.String)
//  .provider(TerraformProvider)
    .build();

Properties

NameTypeDescription
idjava.lang.StringNo description.
providerTerraformProviderNo description.
idRequired 
public java.lang.String getId();
  • Type: java.lang.String
providerOptional 
public TerraformProvider getProvider();

TerraformResourceLifecycle

Initializer 

import com.hashicorp.cdktf.TerraformResourceLifecycle;

TerraformResourceLifecycle.builder()
//  .createBeforeDestroy(java.lang.Boolean)
//  .ignoreChanges(java.util.List< java.lang.String >)
//  .ignoreChanges(java.lang.String)
//  .postcondition(java.util.List< Postcondition >)
//  .precondition(java.util.List< Precondition >)
//  .preventDestroy(java.lang.Boolean)
//  .replaceTriggeredBy(java.util.List<  java.lang.String)
//  .replaceTriggeredBy(ITerraformDependable >)
    .build();

Properties

NameTypeDescription
createBeforeDestroyjava.lang.BooleanNo description.
ignoreChangesjava.util.List< java.lang.String > OR java.lang.StringNo description.
postconditionjava.util.List< Postcondition>No description.
preconditionjava.util.List< Precondition>No description.
preventDestroyjava.lang.BooleanNo description.
replaceTriggeredByjava.util.List< java.lang.String OR ITerraformDependable>No description.
createBeforeDestroyOptional 
public java.lang.Boolean getCreateBeforeDestroy();
  • Type: java.lang.Boolean
ignoreChangesOptional 
public java.lang.Object getIgnoreChanges();
  • Type: java.util.List< java.lang.String > OR java.lang.String
postconditionOptional 
public java.util.List< Postcondition > getPostcondition();
preconditionOptional 
public java.util.List< Precondition > getPrecondition();
preventDestroyOptional 
public java.lang.Boolean getPreventDestroy();
  • Type: java.lang.Boolean
replaceTriggeredByOptional 
public java.lang.Object getReplaceTriggeredBy();

TerraformResourceMoveById

Initializer 

import com.hashicorp.cdktf.TerraformResourceMoveById;

TerraformResourceMoveById.builder()
    .from(java.lang.String)
    .to(java.lang.String)
    .build();

Properties

NameTypeDescription
fromjava.lang.StringNo description.
tojava.lang.StringNo description.
fromRequired 
public java.lang.String getFrom();
  • Type: java.lang.String
toRequired 
public java.lang.String getTo();
  • Type: java.lang.String

TerraformResourceMoveByTarget

Initializer 

import com.hashicorp.cdktf.TerraformResourceMoveByTarget;

TerraformResourceMoveByTarget.builder()
    .moveTarget(java.lang.String)
//  .index(java.lang.String)
//  .index(java.lang.Number)
    .build();

Properties

NameTypeDescription
moveTargetjava.lang.StringNo description.
indexjava.lang.String OR java.lang.NumberNo description.
moveTargetRequired 
public java.lang.String getMoveTarget();
  • Type: java.lang.String
indexOptional 
public java.lang.Object getIndex();
  • Type: java.lang.String OR java.lang.Number

TerraformStackMetadata

Initializer 

import com.hashicorp.cdktf.TerraformStackMetadata;

TerraformStackMetadata.builder()
    .backend(java.lang.String)
    .stackName(java.lang.String)
    .version(java.lang.String)
//  .cloud(java.lang.String)
    .build();

Properties

NameTypeDescription
backendjava.lang.StringNo description.
stackNamejava.lang.StringNo description.
versionjava.lang.StringNo description.
cloudjava.lang.StringNo description.
backendRequired 
public java.lang.String getBackend();
  • Type: java.lang.String
stackNameRequired 
public java.lang.String getStackName();
  • Type: java.lang.String
versionRequired 
public java.lang.String getVersion();
  • Type: java.lang.String
cloudOptional 
public java.lang.String getCloud();
  • Type: java.lang.String

TerraformVariableConfig

Initializer 

import com.hashicorp.cdktf.TerraformVariableConfig;

TerraformVariableConfig.builder()
//  .default(java.lang.Object)
//  .description(java.lang.String)
//  .nullable(java.lang.Boolean)
//  .sensitive(java.lang.Boolean)
//  .type(java.lang.String)
//  .validation(java.util.List< TerraformVariableValidationConfig >)
    .build();

Properties

NameTypeDescription
defaultjava.lang.ObjectNo description.
descriptionjava.lang.StringNo description.
nullablejava.lang.BooleanNo description.
sensitivejava.lang.BooleanNo description.
typejava.lang.StringThe type argument in a variable block allows you to restrict the type of value that will be accepted as the value for a variable.
validationjava.util.List< TerraformVariableValidationConfig>Specify arbitrary custom validation rules for a particular variable using a validation block nested within the corresponding variable block.
defaultOptional 
public java.lang.Object getDefault();
  • Type: java.lang.Object
descriptionOptional 
public java.lang.String getDescription();
  • Type: java.lang.String
nullableOptional 
public java.lang.Boolean getNullable();
  • Type: java.lang.Boolean
sensitiveOptional 
public java.lang.Boolean getSensitive();
  • Type: java.lang.Boolean
typeOptional 
public java.lang.String getType();
  • Type: java.lang.String

The type argument in a variable block allows you to restrict the type of value that will be accepted as the value for a variable.

If no type constraint is set then a value of any type is accepted.

While type constraints are optional, we recommend specifying them; they serve as easy reminders for users of the module, and allow Terraform to return a helpful error message if the wrong type is used.

Type constraints are created from a mixture of type keywords and type constructors. The supported type keywords are:

  • string
  • number
  • bool

The type constructors allow you to specify complex types such as collections:

  • list(< TYPE >)
  • set(< TYPE >)
  • map(< TYPE >)
  • object({< ATTR NAME > = < TYPE >, ... })
  • tuple([< TYPE >, ...])

The keyword any may be used to indicate that any type is acceptable. For more information on the meaning and behavior of these different types, as well as detailed information about automatic conversion of complex types, refer to {@link https://developer.hashicorp.com/terraform/language/expressions/type-constraints Type Constraints}.

If both the type and default arguments are specified, the given default value must be convertible to the specified type.

validationOptional 
public java.util.List< TerraformVariableValidationConfig > getValidation();

Specify arbitrary custom validation rules for a particular variable using a validation block nested within the corresponding variable block.

TerraformVariableValidationConfig

Add one or more validation blocks within the variable block to specify custom conditions.

Initializer 

import com.hashicorp.cdktf.TerraformVariableValidationConfig;

TerraformVariableValidationConfig.builder()
    .condition(java.lang.Object)
    .errorMessage(java.lang.String)
    .build();

Properties

NameTypeDescription
conditionjava.lang.ObjectThis is a boolean expression that should return true if the intended assumption or guarantee is fulfilled or false if it does not.
errorMessagejava.lang.StringThis contains the text that Terraform will include as part of error messages when it detects an unmet condition.
conditionRequired 
public java.lang.Object getCondition();
  • Type: java.lang.Object

This is a boolean expression that should return true if the intended assumption or guarantee is fulfilled or false if it does not.

errorMessageRequired 
public java.lang.String getErrorMessage();
  • Type: java.lang.String

This contains the text that Terraform will include as part of error messages when it detects an unmet condition.

TestingAppConfig

Initializer 

import com.hashicorp.cdktf.TestingAppConfig;

TestingAppConfig.builder()
//  .context(java.util.Map< java.lang.String, java.lang.Object >)
//  .enableFutureFlags(java.lang.Boolean)
//  .fakeCdktfJsonPath(java.lang.Boolean)
//  .outdir(java.lang.String)
//  .stackTraces(java.lang.Boolean)
//  .stubVersion(java.lang.Boolean)
    .build();

Properties

NameTypeDescription
contextjava.util.Map< java.lang.String, java.lang.Object >No description.
enableFutureFlagsjava.lang.BooleanNo description.
fakeCdktfJsonPathjava.lang.BooleanNo description.
outdirjava.lang.StringNo description.
stackTracesjava.lang.BooleanNo description.
stubVersionjava.lang.BooleanNo description.
contextOptional 
public java.util.Map< java.lang.String, java.lang.Object > getContext();
  • Type: java.util.Map< java.lang.String, java.lang.Object >
enableFutureFlagsOptional 
public java.lang.Boolean getEnableFutureFlags();
  • Type: java.lang.Boolean
fakeCdktfJsonPathOptional 
public java.lang.Boolean getFakeCdktfJsonPath();
  • Type: java.lang.Boolean
outdirOptional 
public java.lang.String getOutdir();
  • Type: java.lang.String
stackTracesOptional 
public java.lang.Boolean getStackTraces();
  • Type: java.lang.Boolean
stubVersionOptional 
public java.lang.Boolean getStubVersion();
  • Type: java.lang.Boolean

WinrmProvisionerConnection

Most provisioners require access to the remote resource via SSH or WinRM and expect a nested connection block with details about how to connect.

See {@link https://developer.hashicorp.com/terraform/language/resources/provisioners/connection connection}

Initializer 

import com.hashicorp.cdktf.WinrmProvisionerConnection;

WinrmProvisionerConnection.builder()
    .host(java.lang.String)
    .type(java.lang.String)
//  .cacert(java.lang.String)
//  .https(java.lang.Boolean)
//  .insecure(java.lang.Boolean)
//  .password(java.lang.String)
//  .port(java.lang.Number)
//  .scriptPath(java.lang.String)
//  .timeout(java.lang.String)
//  .useNtlm(java.lang.Boolean)
//  .user(java.lang.String)
    .build();

Properties

NameTypeDescription
hostjava.lang.StringThe address of the resource to connect to.
typejava.lang.StringThe connection type.
cacertjava.lang.StringThe CA certificate to validate against.
httpsjava.lang.BooleanSet to true to connect using HTTPS instead of HTTP.
insecurejava.lang.BooleanSet to true to skip validating the HTTPS certificate chain.
passwordjava.lang.StringThe password to use for the connection.
portjava.lang.NumberThe port to connect to.
scriptPathjava.lang.StringThe path used to copy scripts meant for remote execution.
timeoutjava.lang.StringThe timeout to wait for the connection to become available.
useNtlmjava.lang.BooleanSet to true to use NTLM authentication rather than default (basic authentication), removing the requirement for basic authentication to be enabled within the target guest.
userjava.lang.StringThe user to use for the connection.
hostRequired 
public java.lang.String getHost();
  • Type: java.lang.String

The address of the resource to connect to.

typeRequired 
public java.lang.String getType();
  • Type: java.lang.String

The connection type.

Valid values are "ssh" and "winrm". Provisioners typically assume that the remote system runs Microsoft Windows when using WinRM. Behaviors based on the SSH target_platform will force Windows-specific behavior for WinRM, unless otherwise specified.

cacertOptional 
public java.lang.String getCacert();
  • Type: java.lang.String

The CA certificate to validate against.

httpsOptional 
public java.lang.Boolean getHttps();
  • Type: java.lang.Boolean

Set to true to connect using HTTPS instead of HTTP.

insecureOptional 
public java.lang.Boolean getInsecure();
  • Type: java.lang.Boolean

Set to true to skip validating the HTTPS certificate chain.

passwordOptional 
public java.lang.String getPassword();
  • Type: java.lang.String

The password to use for the connection.

portOptional 
public java.lang.Number getPort();
  • Type: java.lang.Number
  • Default: 22

The port to connect to.

scriptPathOptional 
public java.lang.String getScriptPath();
  • Type: java.lang.String

The path used to copy scripts meant for remote execution.

Refer to {@link https://developer.hashicorp.com/terraform/language/resources/provisioners/connection#how-provisioners-execute-remote-scripts How Provisioners Execute Remote Scripts below for more details}

timeoutOptional 
public java.lang.String getTimeout();
  • Type: java.lang.String
  • Default: 5m

The timeout to wait for the connection to become available.

Should be provided as a string (e.g., "30s" or "5m".)

useNtlmOptional 
public java.lang.Boolean getUseNtlm();
  • Type: java.lang.Boolean

Set to true to use NTLM authentication rather than default (basic authentication), removing the requirement for basic authentication to be enabled within the target guest.

Refer to Authentication for Remote Connections in the Windows App Development documentation for more details.

userOptional 
public java.lang.String getUser();
  • Type: java.lang.String
  • Default: root

The user to use for the connection.

Edit this page on GitHub