Terraform
Python: Structs
AppConfig
Initializer
import cdktf
cdktf.AppConfig(
context: typing.Mapping[typing.Any] = None,
hcl_output: bool = None,
outdir: str = None,
skip_backend_validation: bool = None,
skip_validation: bool = None,
stack_traces: bool = None
)
Properties
Name | Type | Description |
---|---|---|
context | typing.Mapping[typing.Any] | Additional context values for the application. |
hcl_output | bool | No description. |
outdir | str | The directory to output Terraform resources. |
skip_backend_validation | bool | Whether to skip backend validation during synthesis of the app. |
skip_validation | bool | Whether to skip all validations during synthesis of the app. |
stack_traces | bool | No description. |
context
Optional
context: typing.Mapping[typing.Any]
- Type: typing.Mapping[typing.Any]
- Default: no additional context
Additional context values for the application.
Context set by the CLI or the context
key in cdktf.json
has precedence.
Context can be read from any construct using node.getContext(key)
.
hcl_output
Optional
hcl_output: bool
- Type: bool
outdir
Optional
outdir: str
- Type: str
- Default: CDKTF_OUTDIR if defined, otherwise "cdktf.out"
The directory to output Terraform resources.
If you are using the CDKTF CLI, this value is automatically set from one of the following three sources:
- The
-o
/--output
CLI option - The
CDKTF_OUTDIR
environment variable - The
outdir
key incdktf.json
If you are using the CDKTF CLI and want to set a different value here, you will also need to set the same value via one of the three ways specified above.
The most common case to set this value is when you are using the CDKTF library directly (e.g. when writing unit tests).
skip_backend_validation
Optional
skip_backend_validation: bool
- Type: bool
- Default: false
Whether to skip backend validation during synthesis of the app.
skip_validation
Optional
skip_validation: bool
- Type: bool
- Default: false
Whether to skip all validations during synthesis of the app.
stack_traces
Optional
stack_traces: bool
- Type: bool
AzurermBackendConfig
Stores the state as a Blob with the given Key within the Blob Container within the Blob Storage Account.
This backend supports state locking and consistency checking with Azure Blob Storage native capabilities.
Note: By default the Azure Backend uses ADAL for authentication which is deprecated in favour of MSAL - MSAL can be used by setting use_microsoft_graph to true. The default for this will change in Terraform 1.2, so that MSAL authentication is used by default.
Read more about this backend in the Terraform docs: https://developer.hashicorp.com/terraform/language/settings/backends/azurerm
Initializer
import cdktf
cdktf.AzurermBackendConfig(
container_name: str,
key: str,
storage_account_name: str,
access_key: str = None,
client_certificate_password: str = None,
client_certificate_path: str = None,
client_id: str = None,
client_secret: str = None,
endpoint: str = None,
environment: str = None,
metadata_host: str = None,
msi_endpoint: str = None,
oidc_request_token: str = None,
oidc_request_url: str = None,
oidc_token: str = None,
oidc_token_file_path: str = None,
resource_group_name: str = None,
sas_token: str = None,
snapshot: bool = None,
subscription_id: str = None,
tenant_id: str = None,
use_azuread_auth: bool = None,
use_microsoft_graph: bool = None,
use_msi: bool = None,
use_oidc: bool = None
)
Properties
Name | Type | Description |
---|---|---|
container_name | str | (Required) The Name of the Storage Container within the Storage Account. |
key | str | (Required) The name of the Blob used to retrieve/store Terraform's State file inside the Storage Container. |
storage_account_name | str | (Required) The Name of the Storage Account. |
access_key | str | access_key - (Optional) The Access Key used to access the Blob Storage Account. |
client_certificate_password | str | (Optional) The password associated with the Client Certificate specified in client_certificate_path. |
client_certificate_path | str | (Optional) The path to the PFX file used as the Client Certificate when authenticating as a Service Principal. |
client_id | str | (Optional) The Client ID of the Service Principal. |
client_secret | str | (Optional) The Client Secret of the Service Principal. |
endpoint | str | (Optional) The Custom Endpoint for Azure Resource Manager. This can also be sourced from the ARM_ENDPOINT environment variable. |
environment | str | (Optional) The Azure Environment which should be used. |
metadata_host | str | (Optional) The Hostname of the Azure Metadata Service (for example management.azure.com), used to obtain the Cloud Environment when using a Custom Azure Environment. This can also be sourced from the ARM_METADATA_HOSTNAME Environment Variable.). |
msi_endpoint | str | (Optional) The path to a custom Managed Service Identity endpoint which is automatically determined if not specified. |
oidc_request_token | str | (Optional) The bearer token for the request to the OIDC provider. |
oidc_request_url | str | (Optional) The URL for the OIDC provider from which to request an ID token. |
oidc_token | str | (Optional) The ID token when authenticating using OpenID Connect (OIDC). |
oidc_token_file_path | str | (Optional) The path to a file containing an ID token when authenticating using OpenID Connect (OIDC). |
resource_group_name | str | (Required) The Name of the Resource Group in which the Storage Account exists. |
sas_token | str | (Optional) The SAS Token used to access the Blob Storage Account. |
snapshot | bool | (Optional) Should the Blob used to store the Terraform Statefile be snapshotted before use? |
subscription_id | str | (Optional) The Subscription ID in which the Storage Account exists. |
tenant_id | str | (Optional) The Tenant ID in which the Subscription exists. |
use_azuread_auth | bool | (Optional) Should AzureAD Authentication be used to access the Blob Storage Account. |
use_microsoft_graph | bool | (Optional) Should MSAL be used for authentication instead of ADAL, and should Microsoft Graph be used instead of Azure Active Directory Graph? |
use_msi | bool | (Optional) Should Managed Service Identity authentication be used? |
use_oidc | bool | (Optional) Should OIDC authentication be used? This can also be sourced from the ARM_USE_OIDC environment variable. |
container_name
Required
container_name: str
- Type: str
(Required) The Name of the Storage Container within the Storage Account.
key
Required
key: str
- Type: str
(Required) The name of the Blob used to retrieve/store Terraform's State file inside the Storage Container.
storage_account_name
Required
storage_account_name: str
- Type: str
(Required) The Name of the Storage Account.
access_key
Optional
access_key: str
- Type: str
access_key - (Optional) The Access Key used to access the Blob Storage Account.
This can also be sourced from the ARM_ACCESS_KEY environment variable.
client_certificate_password
Optional
client_certificate_password: str
- Type: str
(Optional) The password associated with the Client Certificate specified in client_certificate_path.
This can also be sourced from the ARM_CLIENT_CERTIFICATE_PASSWORD environment variable.
client_certificate_path
Optional
client_certificate_path: str
- Type: str
(Optional) The path to the PFX file used as the Client Certificate when authenticating as a Service Principal.
This can also be sourced from the ARM_CLIENT_CERTIFICATE_PATH environment variable.
client_id
Optional
client_id: str
- Type: str
(Optional) The Client ID of the Service Principal.
This can also be sourced from the ARM_CLIENT_ID environment variable.
client_secret
Optional
client_secret: str
- Type: str
(Optional) The Client Secret of the Service Principal.
This can also be sourced from the ARM_CLIENT_SECRET environment variable.
endpoint
Optional
endpoint: str
- Type: str
(Optional) The Custom Endpoint for Azure Resource Manager. This can also be sourced from the ARM_ENDPOINT environment variable.
NOTE: An endpoint should only be configured when using Azure Stack.
environment
Optional
environment: str
- Type: str
(Optional) The Azure Environment which should be used.
This can also be sourced from the ARM_ENVIRONMENT environment variable. Possible values are public, china, german, stack and usgovernment. Defaults to public.
metadata_host
Optional
metadata_host: str
- Type: str
(Optional) The Hostname of the Azure Metadata Service (for example management.azure.com), used to obtain the Cloud Environment when using a Custom Azure Environment. This can also be sourced from the ARM_METADATA_HOSTNAME Environment Variable.).
msi_endpoint
Optional
msi_endpoint: str
- Type: str
(Optional) The path to a custom Managed Service Identity endpoint which is automatically determined if not specified.
This can also be sourced from the ARM_MSI_ENDPOINT environment variable.
oidc_request_token
Optional
oidc_request_token: str
- Type: str
(Optional) The bearer token for the request to the OIDC provider.
This can also be sourced from the ARM_OIDC_REQUEST_TOKEN or ACTIONS_ID_TOKEN_REQUEST_TOKEN environment variables.
oidc_request_url
Optional
oidc_request_url: str
- Type: str
(Optional) The URL for the OIDC provider from which to request an ID token.
This can also be sourced from the ARM_OIDC_REQUEST_URL or ACTIONS_ID_TOKEN_REQUEST_URL environment variables.
oidc_token
Optional
oidc_token: str
- Type: str
(Optional) The ID token when authenticating using OpenID Connect (OIDC).
This can also be sourced from the ARM_OIDC_TOKEN environment variable.
oidc_token_file_path
Optional
oidc_token_file_path: str
- Type: str
(Optional) The path to a file containing an ID token when authenticating using OpenID Connect (OIDC).
This can also be sourced from the ARM_OIDC_TOKEN_FILE_PATH environment variable.
resource_group_name
Optional
resource_group_name: str
- Type: str
(Required) The Name of the Resource Group in which the Storage Account exists.
sas_token
Optional
sas_token: str
- Type: str
(Optional) The SAS Token used to access the Blob Storage Account.
This can also be sourced from the ARM_SAS_TOKEN environment variable.
snapshot
Optional
snapshot: bool
- Type: bool
(Optional) Should the Blob used to store the Terraform Statefile be snapshotted before use?
Defaults to false. This value can also be sourced from the ARM_SNAPSHOT environment variable.
subscription_id
Optional
subscription_id: str
- Type: str
(Optional) The Subscription ID in which the Storage Account exists.
This can also be sourced from the ARM_SUBSCRIPTION_ID environment variable.
tenant_id
Optional
tenant_id: str
- Type: str
(Optional) The Tenant ID in which the Subscription exists.
This can also be sourced from the ARM_TENANT_ID environment variable.
use_azuread_auth
Optional
use_azuread_auth: bool
- Type: bool
(Optional) Should AzureAD Authentication be used to access the Blob Storage Account.
This can also be sourced from the ARM_USE_AZUREAD environment variable.
Note: When using AzureAD for Authentication to Storage you also need to ensure the Storage Blob Data Owner role is assigned.
use_microsoft_graph
Optional
use_microsoft_graph: bool
- Type: bool
(Optional) Should MSAL be used for authentication instead of ADAL, and should Microsoft Graph be used instead of Azure Active Directory Graph?
Defaults to true.
Note: In Terraform 1.2 the Azure Backend uses MSAL (and Microsoft Graph) rather than ADAL (and Azure Active Directory Graph) for authentication by default - you can disable this by setting use_microsoft_graph to false. This setting will be removed in Terraform 1.3, due to Microsoft's deprecation of ADAL.
use_msi
Optional
use_msi: bool
- Type: bool
(Optional) Should Managed Service Identity authentication be used?
This can also be sourced from the ARM_USE_MSI environment variable.
use_oidc
Optional
use_oidc: bool
- Type: bool
(Optional) Should OIDC authentication be used? This can also be sourced from the ARM_USE_OIDC environment variable.
Note: When using OIDC for authentication, use_microsoft_graph must be set to true (which is the default).
CloudBackendConfig
The Cloud Backend synthesizes a {@link https://developer.hashicorp.com/terraform/cli/cloud/settings#the-cloud-block cloud block}. The cloud block is a nested block within the top-level terraform settings block. It specifies which Terraform Cloud workspaces to use for the current working directory. The cloud block only affects Terraform CLI's behavior. When Terraform Cloud uses a configuration that contains a cloud block - for example, when a workspace is configured to use a VCS provider directly - it ignores the block and behaves according to its own workspace settings.
https://developer.hashicorp.com/terraform/cli/cloud/settings#arguments
Initializer
import cdktf
cdktf.CloudBackendConfig(
organization: str,
workspaces: typing.Union[NamedCloudWorkspace, TaggedCloudWorkspaces],
hostname: str = None,
token: str = None
)
Properties
Name | Type | Description |
---|---|---|
organization | str | The name of the organization containing the workspace(s) the current configuration should use. |
workspaces | typing.Union[NamedCloudWorkspace, TaggedCloudWorkspaces] | A nested block that specifies which remote Terraform Cloud workspaces to use for the current configuration. |
hostname | str | The hostname of a Terraform Enterprise installation, if using Terraform Enterprise. |
token | str | The token used to authenticate with Terraform Cloud. |
organization
Required
organization: str
- Type: str
The name of the organization containing the workspace(s) the current configuration should use.
workspaces
Required
workspaces: typing.Union[NamedCloudWorkspace, TaggedCloudWorkspaces]
- Type: typing.Union[NamedCloudWorkspace, TaggedCloudWorkspaces]
A nested block that specifies which remote Terraform Cloud workspaces to use for the current configuration.
The workspaces block must contain exactly one of the following arguments, each denoting a strategy for how workspaces should be mapped:
hostname
Optional
hostname: str
- Type: str
- Default: app.terraform.io
The hostname of a Terraform Enterprise installation, if using Terraform Enterprise.
token
Optional
token: str
- Type: str
The token used to authenticate with Terraform Cloud.
We recommend omitting the token from the configuration, and instead using terraform login or manually configuring credentials in the CLI config file.
ConsulBackendConfig
Stores the state in the Consul KV store at a given path. This backend supports state locking.
Read more about this backend in the Terraform docs: https://developer.hashicorp.com/terraform/language/settings/backends/consul
Initializer
import cdktf
cdktf.ConsulBackendConfig(
access_token: str,
path: str,
address: str = None,
ca_file: str = None,
cert_file: str = None,
datacenter: str = None,
gzip: bool = None,
http_auth: str = None,
key_file: str = None,
lock: bool = None,
scheme: str = None
)
Properties
Name | Type | Description |
---|---|---|
access_token | str | (Required) Access token. |
path | str | (Required) Path in the Consul KV store. |
address | str | (Optional) DNS name and port of your Consul endpoint specified in the format dnsname:port. |
ca_file | str | (Optional) A path to a PEM-encoded certificate authority used to verify the remote agent's certificate. |
cert_file | str | (Optional) A path to a PEM-encoded certificate provided to the remote agent; |
datacenter | str | (Optional) The datacenter to use. |
gzip | bool | (Optional) true to compress the state data using gzip, or false (the default) to leave it uncompressed. |
http_auth | str | (Optional) HTTP Basic Authentication credentials to be used when communicating with Consul, in the format of either user or user:pass. |
key_file | str | (Optional) A path to a PEM-encoded private key, required if cert_file is specified. |
lock | bool | (Optional) false to disable locking. |
scheme | str | (Optional) Specifies what protocol to use when talking to the given address,either http or https. |
access_token
Required
access_token: str
- Type: str
(Required) Access token.
path
Required
path: str
- Type: str
(Required) Path in the Consul KV store.
address
Optional
address: str
- Type: str
(Optional) DNS name and port of your Consul endpoint specified in the format dnsname:port.
Defaults to the local agent HTTP listener.
ca_file
Optional
ca_file: str
- Type: str
(Optional) A path to a PEM-encoded certificate authority used to verify the remote agent's certificate.
cert_file
Optional
cert_file: str
- Type: str
(Optional) A path to a PEM-encoded certificate provided to the remote agent;
requires use of key_file.
datacenter
Optional
datacenter: str
- Type: str
(Optional) The datacenter to use.
Defaults to that of the agent.
gzip
Optional
gzip: bool
- Type: bool
(Optional) true to compress the state data using gzip, or false (the default) to leave it uncompressed.
http_auth
Optional
http_auth: str
- Type: str
(Optional) HTTP Basic Authentication credentials to be used when communicating with Consul, in the format of either user or user:pass.
key_file
Optional
key_file: str
- Type: str
(Optional) A path to a PEM-encoded private key, required if cert_file is specified.
lock
Optional
lock: bool
- Type: bool
(Optional) false to disable locking.
This defaults to true, but will require session permissions with Consul and at least kv write permissions on $path/.lock to perform locking.
scheme
Optional
scheme: str
- Type: str
(Optional) Specifies what protocol to use when talking to the given address,either http or https.
SSL support can also be triggered by setting then environment variable CONSUL_HTTP_SSL to true.
CosBackendAssumeRole
Initializer
import cdktf
cdktf.CosBackendAssumeRole(
role_arn: str,
session_duration: typing.Union[int, float],
session_name: str,
policy: typing.Any = None
)
Properties
Name | Type | Description |
---|---|---|
role_arn | str | (Required) The ARN of the role to assume. |
session_duration | typing.Union[int, float] | (Required) The duration of the session when making the AssumeRole call. |
session_name | str | (Required) The session name to use when making the AssumeRole call. |
policy | typing.Any | (Optional) A more restrictive policy when making the AssumeRole call. |
role_arn
Required
role_arn: str
- Type: str
(Required) The ARN of the role to assume.
It can be sourced from the TENCENTCLOUD_ASSUME_ROLE_ARN.
session_duration
Required
session_duration: typing.Union[int, float]
- Type: typing.Union[int, float]
(Required) The duration of the session when making the AssumeRole call.
Its value ranges from 0 to 43200(seconds), and default is 7200 seconds. It can be sourced from the TENCENTCLOUD_ASSUME_ROLE_SESSION_DURATION.
session_name
Required
session_name: str
- Type: str
(Required) The session name to use when making the AssumeRole call.
It can be sourced from the TENCENTCLOUD_ASSUME_ROLE_SESSION_NAME.
policy
Optional
policy: typing.Any
- Type: typing.Any
(Optional) A more restrictive policy when making the AssumeRole call.
Its content must not contains principal elements. Please refer to {@link https://www.tencentcloud.com/document/product/598/10603 policies syntax logic}.
CosBackendConfig
Stores the state as an object in a configurable prefix in a given bucket on Tencent Cloud Object Storage (COS).
This backend supports state locking.
Warning! It is highly recommended that you enable Object Versioning on the COS bucket to allow for state recovery in the case of accidental deletions and human error.
Read more about this backend in the Terraform docs: https://developer.hashicorp.com/terraform/language/settings/backends/cos
Initializer
import cdktf
cdktf.CosBackendConfig(
bucket: str,
accelerate: bool = None,
acl: str = None,
assume_role: CosBackendAssumeRole = None,
domain: str = None,
encrypt: bool = None,
endpoint: str = None,
key: str = None,
prefix: str = None,
region: str = None,
secret_id: str = None,
secret_key: str = None,
security_token: str = None
)
Properties
Name | Type | Description |
---|---|---|
bucket | str | (Required) The name of the COS bucket. |
accelerate | bool | (Optional) Whether to enable global Acceleration. |
acl | str | (Optional) Object ACL to be applied to the state file, allows private and public-read. |
assume_role | CosBackendAssumeRole | (Optional) The assume_role block. |
domain | str | (Optional) The root domain of the API request. |
encrypt | bool | (Optional) Whether to enable server side encryption of the state file. |
endpoint | str | (Optional) The Custom Endpoint for the COS backend. |
key | str | (Optional) The path for saving the state file in bucket. |
prefix | str | (Optional) The directory for saving the state file in bucket. |
region | str | (Optional) The region of the COS bucket. |
secret_id | str | (Optional) Secret id of Tencent Cloud. |
secret_key | str | (Optional) Secret key of Tencent Cloud. |
security_token | str | (Optional) TencentCloud Security Token of temporary access credentials. |
bucket
Required
bucket: str
- Type: str
(Required) The name of the COS bucket.
You shall manually create it first.
accelerate
Optional
accelerate: bool
- Type: bool
(Optional) Whether to enable global Acceleration.
Defaults to false.
acl
Optional
acl: str
- Type: str
(Optional) Object ACL to be applied to the state file, allows private and public-read.
Defaults to private.
assume_role
Optional
assume_role: CosBackendAssumeRole
- Type: CosBackendAssumeRole
(Optional) The assume_role block.
If provided, terraform will attempt to assume this role using the supplied credentials.
domain
Optional
domain: str
- Type: str
(Optional) The root domain of the API request.
Defaults to tencentcloudapi.com. It supports the environment variable TENCENTCLOUD_DOMAIN.
encrypt
Optional
encrypt: bool
- Type: bool
(Optional) Whether to enable server side encryption of the state file.
If it is true, COS will use 'AES256' encryption algorithm to encrypt state file.
endpoint
Optional
endpoint: str
- Type: str
(Optional) The Custom Endpoint for the COS backend.
It supports the environment variable TENCENTCLOUD_ENDPOINT.
key
Optional
key: str
- Type: str
(Optional) The path for saving the state file in bucket.
Defaults to terraform.tfstate.
prefix
Optional
prefix: str
- Type: str
(Optional) The directory for saving the state file in bucket.
Default to "env:".
region
Optional
region: str
- Type: str
(Optional) The region of the COS bucket.
It supports environment variables TENCENTCLOUD_REGION.
secret_id
Optional
secret_id: str
- Type: str
(Optional) Secret id of Tencent Cloud.
It supports environment variables TENCENTCLOUD_SECRET_ID.
secret_key
Optional
secret_key: str
- Type: str
(Optional) Secret key of Tencent Cloud.
It supports environment variables TENCENTCLOUD_SECRET_KEY.
security_token
Optional
security_token: str
- Type: str
(Optional) TencentCloud Security Token of temporary access credentials.
It supports environment variables TENCENTCLOUD_SECURITY_TOKEN.
DataConfig
Initializer
import cdktf
cdktf.DataConfig(
connection: typing.Union[SSHProvisionerConnection, WinrmProvisionerConnection] = None,
count: typing.Union[typing.Union[int, float], TerraformCount] = None,
depends_on: typing.List[ITerraformDependable] = None,
for_each: ITerraformIterator = None,
lifecycle: TerraformResourceLifecycle = None,
provider: TerraformProvider = None,
provisioners: typing.List[typing.Union[FileProvisioner, LocalExecProvisioner, RemoteExecProvisioner]] = None,
input: typing.Mapping[typing.Any] = None,
triggers_replace: typing.Mapping[typing.Any] = None
)
Properties
Name | Type | Description |
---|---|---|
connection | typing.Union[SSHProvisionerConnection, WinrmProvisionerConnection] | No description. |
count | typing.Union[typing.Union[int, float], TerraformCount] | No description. |
depends_on | typing.List[ITerraformDependable] | No description. |
for_each | ITerraformIterator | No description. |
lifecycle | TerraformResourceLifecycle | No description. |
provider | TerraformProvider | No description. |
provisioners | typing.List[typing.Union[FileProvisioner, LocalExecProvisioner, RemoteExecProvisioner]] | No description. |
input | typing.Mapping[typing.Any] | (Optional) A value which will be stored in the instance state, and reflected in the output attribute after apply. |
triggers_replace | typing.Mapping[typing.Any] | (Optional) A value which is stored in the instance state, and will force replacement when the value changes. |
connection
Optional
connection: typing.Union[SSHProvisionerConnection, WinrmProvisionerConnection]
- Type: typing.Union[SSHProvisionerConnection, WinrmProvisionerConnection]
count
Optional
count: typing.Union[typing.Union[int, float], TerraformCount]
- Type: typing.Union[typing.Union[int, float], TerraformCount]
depends_on
Optional
depends_on: typing.List[ITerraformDependable]
- Type: typing.List[ITerraformDependable]
for_each
Optional
for_each: ITerraformIterator
- Type: ITerraformIterator
lifecycle
Optional
lifecycle: TerraformResourceLifecycle
provider
Optional
provider: TerraformProvider
- Type: TerraformProvider
provisioners
Optional
provisioners: typing.List[typing.Union[FileProvisioner, LocalExecProvisioner, RemoteExecProvisioner]]
- Type: typing.List[typing.Union[FileProvisioner, LocalExecProvisioner, RemoteExecProvisioner]]
input
Optional
input: typing.Mapping[typing.Any]
- Type: typing.Mapping[typing.Any]
(Optional) A value which will be stored in the instance state, and reflected in the output attribute after apply.
https://developer.hashicorp.com/terraform/language/resources/terraform-data#input
triggers_replace
Optional
triggers_replace: typing.Mapping[typing.Any]
- Type: typing.Mapping[typing.Any]
(Optional) A value which is stored in the instance state, and will force replacement when the value changes.
https://developer.hashicorp.com/terraform/language/resources/terraform-data#triggers_replace
DataTerraformRemoteStateAzurermConfig
Initializer
import cdktf
cdktf.DataTerraformRemoteStateAzurermConfig(
defaults: typing.Mapping[typing.Any] = None,
workspace: str = None,
container_name: str,
key: str,
storage_account_name: str,
access_key: str = None,
client_certificate_password: str = None,
client_certificate_path: str = None,
client_id: str = None,
client_secret: str = None,
endpoint: str = None,
environment: str = None,
metadata_host: str = None,
msi_endpoint: str = None,
oidc_request_token: str = None,
oidc_request_url: str = None,
oidc_token: str = None,
oidc_token_file_path: str = None,
resource_group_name: str = None,
sas_token: str = None,
snapshot: bool = None,
subscription_id: str = None,
tenant_id: str = None,
use_azuread_auth: bool = None,
use_microsoft_graph: bool = None,
use_msi: bool = None,
use_oidc: bool = None
)
Properties
Name | Type | Description |
---|---|---|
defaults | typing.Mapping[typing.Any] | No description. |
workspace | str | No description. |
container_name | str | (Required) The Name of the Storage Container within the Storage Account. |
key | str | (Required) The name of the Blob used to retrieve/store Terraform's State file inside the Storage Container. |
storage_account_name | str | (Required) The Name of the Storage Account. |
access_key | str | access_key - (Optional) The Access Key used to access the Blob Storage Account. |
client_certificate_password | str | (Optional) The password associated with the Client Certificate specified in client_certificate_path. |
client_certificate_path | str | (Optional) The path to the PFX file used as the Client Certificate when authenticating as a Service Principal. |
client_id | str | (Optional) The Client ID of the Service Principal. |
client_secret | str | (Optional) The Client Secret of the Service Principal. |
endpoint | str | (Optional) The Custom Endpoint for Azure Resource Manager. This can also be sourced from the ARM_ENDPOINT environment variable. |
environment | str | (Optional) The Azure Environment which should be used. |
metadata_host | str | (Optional) The Hostname of the Azure Metadata Service (for example management.azure.com), used to obtain the Cloud Environment when using a Custom Azure Environment. This can also be sourced from the ARM_METADATA_HOSTNAME Environment Variable.). |
msi_endpoint | str | (Optional) The path to a custom Managed Service Identity endpoint which is automatically determined if not specified. |
oidc_request_token | str | (Optional) The bearer token for the request to the OIDC provider. |
oidc_request_url | str | (Optional) The URL for the OIDC provider from which to request an ID token. |
oidc_token | str | (Optional) The ID token when authenticating using OpenID Connect (OIDC). |
oidc_token_file_path | str | (Optional) The path to a file containing an ID token when authenticating using OpenID Connect (OIDC). |
resource_group_name | str | (Required) The Name of the Resource Group in which the Storage Account exists. |
sas_token | str | (Optional) The SAS Token used to access the Blob Storage Account. |
snapshot | bool | (Optional) Should the Blob used to store the Terraform Statefile be snapshotted before use? |
subscription_id | str | (Optional) The Subscription ID in which the Storage Account exists. |
tenant_id | str | (Optional) The Tenant ID in which the Subscription exists. |
use_azuread_auth | bool | (Optional) Should AzureAD Authentication be used to access the Blob Storage Account. |
use_microsoft_graph | bool | (Optional) Should MSAL be used for authentication instead of ADAL, and should Microsoft Graph be used instead of Azure Active Directory Graph? |
use_msi | bool | (Optional) Should Managed Service Identity authentication be used? |
use_oidc | bool | (Optional) Should OIDC authentication be used? This can also be sourced from the ARM_USE_OIDC environment variable. |
defaults
Optional
defaults: typing.Mapping[typing.Any]
- Type: typing.Mapping[typing.Any]
workspace
Optional
workspace: str
- Type: str
container_name
Required
container_name: str
- Type: str
(Required) The Name of the Storage Container within the Storage Account.
key
Required
key: str
- Type: str
(Required) The name of the Blob used to retrieve/store Terraform's State file inside the Storage Container.
storage_account_name
Required
storage_account_name: str
- Type: str
(Required) The Name of the Storage Account.
access_key
Optional
access_key: str
- Type: str
access_key - (Optional) The Access Key used to access the Blob Storage Account.
This can also be sourced from the ARM_ACCESS_KEY environment variable.
client_certificate_password
Optional
client_certificate_password: str
- Type: str
(Optional) The password associated with the Client Certificate specified in client_certificate_path.
This can also be sourced from the ARM_CLIENT_CERTIFICATE_PASSWORD environment variable.
client_certificate_path
Optional
client_certificate_path: str
- Type: str
(Optional) The path to the PFX file used as the Client Certificate when authenticating as a Service Principal.
This can also be sourced from the ARM_CLIENT_CERTIFICATE_PATH environment variable.
client_id
Optional
client_id: str
- Type: str
(Optional) The Client ID of the Service Principal.
This can also be sourced from the ARM_CLIENT_ID environment variable.
client_secret
Optional
client_secret: str
- Type: str
(Optional) The Client Secret of the Service Principal.
This can also be sourced from the ARM_CLIENT_SECRET environment variable.
endpoint
Optional
endpoint: str
- Type: str
(Optional) The Custom Endpoint for Azure Resource Manager. This can also be sourced from the ARM_ENDPOINT environment variable.
NOTE: An endpoint should only be configured when using Azure Stack.
environment
Optional
environment: str
- Type: str
(Optional) The Azure Environment which should be used.
This can also be sourced from the ARM_ENVIRONMENT environment variable. Possible values are public, china, german, stack and usgovernment. Defaults to public.
metadata_host
Optional
metadata_host: str
- Type: str
(Optional) The Hostname of the Azure Metadata Service (for example management.azure.com), used to obtain the Cloud Environment when using a Custom Azure Environment. This can also be sourced from the ARM_METADATA_HOSTNAME Environment Variable.).
msi_endpoint
Optional
msi_endpoint: str
- Type: str
(Optional) The path to a custom Managed Service Identity endpoint which is automatically determined if not specified.
This can also be sourced from the ARM_MSI_ENDPOINT environment variable.
oidc_request_token
Optional
oidc_request_token: str
- Type: str
(Optional) The bearer token for the request to the OIDC provider.
This can also be sourced from the ARM_OIDC_REQUEST_TOKEN or ACTIONS_ID_TOKEN_REQUEST_TOKEN environment variables.
oidc_request_url
Optional
oidc_request_url: str
- Type: str
(Optional) The URL for the OIDC provider from which to request an ID token.
This can also be sourced from the ARM_OIDC_REQUEST_URL or ACTIONS_ID_TOKEN_REQUEST_URL environment variables.
oidc_token
Optional
oidc_token: str
- Type: str
(Optional) The ID token when authenticating using OpenID Connect (OIDC).
This can also be sourced from the ARM_OIDC_TOKEN environment variable.
oidc_token_file_path
Optional
oidc_token_file_path: str
- Type: str
(Optional) The path to a file containing an ID token when authenticating using OpenID Connect (OIDC).
This can also be sourced from the ARM_OIDC_TOKEN_FILE_PATH environment variable.
resource_group_name
Optional
resource_group_name: str
- Type: str
(Required) The Name of the Resource Group in which the Storage Account exists.
sas_token
Optional
sas_token: str
- Type: str
(Optional) The SAS Token used to access the Blob Storage Account.
This can also be sourced from the ARM_SAS_TOKEN environment variable.
snapshot
Optional
snapshot: bool
- Type: bool
(Optional) Should the Blob used to store the Terraform Statefile be snapshotted before use?
Defaults to false. This value can also be sourced from the ARM_SNAPSHOT environment variable.
subscription_id
Optional
subscription_id: str
- Type: str
(Optional) The Subscription ID in which the Storage Account exists.
This can also be sourced from the ARM_SUBSCRIPTION_ID environment variable.
tenant_id
Optional
tenant_id: str
- Type: str
(Optional) The Tenant ID in which the Subscription exists.
This can also be sourced from the ARM_TENANT_ID environment variable.
use_azuread_auth
Optional
use_azuread_auth: bool
- Type: bool
(Optional) Should AzureAD Authentication be used to access the Blob Storage Account.
This can also be sourced from the ARM_USE_AZUREAD environment variable.
Note: When using AzureAD for Authentication to Storage you also need to ensure the Storage Blob Data Owner role is assigned.
use_microsoft_graph
Optional
use_microsoft_graph: bool
- Type: bool
(Optional) Should MSAL be used for authentication instead of ADAL, and should Microsoft Graph be used instead of Azure Active Directory Graph?
Defaults to true.
Note: In Terraform 1.2 the Azure Backend uses MSAL (and Microsoft Graph) rather than ADAL (and Azure Active Directory Graph) for authentication by default - you can disable this by setting use_microsoft_graph to false. This setting will be removed in Terraform 1.3, due to Microsoft's deprecation of ADAL.
use_msi
Optional
use_msi: bool
- Type: bool
(Optional) Should Managed Service Identity authentication be used?
This can also be sourced from the ARM_USE_MSI environment variable.
use_oidc
Optional
use_oidc: bool
- Type: bool
(Optional) Should OIDC authentication be used? This can also be sourced from the ARM_USE_OIDC environment variable.
Note: When using OIDC for authentication, use_microsoft_graph must be set to true (which is the default).
DataTerraformRemoteStateConfig
Initializer
import cdktf
cdktf.DataTerraformRemoteStateConfig(
defaults: typing.Mapping[typing.Any] = None,
workspace: str = None
)
Properties
defaults
Optional
defaults: typing.Mapping[typing.Any]
- Type: typing.Mapping[typing.Any]
workspace
Optional
workspace: str
- Type: str
DataTerraformRemoteStateConsulConfig
Initializer
import cdktf
cdktf.DataTerraformRemoteStateConsulConfig(
defaults: typing.Mapping[typing.Any] = None,
workspace: str = None,
access_token: str,
path: str,
address: str = None,
ca_file: str = None,
cert_file: str = None,
datacenter: str = None,
gzip: bool = None,
http_auth: str = None,
key_file: str = None,
lock: bool = None,
scheme: str = None
)
Properties
Name | Type | Description |
---|---|---|
defaults | typing.Mapping[typing.Any] | No description. |
workspace | str | No description. |
access_token | str | (Required) Access token. |
path | str | (Required) Path in the Consul KV store. |
address | str | (Optional) DNS name and port of your Consul endpoint specified in the format dnsname:port. |
ca_file | str | (Optional) A path to a PEM-encoded certificate authority used to verify the remote agent's certificate. |
cert_file | str | (Optional) A path to a PEM-encoded certificate provided to the remote agent; |
datacenter | str | (Optional) The datacenter to use. |
gzip | bool | (Optional) true to compress the state data using gzip, or false (the default) to leave it uncompressed. |
http_auth | str | (Optional) HTTP Basic Authentication credentials to be used when communicating with Consul, in the format of either user or user:pass. |
key_file | str | (Optional) A path to a PEM-encoded private key, required if cert_file is specified. |
lock | bool | (Optional) false to disable locking. |
scheme | str | (Optional) Specifies what protocol to use when talking to the given address,either http or https. |
defaults
Optional
defaults: typing.Mapping[typing.Any]
- Type: typing.Mapping[typing.Any]
workspace
Optional
workspace: str
- Type: str
access_token
Required
access_token: str
- Type: str
(Required) Access token.
path
Required
path: str
- Type: str
(Required) Path in the Consul KV store.
address
Optional
address: str
- Type: str
(Optional) DNS name and port of your Consul endpoint specified in the format dnsname:port.
Defaults to the local agent HTTP listener.
ca_file
Optional
ca_file: str
- Type: str
(Optional) A path to a PEM-encoded certificate authority used to verify the remote agent's certificate.
cert_file
Optional
cert_file: str
- Type: str
(Optional) A path to a PEM-encoded certificate provided to the remote agent;
requires use of key_file.
datacenter
Optional
datacenter: str
- Type: str
(Optional) The datacenter to use.
Defaults to that of the agent.
gzip
Optional
gzip: bool
- Type: bool
(Optional) true to compress the state data using gzip, or false (the default) to leave it uncompressed.
http_auth
Optional
http_auth: str
- Type: str
(Optional) HTTP Basic Authentication credentials to be used when communicating with Consul, in the format of either user or user:pass.
key_file
Optional
key_file: str
- Type: str
(Optional) A path to a PEM-encoded private key, required if cert_file is specified.
lock
Optional
lock: bool
- Type: bool
(Optional) false to disable locking.
This defaults to true, but will require session permissions with Consul and at least kv write permissions on $path/.lock to perform locking.
scheme
Optional
scheme: str
- Type: str
(Optional) Specifies what protocol to use when talking to the given address,either http or https.
SSL support can also be triggered by setting then environment variable CONSUL_HTTP_SSL to true.
DataTerraformRemoteStateCosConfig
Initializer
import cdktf
cdktf.DataTerraformRemoteStateCosConfig(
defaults: typing.Mapping[typing.Any] = None,
workspace: str = None,
bucket: str,
accelerate: bool = None,
acl: str = None,
assume_role: CosBackendAssumeRole = None,
domain: str = None,
encrypt: bool = None,
endpoint: str = None,
key: str = None,
prefix: str = None,
region: str = None,
secret_id: str = None,
secret_key: str = None,
security_token: str = None
)
Properties
Name | Type | Description |
---|---|---|
defaults | typing.Mapping[typing.Any] | No description. |
workspace | str | No description. |
bucket | str | (Required) The name of the COS bucket. |
accelerate | bool | (Optional) Whether to enable global Acceleration. |
acl | str | (Optional) Object ACL to be applied to the state file, allows private and public-read. |
assume_role | CosBackendAssumeRole | (Optional) The assume_role block. |
domain | str | (Optional) The root domain of the API request. |
encrypt | bool | (Optional) Whether to enable server side encryption of the state file. |
endpoint | str | (Optional) The Custom Endpoint for the COS backend. |
key | str | (Optional) The path for saving the state file in bucket. |
prefix | str | (Optional) The directory for saving the state file in bucket. |
region | str | (Optional) The region of the COS bucket. |
secret_id | str | (Optional) Secret id of Tencent Cloud. |
secret_key | str | (Optional) Secret key of Tencent Cloud. |
security_token | str | (Optional) TencentCloud Security Token of temporary access credentials. |
defaults
Optional
defaults: typing.Mapping[typing.Any]
- Type: typing.Mapping[typing.Any]
workspace
Optional
workspace: str
- Type: str
bucket
Required
bucket: str
- Type: str
(Required) The name of the COS bucket.
You shall manually create it first.
accelerate
Optional
accelerate: bool
- Type: bool
(Optional) Whether to enable global Acceleration.
Defaults to false.
acl
Optional
acl: str
- Type: str
(Optional) Object ACL to be applied to the state file, allows private and public-read.
Defaults to private.
assume_role
Optional
assume_role: CosBackendAssumeRole
- Type: CosBackendAssumeRole
(Optional) The assume_role block.
If provided, terraform will attempt to assume this role using the supplied credentials.
domain
Optional
domain: str
- Type: str
(Optional) The root domain of the API request.
Defaults to tencentcloudapi.com. It supports the environment variable TENCENTCLOUD_DOMAIN.
encrypt
Optional
encrypt: bool
- Type: bool
(Optional) Whether to enable server side encryption of the state file.
If it is true, COS will use 'AES256' encryption algorithm to encrypt state file.
endpoint
Optional
endpoint: str
- Type: str
(Optional) The Custom Endpoint for the COS backend.
It supports the environment variable TENCENTCLOUD_ENDPOINT.
key
Optional
key: str
- Type: str
(Optional) The path for saving the state file in bucket.
Defaults to terraform.tfstate.
prefix
Optional
prefix: str
- Type: str
(Optional) The directory for saving the state file in bucket.
Default to "env:".
region
Optional
region: str
- Type: str
(Optional) The region of the COS bucket.
It supports environment variables TENCENTCLOUD_REGION.
secret_id
Optional
secret_id: str
- Type: str
(Optional) Secret id of Tencent Cloud.
It supports environment variables TENCENTCLOUD_SECRET_ID.
secret_key
Optional
secret_key: str
- Type: str
(Optional) Secret key of Tencent Cloud.
It supports environment variables TENCENTCLOUD_SECRET_KEY.
security_token
Optional
security_token: str
- Type: str
(Optional) TencentCloud Security Token of temporary access credentials.
It supports environment variables TENCENTCLOUD_SECURITY_TOKEN.
DataTerraformRemoteStateGcsConfig
Initializer
import cdktf
cdktf.DataTerraformRemoteStateGcsConfig(
defaults: typing.Mapping[typing.Any] = None,
workspace: str = None,
bucket: str,
access_token: str = None,
credentials: str = None,
encryption_key: str = None,
impersonate_service_account: str = None,
impersonate_service_account_delegates: typing.List[str] = None,
kms_encryption_key: str = None,
prefix: str = None,
storeage_custom_endpoint: str = None
)
Properties
Name | Type | Description |
---|---|---|
defaults | typing.Mapping[typing.Any] | No description. |
workspace | str | No description. |
bucket | str | (Required) The name of the GCS bucket. |
access_token | str | (Optional) A temporary [OAuth 2.0 access token] obtained from the Google Authorization server, i.e. the Authorization: Bearer token used to authenticate HTTP requests to GCP APIs. This is an alternative to credentials. If both are specified, access_token will be used over the credentials field. |
credentials | str | (Optional) Local path to Google Cloud Platform account credentials in JSON format. |
encryption_key | str | (Optional) A 32 byte base64 encoded 'customer supplied encryption key' used to encrypt all state. |
impersonate_service_account | str | (Optional) The service account to impersonate for accessing the State Bucket. |
impersonate_service_account_delegates | typing.List[str] | (Optional) The delegation chain for an impersonating a service account. |
kms_encryption_key | str | (Optional) A Cloud KMS key ('customer-managed encryption key') used when reading and writing state files in the bucket. |
prefix | str | (Optional) GCS prefix inside the bucket. |
storeage_custom_endpoint | str | (Optional) A URL containing three parts: the protocol, the DNS name pointing to a Private Service Connect endpoint, and the path for the Cloud Storage API (/storage/v1/b). |
defaults
Optional
defaults: typing.Mapping[typing.Any]
- Type: typing.Mapping[typing.Any]
workspace
Optional
workspace: str
- Type: str
bucket
Required
bucket: str
- Type: str
(Required) The name of the GCS bucket.
This name must be globally unique.
access_token
Optional
access_token: str
- Type: str
(Optional) A temporary [OAuth 2.0 access token] obtained from the Google Authorization server, i.e. the Authorization: Bearer token used to authenticate HTTP requests to GCP APIs. This is an alternative to credentials. If both are specified, access_token will be used over the credentials field.
credentials
Optional
credentials: str
- Type: str
(Optional) Local path to Google Cloud Platform account credentials in JSON format.
If unset, Google Application Default Credentials are used. The provided credentials must have Storage Object Admin role on the bucket.
Warning: if using the Google Cloud Platform provider as well, it will also pick up the GOOGLE_CREDENTIALS environment variable.
encryption_key
Optional
encryption_key: str
- Type: str
(Optional) A 32 byte base64 encoded 'customer supplied encryption key' used to encrypt all state.
impersonate_service_account
Optional
impersonate_service_account: str
- Type: str
(Optional) The service account to impersonate for accessing the State Bucket.
You must have roles/iam.serviceAccountTokenCreator role on that account for the impersonation to succeed. If you are using a delegation chain, you can specify that using the impersonate_service_account_delegates field. Alternatively, this can be specified using the GOOGLE_IMPERSONATE_SERVICE_ACCOUNT environment variable.
impersonate_service_account_delegates
Optional
impersonate_service_account_delegates: typing.List[str]
- Type: typing.List[str]
(Optional) The delegation chain for an impersonating a service account.
kms_encryption_key
Optional
kms_encryption_key: str
- Type: str
(Optional) A Cloud KMS key ('customer-managed encryption key') used when reading and writing state files in the bucket.
Format should be projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{name}}. For more information, including IAM requirements, see {@link https://cloud.google.com/storage/docs/encryption/customer-managed-keys Customer-managed Encryption Keys}.
prefix
Optional
prefix: str
- Type: str
(Optional) GCS prefix inside the bucket.
Named states for workspaces are stored in an object called < prefix >/< name >.tfstate.
storeage_custom_endpoint
Optional
storeage_custom_endpoint: str
- Type: str
(Optional) A URL containing three parts: the protocol, the DNS name pointing to a Private Service Connect endpoint, and the path for the Cloud Storage API (/storage/v1/b).
{@link https://developer.hashicorp.com/terraform/language/settings/backends/gcs#storage_custom_endpoint See here for more details}
DataTerraformRemoteStateHttpConfig
Initializer
import cdktf
cdktf.DataTerraformRemoteStateHttpConfig(
defaults: typing.Mapping[typing.Any] = None,
workspace: str = None,
address: str,
client_ca_certificate_pem: str = None,
client_certificate_pem: str = None,
client_private_key_pem: str = None,
lock_address: str = None,
lock_method: str = None,
password: str = None,
retry_max: typing.Union[int, float] = None,
retry_wait_max: typing.Union[int, float] = None,
retry_wait_min: typing.Union[int, float] = None,
skip_cert_verification: bool = None,
unlock_address: str = None,
unlock_method: str = None,
update_method: str = None,
username: str = None
)
Properties
Name | Type | Description |
---|---|---|
defaults | typing.Mapping[typing.Any] | No description. |
workspace | str | No description. |
address | str | (Required) The address of the REST endpoint. |
client_ca_certificate_pem | str | (Optional) A PEM-encoded CA certificate chain used by the client to verify server certificates during TLS authentication. |
client_certificate_pem | str | (Optional) A PEM-encoded certificate used by the server to verify the client during mutual TLS (mTLS) authentication. |
client_private_key_pem | str | (Optional) A PEM-encoded private key, required if client_certificate_pem is specified. |
lock_address | str | (Optional) The address of the lock REST endpoint. |
lock_method | str | (Optional) The HTTP method to use when locking. |
password | str | (Optional) The password for HTTP basic authentication. |
retry_max | typing.Union[int, float] | (Optional) The number of HTTP request retries. |
retry_wait_max | typing.Union[int, float] | (Optional) The maximum time in seconds to wait between HTTP request attempts. |
retry_wait_min | typing.Union[int, float] | (Optional) The minimum time in seconds to wait between HTTP request attempts. |
skip_cert_verification | bool | (Optional) Whether to skip TLS verification. |
unlock_address | str | (Optional) The address of the unlock REST endpoint. |
unlock_method | str | (Optional) The HTTP method to use when unlocking. |
update_method | str | (Optional) HTTP method to use when updating state. |
username | str | (Optional) The username for HTTP basic authentication. |
defaults
Optional
defaults: typing.Mapping[typing.Any]
- Type: typing.Mapping[typing.Any]
workspace
Optional
workspace: str
- Type: str
address
Required
address: str
- Type: str
(Required) The address of the REST endpoint.
client_ca_certificate_pem
Optional
client_ca_certificate_pem: str
- Type: str
(Optional) A PEM-encoded CA certificate chain used by the client to verify server certificates during TLS authentication.
client_certificate_pem
Optional
client_certificate_pem: str
- Type: str
(Optional) A PEM-encoded certificate used by the server to verify the client during mutual TLS (mTLS) authentication.
client_private_key_pem
Optional
client_private_key_pem: str
- Type: str
(Optional) A PEM-encoded private key, required if client_certificate_pem is specified.
lock_address
Optional
lock_address: str
- Type: str
(Optional) The address of the lock REST endpoint.
Defaults to disabled.
lock_method
Optional
lock_method: str
- Type: str
(Optional) The HTTP method to use when locking.
Defaults to LOCK.
password
Optional
password: str
- Type: str
(Optional) The password for HTTP basic authentication.
retry_max
Optional
retry_max: typing.Union[int, float]
- Type: typing.Union[int, float]
(Optional) The number of HTTP request retries.
Defaults to 2.
retry_wait_max
Optional
retry_wait_max: typing.Union[int, float]
- Type: typing.Union[int, float]
(Optional) The maximum time in seconds to wait between HTTP request attempts.
Defaults to 30.
retry_wait_min
Optional
retry_wait_min: typing.Union[int, float]
- Type: typing.Union[int, float]
(Optional) The minimum time in seconds to wait between HTTP request attempts.
Defaults to 1.
skip_cert_verification
Optional
skip_cert_verification: bool
- Type: bool
(Optional) Whether to skip TLS verification.
Defaults to false.
unlock_address
Optional
unlock_address: str
- Type: str
(Optional) The address of the unlock REST endpoint.
Defaults to disabled.
unlock_method
Optional
unlock_method: str
- Type: str
(Optional) The HTTP method to use when unlocking.
Defaults to UNLOCK.
update_method
Optional
update_method: str
- Type: str
(Optional) HTTP method to use when updating state.
Defaults to POST.
username
Optional
username: str
- Type: str
(Optional) The username for HTTP basic authentication.
DataTerraformRemoteStateLocalConfig
Initializer
import cdktf
cdktf.DataTerraformRemoteStateLocalConfig(
defaults: typing.Mapping[typing.Any] = None,
workspace: str = None,
path: str = None,
workspace_dir: str = None
)
Properties
Name | Type | Description |
---|---|---|
defaults | typing.Mapping[typing.Any] | No description. |
workspace | str | No description. |
path | str | Path where the state file is stored. |
workspace_dir | str | (Optional) The path to non-default workspaces. |
defaults
Optional
defaults: typing.Mapping[typing.Any]
- Type: typing.Mapping[typing.Any]
workspace
Optional
workspace: str
- Type: str
path
Optional
path: str
- Type: str
- Default: defaults to terraform.${stackId}.tfstate
Path where the state file is stored.
workspace_dir
Optional
workspace_dir: str
- Type: str
(Optional) The path to non-default workspaces.
DataTerraformRemoteStateOssConfig
Initializer
import cdktf
cdktf.DataTerraformRemoteStateOssConfig(
defaults: typing.Mapping[typing.Any] = None,
workspace: str = None,
bucket: str,
access_key: str = None,
acl: str = None,
assume_role: OssAssumeRole = None,
assume_role_policy: str = None,
assume_role_role_arn: str = None,
assume_role_session_expiration: typing.Union[int, float] = None,
assume_role_session_name: str = None,
ecs_role_name: str = None,
encrypt: bool = None,
endpoint: str = None,
key: str = None,
prefix: str = None,
profile: str = None,
region: str = None,
secret_key: str = None,
security_token: str = None,
shared_credentials_file: str = None,
sts_endpoint: str = None,
tablestore_endpoint: str = None,
tablestore_table: str = None
)
Properties
Name | Type | Description |
---|---|---|
defaults | typing.Mapping[typing.Any] | No description. |
workspace | str | No description. |
bucket | str | (Required) The name of the OSS bucket. |
access_key | str | (Optional) Alibaba Cloud access key. |
acl | str | (Optional) Object ACL to be applied to the state file. |
assume_role | OssAssumeRole | No description. |
assume_role_policy | str | (Optional, Available in 1.1.0+) A more restrictive policy to apply to the temporary credentials. This gives you a way to further restrict the permissions for the resulting temporary security credentials. You cannot use this policy to grant permissions that exceed those of the role that is being assumed. |
assume_role_role_arn | str | (Optional, Available in 1.1.0+) The ARN of the role to assume. If ARN is set to an empty string, it does not perform role switching. It supports the environment variable ALICLOUD_ASSUME_ROLE_ARN. Terraform executes configuration on account with provided credentials. |
assume_role_session_expiration | typing.Union[int, float] | (Optional, Available in 1.1.0+) The time after which the established session for assuming role expires. Valid value range: [900-3600] seconds. Default to 3600 (in this case Alibaba Cloud uses its own default value). It supports environment variable ALICLOUD_ASSUME_ROLE_SESSION_EXPIRATION. |
assume_role_session_name | str | (Optional, Available in 1.1.0+) The session name to use when assuming the role. If omitted, 'terraform' is passed to the AssumeRole call as session name. It supports environment variable ALICLOUD_ASSUME_ROLE_SESSION_NAME. |
ecs_role_name | str | (Optional, Available in 0.12.14+) The RAM Role Name attached on a ECS instance for API operations. You can retrieve this from the 'Access Control' section of the Alibaba Cloud console. |
encrypt | bool | (Optional) Whether to enable server side encryption of the state file. |
endpoint | str | (Optional) A custom endpoint for the OSS API. |
key | str | (Optional) The name of the state file. |
prefix | str | (Optional) The path directory of the state file will be stored. |
profile | str | (Optional, Available in 0.12.8+) This is the Alibaba Cloud profile name as set in the shared credentials file. It can also be sourced from the ALICLOUD_PROFILE environment variable. |
region | str | (Optional) The region of the OSS bucket. |
secret_key | str | (Optional) Alibaba Cloud secret access key. |
security_token | str | (Optional) STS access token. |
shared_credentials_file | str | (Optional, Available in 0.12.8+) This is the path to the shared credentials file. It can also be sourced from the ALICLOUD_SHARED_CREDENTIALS_FILE environment variable. If this is not set and a profile is specified, ~/.aliyun/config.json will be used. |
sts_endpoint | str | (Optional, Available in 1.0.11+) Custom endpoint for the AliCloud Security Token Service (STS) API. It supports environment variable ALICLOUD_STS_ENDPOINT. |
tablestore_endpoint | str | (Optional) A custom endpoint for the TableStore API. |
tablestore_table | str | (Optional) A TableStore table for state locking and consistency. |
defaults
Optional
defaults: typing.Mapping[typing.Any]
- Type: typing.Mapping[typing.Any]
workspace
Optional
workspace: str
- Type: str
bucket
Required
bucket: str
- Type: str
(Required) The name of the OSS bucket.
access_key
Optional
access_key: str
- Type: str
(Optional) Alibaba Cloud access key.
It supports environment variables ALICLOUD_ACCESS_KEY and ALICLOUD_ACCESS_KEY_ID.
acl
Optional
acl: str
- Type: str
(Optional) Object ACL to be applied to the state file.
assume_role
Optional
assume_role
- Deprecated: Use flattened assume role options
assume_role: OssAssumeRole
- Type: OssAssumeRole
assume_role_policy
Optional
assume_role_policy: str
- Type: str
(Optional, Available in 1.1.0+) A more restrictive policy to apply to the temporary credentials. This gives you a way to further restrict the permissions for the resulting temporary security credentials. You cannot use this policy to grant permissions that exceed those of the role that is being assumed.
assume_role_role_arn
Optional
assume_role_role_arn: str
- Type: str
(Optional, Available in 1.1.0+) The ARN of the role to assume. If ARN is set to an empty string, it does not perform role switching. It supports the environment variable ALICLOUD_ASSUME_ROLE_ARN. Terraform executes configuration on account with provided credentials.
assume_role_session_expiration
Optional
assume_role_session_expiration: typing.Union[int, float]
- Type: typing.Union[int, float]
(Optional, Available in 1.1.0+) The time after which the established session for assuming role expires. Valid value range: [900-3600] seconds. Default to 3600 (in this case Alibaba Cloud uses its own default value). It supports environment variable ALICLOUD_ASSUME_ROLE_SESSION_EXPIRATION.
assume_role_session_name
Optional
assume_role_session_name: str
- Type: str
(Optional, Available in 1.1.0+) The session name to use when assuming the role. If omitted, 'terraform' is passed to the AssumeRole call as session name. It supports environment variable ALICLOUD_ASSUME_ROLE_SESSION_NAME.
ecs_role_name
Optional
ecs_role_name: str
- Type: str
(Optional, Available in 0.12.14+) The RAM Role Name attached on a ECS instance for API operations. You can retrieve this from the 'Access Control' section of the Alibaba Cloud console.
encrypt
Optional
encrypt: bool
- Type: bool
(Optional) Whether to enable server side encryption of the state file.
If it is true, OSS will use 'AES256' encryption algorithm to encrypt state file.
endpoint
Optional
endpoint: str
- Type: str
(Optional) A custom endpoint for the OSS API.
It supports environment variables ALICLOUD_OSS_ENDPOINT and OSS_ENDPOINT.
key
Optional
key: str
- Type: str
(Optional) The name of the state file.
Defaults to terraform.tfstate.
prefix
Optional
prefix: str
- Type: str
(Optional) The path directory of the state file will be stored.
Default to "env:".
profile
Optional
profile: str
- Type: str
(Optional, Available in 0.12.8+) This is the Alibaba Cloud profile name as set in the shared credentials file. It can also be sourced from the ALICLOUD_PROFILE environment variable.
region
Optional
region: str
- Type: str
(Optional) The region of the OSS bucket.
It supports environment variables ALICLOUD_REGION and ALICLOUD_DEFAULT_REGION.
secret_key
Optional
secret_key: str
- Type: str
(Optional) Alibaba Cloud secret access key.
It supports environment variables ALICLOUD_SECRET_KEY and ALICLOUD_ACCESS_KEY_SECRET.
security_token
Optional
security_token: str
- Type: str
(Optional) STS access token.
It supports environment variable ALICLOUD_SECURITY_TOKEN.
shared_credentials_file
Optional
shared_credentials_file: str
- Type: str
(Optional, Available in 0.12.8+) This is the path to the shared credentials file. It can also be sourced from the ALICLOUD_SHARED_CREDENTIALS_FILE environment variable. If this is not set and a profile is specified, ~/.aliyun/config.json will be used.
sts_endpoint
Optional
sts_endpoint: str
- Type: str
(Optional, Available in 1.0.11+) Custom endpoint for the AliCloud Security Token Service (STS) API. It supports environment variable ALICLOUD_STS_ENDPOINT.
tablestore_endpoint
Optional
tablestore_endpoint: str
- Type: str
(Optional) A custom endpoint for the TableStore API.
tablestore_table
Optional
tablestore_table: str
- Type: str
(Optional) A TableStore table for state locking and consistency.
The table must have a primary key named LockID of type String.
DataTerraformRemoteStatePgConfig
Initializer
import cdktf
cdktf.DataTerraformRemoteStatePgConfig(
defaults: typing.Mapping[typing.Any] = None,
workspace: str = None,
conn_str: str,
schema_name: str = None,
skip_index_creation: bool = None,
skip_schema_creation: bool = None,
skip_table_creation: bool = None
)
Properties
Name | Type | Description |
---|---|---|
defaults | typing.Mapping[typing.Any] | No description. |
workspace | str | No description. |
conn_str | str | Postgres connection string; |
schema_name | str | Name of the automatically-managed Postgres schema, default to terraform_remote_state. |
skip_index_creation | bool | If set to true, the Postgres index must already exist. |
skip_schema_creation | bool | If set to true, the Postgres schema must already exist. |
skip_table_creation | bool | If set to true, the Postgres table must already exist. |
defaults
Optional
defaults: typing.Mapping[typing.Any]
- Type: typing.Mapping[typing.Any]
workspace
Optional
workspace: str
- Type: str
conn_str
Required
conn_str: str
- Type: str
Postgres connection string;
a postgres:// URL. The PG_CONN_STR and standard libpq environment variables can also be used to indicate how to connect to the PostgreSQL database.
schema_name
Optional
schema_name: str
- Type: str
Name of the automatically-managed Postgres schema, default to terraform_remote_state.
Can also be set using the PG_SCHEMA_NAME environment variable.
skip_index_creation
Optional
skip_index_creation: bool
- Type: bool
If set to true, the Postgres index must already exist.
Can also be set using the PG_SKIP_INDEX_CREATION environment variable. Terraform won't try to create the index, this is useful when it has already been created by a database administrator.
skip_schema_creation
Optional
skip_schema_creation: bool
- Type: bool
If set to true, the Postgres schema must already exist.
Can also be set using the PG_SKIP_SCHEMA_CREATION environment variable. Terraform won't try to create the schema, this is useful when it has already been created by a database administrator.
skip_table_creation
Optional
skip_table_creation: bool
- Type: bool
If set to true, the Postgres table must already exist.
Can also be set using the PG_SKIP_TABLE_CREATION environment variable. Terraform won't try to create the table, this is useful when it has already been created by a database administrator.
DataTerraformRemoteStateRemoteConfig
Initializer
import cdktf
cdktf.DataTerraformRemoteStateRemoteConfig(
defaults: typing.Mapping[typing.Any] = None,
workspace: str = None,
organization: str,
workspaces: IRemoteWorkspace,
hostname: str = None,
token: str = None
)
Properties
Name | Type | Description |
---|---|---|
defaults | typing.Mapping[typing.Any] | No description. |
workspace | str | No description. |
organization | str | No description. |
workspaces | IRemoteWorkspace | No description. |
hostname | str | No description. |
token | str | No description. |
defaults
Optional
defaults: typing.Mapping[typing.Any]
- Type: typing.Mapping[typing.Any]
workspace
Optional
workspace: str
- Type: str
organization
Required
organization: str
- Type: str
workspaces
Required
workspaces: IRemoteWorkspace
- Type: IRemoteWorkspace
hostname
Optional
hostname: str
- Type: str
token
Optional
token: str
- Type: str
DataTerraformRemoteStateS3Config
Initializer
import cdktf
cdktf.DataTerraformRemoteStateS3Config(
defaults: typing.Mapping[typing.Any] = None,
workspace: str = None,
bucket: str,
key: str,
access_key: str = None,
acl: str = None,
allowed_account_ids: typing.List[str] = None,
assume_role: S3BackendAssumeRoleConfig = None,
assume_role_policy: str = None,
assume_role_policy_arns: typing.List[str] = None,
assume_role_tags: typing.Mapping[str] = None,
assume_role_transitive_tag_keys: typing.List[str] = None,
assume_role_with_web_identity: S3BackendAssumeRoleWithWebIdentityConfig = None,
custom_ca_bundle: str = None,
dynamodb_endpoint: str = None,
dynamodb_table: str = None,
ec2_metadata_service_endpoint: str = None,
ec2_metadata_service_endpoint_mode: str = None,
encrypt: bool = None,
endpoint: str = None,
endpoints: S3BackendEndpointConfig = None,
external_id: str = None,
forbidden_account_ids: typing.List[str] = None,
force_path_style: bool = None,
http_proxy: str = None,
https_proxy: str = None,
iam_endpoint: str = None,
insecure: bool = None,
kms_key_id: str = None,
max_retries: typing.Union[int, float] = None,
no_proxy: str = None,
profile: str = None,
region: str = None,
retry_mode: str = None,
role_arn: str = None,
secret_key: str = None,
session_name: str = None,
shared_config_files: typing.List[str] = None,
shared_credentials_file: str = None,
shared_credentials_files: typing.List[str] = None,
skip_credentials_validation: bool = None,
skip_metadata_api_check: bool = None,
skip_region_validation: bool = None,
skip_requesting_account_id: bool = None,
skip_s3_checksum: bool = None,
sse_customer_key: str = None,
sts_endpoint: str = None,
sts_region: str = None,
token: str = None,
use_legacy_workflow: bool = None,
use_path_style: bool = None,
workspace_key_prefix: str = None
)
Properties
Name | Type | Description |
---|---|---|
defaults | typing.Mapping[typing.Any] | No description. |
workspace | str | No description. |
bucket | str | Name of the S3 Bucket. |
key | str | Path to the state file inside the S3 Bucket. |
access_key | str | (Optional) AWS access key. |
acl | str | (Optional) Canned ACL to be applied to the state file. |
allowed_account_ids | typing.List[str] | (Optional) List of allowed AWS account IDs to prevent potential destruction of a live environment. |
assume_role | S3BackendAssumeRoleConfig | Assuming an IAM Role can be configured in two ways. |
assume_role_policy | str | (Optional) IAM Policy JSON describing further restricting permissions for the IAM Role being assumed. |
assume_role_policy_arns | typing.List[str] | (Optional) Set of Amazon Resource Names (ARNs) of IAM Policies describing further restricting permissions for the IAM Role being assumed. |
assume_role_tags | typing.Mapping[str] | (Optional) Map of assume role session tags. |
assume_role_transitive_tag_keys | typing.List[str] | (Optional) Set of assume role session tag keys to pass to any subsequent sessions. |
assume_role_with_web_identity | S3BackendAssumeRoleWithWebIdentityConfig | Assume Role With Web Identity Configuration. |
custom_ca_bundle | str | (Optional) File containing custom root and intermediate certificates. |
dynamodb_endpoint | str | (Optional) Custom endpoint for the AWS DynamoDB API. |
dynamodb_table | str | (Optional) Name of DynamoDB Table to use for state locking and consistency. |
ec2_metadata_service_endpoint | str | Optional) Custom endpoint URL for the EC2 Instance Metadata Service (IMDS) API. |
ec2_metadata_service_endpoint_mode | str | (Optional) Mode to use in communicating with the metadata service. |
encrypt | bool | (Optional) Enable server side encryption of the state file. |
endpoint | str | (Optional) Custom endpoint for the AWS S3 API. |
endpoints | S3BackendEndpointConfig | (Optional) The endpoint configuration block. |
external_id | str | (Optional) External identifier to use when assuming the role. |
forbidden_account_ids | typing.List[str] | (Optional) List of forbidden AWS account IDs to prevent potential destruction of a live environment. |
force_path_style | bool | (Optional) Enable path-style S3 URLs (https://< HOST >/< BUCKET > instead of https://< BUCKET >.< HOST >). |
http_proxy | str | (Optional) URL of a proxy to use for HTTP requests when accessing the AWS API. |
https_proxy | str | (Optional) URL of a proxy to use for HTTPS requests when accessing the AWS API. |
iam_endpoint | str | (Optional) Custom endpoint for the AWS Identity and Access Management (IAM) API. |
insecure | bool | Optional) Whether to explicitly allow the backend to perform "insecure" SSL requests. |
kms_key_id | str | (Optional) Amazon Resource Name (ARN) of a Key Management Service (KMS) Key to use for encrypting the state. |
max_retries | typing.Union[int, float] | (Optional) The maximum number of times an AWS API request is retried on retryable failure. |
no_proxy | str | (Optional) Comma-separated list of hosts that should not use HTTP or HTTPS proxies. |
profile | str | (Optional) Name of AWS profile in AWS shared credentials file (e.g. ~/.aws/credentials) or AWS shared configuration file (e.g. ~/.aws/config) to use for credentials and/or configuration. This can also be sourced from the AWS_PROFILE environment variable. |
region | str | AWS Region of the S3 Bucket and DynamoDB Table (if used). |
retry_mode | str | (Optional) Specifies how retries are attempted. |
role_arn | str | (Optional) Amazon Resource Name (ARN) of the IAM Role to assume. |
secret_key | str | (Optional) AWS secret access key. |
session_name | str | (Optional) Session name to use when assuming the role. |
shared_config_files | typing.List[str] | (Optional) List of paths to AWS shared configuration files. |
shared_credentials_file | str | (Optional) Path to the AWS shared credentials file. |
shared_credentials_files | typing.List[str] | (Optional) List of paths to AWS shared credentials files. |
skip_credentials_validation | bool | (Optional) Skip credentials validation via the STS API. |
skip_metadata_api_check | bool | (Optional) Skip usage of EC2 Metadata API. |
skip_region_validation | bool | (Optional) Skip validation of provided region name. |
skip_requesting_account_id | bool | (Optional) Whether to skip requesting the account ID. |
skip_s3_checksum | bool | (Optional) Do not include checksum when uploading S3 Objects. |
sse_customer_key | str | (Optional) The key to use for encrypting state with Server-Side Encryption with Customer-Provided Keys (SSE-C). |
sts_endpoint | str | (Optional) Custom endpoint for the AWS Security Token Service (STS) API. |
sts_region | str | (Optional) AWS region for STS. |
token | str | (Optional) Multi-Factor Authentication (MFA) token. |
use_legacy_workflow | bool | (Optional) Use the legacy authentication workflow, preferring environment variables over backend configuration. |
use_path_style | bool | (Optional) Enable path-style S3 URLs (https://< HOST >/< BUCKET > instead of https://< BUCKET >.< HOST >). |
workspace_key_prefix | str | (Optional) Prefix applied to the state path inside the bucket. |
defaults
Optional
defaults: typing.Mapping[typing.Any]
- Type: typing.Mapping[typing.Any]
workspace
Optional
workspace: str
- Type: str
bucket
Required
bucket: str
- Type: str
Name of the S3 Bucket.
key
Required
key: str
- Type: str
Path to the state file inside the S3 Bucket.
When using a non-default workspace, the state path will be /workspace_key_prefix/workspace_name/key
access_key
Optional
access_key: str
- Type: str
(Optional) AWS access key.
If configured, must also configure secret_key. This can also be sourced from the AWS_ACCESS_KEY_ID environment variable, AWS shared credentials file (e.g. ~/.aws/credentials), or AWS shared configuration file (e.g. ~/.aws/config).
acl
Optional
acl: str
- Type: str
(Optional) Canned ACL to be applied to the state file.
allowed_account_ids
Optional
allowed_account_ids: typing.List[str]
- Type: typing.List[str]
(Optional) List of allowed AWS account IDs to prevent potential destruction of a live environment.
Conflicts with forbidden_account_ids.
assume_role
Optional
assume_role: S3BackendAssumeRoleConfig
Assuming an IAM Role can be configured in two ways.
The preferred way is to use the argument assume_role, the other, which is deprecated, is with arguments at the top level.
assume_role_policy
Optional
assume_role_policy
- Deprecated: Use assumeRole.policy instead.
assume_role_policy: str
- Type: str
(Optional) IAM Policy JSON describing further restricting permissions for the IAM Role being assumed.
assume_role_policy_arns
Optional
assume_role_policy_arns
- Deprecated: Use assumeRole.policyArns instead.
assume_role_policy_arns: typing.List[str]
- Type: typing.List[str]
(Optional) Set of Amazon Resource Names (ARNs) of IAM Policies describing further restricting permissions for the IAM Role being assumed.
assume_role_tags
Optional
assume_role_tags
- Deprecated: Use assumeRole.tags instead.
assume_role_tags: typing.Mapping[str]
- Type: typing.Mapping[str]
(Optional) Map of assume role session tags.
assume_role_transitive_tag_keys
Optional
assume_role_transitive_tag_keys
- Deprecated: Use assumeRole.transitiveTagKeys instead.
assume_role_transitive_tag_keys: typing.List[str]
- Type: typing.List[str]
(Optional) Set of assume role session tag keys to pass to any subsequent sessions.
assume_role_with_web_identity
Optional
assume_role_with_web_identity: S3BackendAssumeRoleWithWebIdentityConfig
Assume Role With Web Identity Configuration.
custom_ca_bundle
Optional
custom_ca_bundle: str
- Type: str
(Optional) File containing custom root and intermediate certificates.
Can also be set using the AWS_CA_BUNDLE environment variable. Setting ca_bundle in the shared config file is not supported.
dynamodb_endpoint
Optional
dynamodb_endpoint
- Deprecated: Use endpoints.dynamodb instead
dynamodb_endpoint: str
- Type: str
(Optional) Custom endpoint for the AWS DynamoDB API.
This can also be sourced from the AWS_DYNAMODB_ENDPOINT environment variable.
dynamodb_table
Optional
dynamodb_table: str
- Type: str
(Optional) Name of DynamoDB Table to use for state locking and consistency.
The table must have a partition key named LockID with type of String. If not configured, state locking will be disabled.
ec2_metadata_service_endpoint
Optional
ec2_metadata_service_endpoint: str
- Type: str
Optional) Custom endpoint URL for the EC2 Instance Metadata Service (IMDS) API.
Can also be set with the AWS_EC2_METADATA_SERVICE_ENDPOINT environment variable.
ec2_metadata_service_endpoint_mode
Optional
ec2_metadata_service_endpoint_mode: str
- Type: str
(Optional) Mode to use in communicating with the metadata service.
Valid values are IPv4 and IPv6. Can also be set with the AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE environment variable.
encrypt
Optional
encrypt: bool
- Type: bool
(Optional) Enable server side encryption of the state file.
endpoint
Optional
endpoint
- Deprecated: Use endpoints.s3 instead
endpoint: str
- Type: str
(Optional) Custom endpoint for the AWS S3 API.
This can also be sourced from the AWS_S3_ENDPOINT environment variable.
endpoints
Optional
endpoints: S3BackendEndpointConfig
- Type: S3BackendEndpointConfig
(Optional) The endpoint configuration block.
external_id
Optional
external_id
- Deprecated: Use assume_role.external_id instead.
external_id: str
- Type: str
(Optional) External identifier to use when assuming the role.
forbidden_account_ids
Optional
forbidden_account_ids: typing.List[str]
- Type: typing.List[str]
(Optional) List of forbidden AWS account IDs to prevent potential destruction of a live environment.
Conflicts with allowed_account_ids.
force_path_style
Optional
force_path_style
- Deprecated: Use usePathStyle instead
force_path_style: bool
- Type: bool
(Optional) Enable path-style S3 URLs (https://< HOST >/< BUCKET > instead of https://< BUCKET >.< HOST >).
http_proxy
Optional
http_proxy: str
- Type: str
(Optional) URL of a proxy to use for HTTP requests when accessing the AWS API.
Can also be set using the HTTP_PROXY or http_proxy environment variables.
https_proxy
Optional
https_proxy: str
- Type: str
(Optional) URL of a proxy to use for HTTPS requests when accessing the AWS API.
Can also be set using the HTTPS_PROXY or https_proxy environment variables.
iam_endpoint
Optional
iam_endpoint
- Deprecated: Use endpoints.iam instead
iam_endpoint: str
- Type: str
(Optional) Custom endpoint for the AWS Identity and Access Management (IAM) API.
This can also be sourced from the AWS_IAM_ENDPOINT environment variable.
insecure
Optional
insecure: bool
- Type: bool
Optional) Whether to explicitly allow the backend to perform "insecure" SSL requests.
If omitted, the default value is false.
kms_key_id
Optional
kms_key_id: str
- Type: str
(Optional) Amazon Resource Name (ARN) of a Key Management Service (KMS) Key to use for encrypting the state.
Note that if this value is specified, Terraform will need kms:Encrypt, kms:Decrypt and kms:GenerateDataKey permissions on this KMS key.
max_retries
Optional
max_retries: typing.Union[int, float]
- Type: typing.Union[int, float]
(Optional) The maximum number of times an AWS API request is retried on retryable failure.
Defaults to 5.
no_proxy
Optional
no_proxy: str
- Type: str
(Optional) Comma-separated list of hosts that should not use HTTP or HTTPS proxies.
Each value can be one of:
- A domain name
- An IP address
- A CIDR address
- An asterisk (*), to indicate that no proxying should be performed Domain name and IP address values can also include a port number. Can also be set using the NO_PROXY or no_proxy environment variables.
profile
Optional
profile: str
- Type: str
(Optional) Name of AWS profile in AWS shared credentials file (e.g. ~/.aws/credentials) or AWS shared configuration file (e.g. ~/.aws/config) to use for credentials and/or configuration. This can also be sourced from the AWS_PROFILE environment variable.
region
Optional
region: str
- Type: str
AWS Region of the S3 Bucket and DynamoDB Table (if used).
This can also be sourced from the AWS_DEFAULT_REGION and AWS_REGION environment variables.
retry_mode
Optional
retry_mode: str
- Type: str
(Optional) Specifies how retries are attempted.
Valid values are standard and adaptive. Can also be configured using the AWS_RETRY_MODE environment variable or the shared config file parameter retry_mode.
role_arn
Optional
role_arn
- Deprecated: Use assumeRole.roleArn instead.
role_arn: str
- Type: str
(Optional) Amazon Resource Name (ARN) of the IAM Role to assume.
secret_key
Optional
secret_key: str
- Type: str
(Optional) AWS secret access key.
If configured, must also configure access_key. This can also be sourced from the AWS_SECRET_ACCESS_KEY environment variable, AWS shared credentials file (e.g. ~/.aws/credentials), or AWS shared configuration file (e.g. ~/.aws/config)
session_name
Optional
session_name
- Deprecated: Use assumeRole.sessionName instead.
session_name: str
- Type: str
(Optional) Session name to use when assuming the role.
shared_config_files
Optional
shared_config_files: typing.List[str]
- Type: typing.List[str]
(Optional) List of paths to AWS shared configuration files.
Defaults to ~/.aws/config.
shared_credentials_file
Optional
shared_credentials_file: str
- Type: str
(Optional) Path to the AWS shared credentials file.
Defaults to ~/.aws/credentials.
shared_credentials_files
Optional
shared_credentials_files: typing.List[str]
- Type: typing.List[str]
(Optional) List of paths to AWS shared credentials files.
Defaults to ~/.aws/credentials.
skip_credentials_validation
Optional
skip_credentials_validation: bool
- Type: bool
(Optional) Skip credentials validation via the STS API.
skip_metadata_api_check
Optional
skip_metadata_api_check: bool
- Type: bool
(Optional) Skip usage of EC2 Metadata API.
skip_region_validation
Optional
skip_region_validation: bool
- Type: bool
(Optional) Skip validation of provided region name.
skip_requesting_account_id
Optional
skip_requesting_account_id: bool
- Type: bool
(Optional) Whether to skip requesting the account ID.
Useful for AWS API implementations that do not have the IAM, STS API, or metadata API.
skip_s3_checksum
Optional
skip_s3_checksum: bool
- Type: bool
(Optional) Do not include checksum when uploading S3 Objects.
Useful for some S3-Compatible APIs.
sse_customer_key
Optional
sse_customer_key: str
- Type: str
(Optional) The key to use for encrypting state with Server-Side Encryption with Customer-Provided Keys (SSE-C).
This is the base64-encoded value of the key, which must decode to 256 bits. This can also be sourced from the AWS_SSE_CUSTOMER_KEY environment variable, which is recommended due to the sensitivity of the value. Setting it inside a terraform file will cause it to be persisted to disk in terraform.tfstate.
sts_endpoint
Optional
sts_endpoint
- Deprecated: Use endpoints.sts instead
sts_endpoint: str
- Type: str
(Optional) Custom endpoint for the AWS Security Token Service (STS) API.
This can also be sourced from the AWS_STS_ENDPOINT environment variable.
sts_region
Optional
sts_region: str
- Type: str
(Optional) AWS region for STS.
If unset, AWS will use the same region for STS as other non-STS operations.
token
Optional
token: str
- Type: str
(Optional) Multi-Factor Authentication (MFA) token.
This can also be sourced from the AWS_SESSION_TOKEN environment variable.
use_legacy_workflow
Optional
use_legacy_workflow: bool
- Type: bool
(Optional) Use the legacy authentication workflow, preferring environment variables over backend configuration.
Defaults to true. This behavior does not align with the authentication flow of the AWS CLI or SDK's, and will be removed in the future.
use_path_style
Optional
use_path_style: bool
- Type: bool
(Optional) Enable path-style S3 URLs (https://< HOST >/< BUCKET > instead of https://< BUCKET >.< HOST >).
workspace_key_prefix
Optional
workspace_key_prefix: str
- Type: str
(Optional) Prefix applied to the state path inside the bucket.
This is only relevant when using a non-default workspace. Defaults to env:
DataTerraformRemoteStateSwiftConfig
Initializer
import cdktf
cdktf.DataTerraformRemoteStateSwiftConfig(
defaults: typing.Mapping[typing.Any] = None,
workspace: str = None,
container: str,
application_credential_id: str = None,
application_credential_name: str = None,
application_credential_secret: str = None,
archive_container: str = None,
auth_url: str = None,
cacert_file: str = None,
cert: str = None,
cloud: str = None,
default_domain: str = None,
domain_id: str = None,
domain_name: str = None,
expire_after: str = None,
insecure: bool = None,
key: str = None,
password: str = None,
project_domain_id: str = None,
project_domain_name: str = None,
region_name: str = None,
state_name: str = None,
tenant_id: str = None,
tenant_name: str = None,
token: str = None,
user_domain_id: str = None,
user_domain_name: str = None,
user_id: str = None,
user_name: str = None
)
Properties
Name | Type | Description |
---|---|---|
defaults | typing.Mapping[typing.Any] | No description. |
workspace | str | No description. |
container | str | No description. |
application_credential_id | str | No description. |
application_credential_name | str | No description. |
application_credential_secret | str | No description. |
archive_container | str | No description. |
auth_url | str | No description. |
cacert_file | str | No description. |
cert | str | No description. |
cloud | str | No description. |
default_domain | str | No description. |
domain_id | str | No description. |
domain_name | str | No description. |
expire_after | str | No description. |
insecure | bool | No description. |
key | str | No description. |
password | str | No description. |
project_domain_id | str | No description. |
project_domain_name | str | No description. |
region_name | str | No description. |
state_name | str | No description. |
tenant_id | str | No description. |
tenant_name | str | No description. |
token | str | No description. |
user_domain_id | str | No description. |
user_domain_name | str | No description. |
user_id | str | No description. |
user_name | str | No description. |
defaults
Optional
defaults
- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
defaults: typing.Mapping[typing.Any]
- Type: typing.Mapping[typing.Any]
workspace
Optional
workspace
- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
workspace: str
- Type: str
container
Required
container
- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
container: str
- Type: str
application_credential_id
Optional
application_credential_id
- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
application_credential_id: str
- Type: str
application_credential_name
Optional
application_credential_name
- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
application_credential_name: str
- Type: str
application_credential_secret
Optional
application_credential_secret
- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
application_credential_secret: str
- Type: str
archive_container
Optional
archive_container
- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
archive_container: str
- Type: str
auth_url
Optional
auth_url
- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
auth_url: str
- Type: str
cacert_file
Optional
cacert_file
- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
cacert_file: str
- Type: str
cert
Optional
cert
- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
cert: str
- Type: str
cloud
Optional
cloud
- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
cloud: str
- Type: str
default_domain
Optional
default_domain
- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
default_domain: str
- Type: str
domain_id
Optional
domain_id
- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
domain_id: str
- Type: str
domain_name
Optional
domain_name
- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
domain_name: str
- Type: str
expire_after
Optional
expire_after
- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
expire_after: str
- Type: str
insecure
Optional
insecure
- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
insecure: bool
- Type: bool
key
Optional
key
- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
key: str
- Type: str
password
Optional
password
- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
password: str
- Type: str
project_domain_id
Optional
project_domain_id
- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
project_domain_id: str
- Type: str
project_domain_name
Optional
project_domain_name
- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
project_domain_name: str
- Type: str
region_name
Optional
region_name
- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
region_name: str
- Type: str
state_name
Optional
state_name
- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
state_name: str
- Type: str
tenant_id
Optional
tenant_id
- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
tenant_id: str
- Type: str
tenant_name
Optional
tenant_name
- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
tenant_name: str
- Type: str
token
Optional
token
- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
token: str
- Type: str
user_domain_id
Optional
user_domain_id
- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
user_domain_id: str
- Type: str
user_domain_name
Optional
user_domain_name
- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
user_domain_name: str
- Type: str
user_id
Optional
user_id
- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
user_id: str
- Type: str
user_name
Optional
user_name
- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
user_name: str
- Type: str
EncodingOptions
Properties to string encodings.
Initializer
import cdktf
cdktf.EncodingOptions(
display_hint: str = None
)
Properties
Name | Type | Description |
---|---|---|
display_hint | str | A hint for the Token's purpose when stringifying it. |
display_hint
Optional
display_hint: str
- Type: str
- Default: no display hint
A hint for the Token's purpose when stringifying it.
FileProvisioner
The file provisioner copies files or directories from the machine running Terraform to the newly created resource.
The file provisioner supports both ssh and winrm type connections.
See {@link https://developer.hashicorp.com/terraform/language/resources/provisioners/file file}
Initializer
import cdktf
cdktf.FileProvisioner(
destination: str,
type: str,
connection: typing.Union[SSHProvisionerConnection, WinrmProvisionerConnection] = None,
content: str = None,
source: str = None
)
Properties
Name | Type | Description |
---|---|---|
destination | str | The source file or directory. |
type | str | No description. |
connection | typing.Union[SSHProvisionerConnection, WinrmProvisionerConnection] | Most provisioners require access to the remote resource via SSH or WinRM and expect a nested connection block with details about how to connect. |
content | str | The destination path to write to on the remote system. |
source | str | The direct content to copy on the destination. |
destination
Required
destination: str
- Type: str
The source file or directory.
Specify it either relative to the current working directory or as an absolute path. This argument cannot be combined with content.
type
Required
type: str
- Type: str
connection
Optional
connection: typing.Union[SSHProvisionerConnection, WinrmProvisionerConnection]
- Type: typing.Union[SSHProvisionerConnection, WinrmProvisionerConnection]
Most provisioners require access to the remote resource via SSH or WinRM and expect a nested connection block with details about how to connect.
content
Optional
content: str
- Type: str
The destination path to write to on the remote system.
See Destination Paths below for more information.
source
Optional
source: str
- Type: str
The direct content to copy on the destination.
If destination is a file, the content will be written on that file. In case of a directory, a file named tf-file-content is created inside that directory. We recommend using a file as the destination when using content. This argument cannot be combined with source.
GcsBackendConfig
Stores the state as an object in a configurable prefix in a pre-existing bucket on Google Cloud Storage (GCS).
The bucket must exist prior to configuring the backend.
This backend supports state locking.
Warning! It is highly recommended that you enable Object Versioning on the GCS bucket to allow for state recovery in the case of accidental deletions and human error.
Read more about this backend in the Terraform docs: https://developer.hashicorp.com/terraform/language/settings/backends/gcs
Initializer
import cdktf
cdktf.GcsBackendConfig(
bucket: str,
access_token: str = None,
credentials: str = None,
encryption_key: str = None,
impersonate_service_account: str = None,
impersonate_service_account_delegates: typing.List[str] = None,
kms_encryption_key: str = None,
prefix: str = None,
storeage_custom_endpoint: str = None
)
Properties
Name | Type | Description |
---|---|---|
bucket | str | (Required) The name of the GCS bucket. |
access_token | str | (Optional) A temporary [OAuth 2.0 access token] obtained from the Google Authorization server, i.e. the Authorization: Bearer token used to authenticate HTTP requests to GCP APIs. This is an alternative to credentials. If both are specified, access_token will be used over the credentials field. |
credentials | str | (Optional) Local path to Google Cloud Platform account credentials in JSON format. |
encryption_key | str | (Optional) A 32 byte base64 encoded 'customer supplied encryption key' used to encrypt all state. |
impersonate_service_account | str | (Optional) The service account to impersonate for accessing the State Bucket. |
impersonate_service_account_delegates | typing.List[str] | (Optional) The delegation chain for an impersonating a service account. |
kms_encryption_key | str | (Optional) A Cloud KMS key ('customer-managed encryption key') used when reading and writing state files in the bucket. |
prefix | str | (Optional) GCS prefix inside the bucket. |
storeage_custom_endpoint | str | (Optional) A URL containing three parts: the protocol, the DNS name pointing to a Private Service Connect endpoint, and the path for the Cloud Storage API (/storage/v1/b). |
bucket
Required
bucket: str
- Type: str
(Required) The name of the GCS bucket.
This name must be globally unique.
access_token
Optional
access_token: str
- Type: str
(Optional) A temporary [OAuth 2.0 access token] obtained from the Google Authorization server, i.e. the Authorization: Bearer token used to authenticate HTTP requests to GCP APIs. This is an alternative to credentials. If both are specified, access_token will be used over the credentials field.
credentials
Optional
credentials: str
- Type: str
(Optional) Local path to Google Cloud Platform account credentials in JSON format.
If unset, Google Application Default Credentials are used. The provided credentials must have Storage Object Admin role on the bucket.
Warning: if using the Google Cloud Platform provider as well, it will also pick up the GOOGLE_CREDENTIALS environment variable.
encryption_key
Optional
encryption_key: str
- Type: str
(Optional) A 32 byte base64 encoded 'customer supplied encryption key' used to encrypt all state.
impersonate_service_account
Optional
impersonate_service_account: str
- Type: str
(Optional) The service account to impersonate for accessing the State Bucket.
You must have roles/iam.serviceAccountTokenCreator role on that account for the impersonation to succeed. If you are using a delegation chain, you can specify that using the impersonate_service_account_delegates field. Alternatively, this can be specified using the GOOGLE_IMPERSONATE_SERVICE_ACCOUNT environment variable.
impersonate_service_account_delegates
Optional
impersonate_service_account_delegates: typing.List[str]
- Type: typing.List[str]
(Optional) The delegation chain for an impersonating a service account.
kms_encryption_key
Optional
kms_encryption_key: str
- Type: str
(Optional) A Cloud KMS key ('customer-managed encryption key') used when reading and writing state files in the bucket.
Format should be projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{name}}. For more information, including IAM requirements, see {@link https://cloud.google.com/storage/docs/encryption/customer-managed-keys Customer-managed Encryption Keys}.
prefix
Optional
prefix: str
- Type: str
(Optional) GCS prefix inside the bucket.
Named states for workspaces are stored in an object called < prefix >/< name >.tfstate.
storeage_custom_endpoint
Optional
storeage_custom_endpoint: str
- Type: str
(Optional) A URL containing three parts: the protocol, the DNS name pointing to a Private Service Connect endpoint, and the path for the Cloud Storage API (/storage/v1/b).
{@link https://developer.hashicorp.com/terraform/language/settings/backends/gcs#storage_custom_endpoint See here for more details}
HttpBackendConfig
Stores the state using a simple REST client.
State will be fetched via GET, updated via POST, and purged with DELETE. The method used for updating is configurable.
This backend optionally supports state locking. When locking support is enabled it will use LOCK and UNLOCK requests providing the lock info in the body. The endpoint should return a 423: Locked or 409: Conflict with the holding lock info when it's already taken, 200: OK for success. Any other status will be considered an error. The ID of the holding lock info will be added as a query parameter to state updates requests.
Read more about this backend in the Terraform docs: https://developer.hashicorp.com/terraform/language/settings/backends/http
Initializer
import cdktf
cdktf.HttpBackendConfig(
address: str,
client_ca_certificate_pem: str = None,
client_certificate_pem: str = None,
client_private_key_pem: str = None,
lock_address: str = None,
lock_method: str = None,
password: str = None,
retry_max: typing.Union[int, float] = None,
retry_wait_max: typing.Union[int, float] = None,
retry_wait_min: typing.Union[int, float] = None,
skip_cert_verification: bool = None,
unlock_address: str = None,
unlock_method: str = None,
update_method: str = None,
username: str = None
)
Properties
Name | Type | Description |
---|---|---|
address | str | (Required) The address of the REST endpoint. |
client_ca_certificate_pem | str | (Optional) A PEM-encoded CA certificate chain used by the client to verify server certificates during TLS authentication. |
client_certificate_pem | str | (Optional) A PEM-encoded certificate used by the server to verify the client during mutual TLS (mTLS) authentication. |
client_private_key_pem | str | (Optional) A PEM-encoded private key, required if client_certificate_pem is specified. |
lock_address | str | (Optional) The address of the lock REST endpoint. |
lock_method | str | (Optional) The HTTP method to use when locking. |
password | str | (Optional) The password for HTTP basic authentication. |
retry_max | typing.Union[int, float] | (Optional) The number of HTTP request retries. |
retry_wait_max | typing.Union[int, float] | (Optional) The maximum time in seconds to wait between HTTP request attempts. |
retry_wait_min | typing.Union[int, float] | (Optional) The minimum time in seconds to wait between HTTP request attempts. |
skip_cert_verification | bool | (Optional) Whether to skip TLS verification. |
unlock_address | str | (Optional) The address of the unlock REST endpoint. |
unlock_method | str | (Optional) The HTTP method to use when unlocking. |
update_method | str | (Optional) HTTP method to use when updating state. |
username | str | (Optional) The username for HTTP basic authentication. |
address
Required
address: str
- Type: str
(Required) The address of the REST endpoint.
client_ca_certificate_pem
Optional
client_ca_certificate_pem: str
- Type: str
(Optional) A PEM-encoded CA certificate chain used by the client to verify server certificates during TLS authentication.
client_certificate_pem
Optional
client_certificate_pem: str
- Type: str
(Optional) A PEM-encoded certificate used by the server to verify the client during mutual TLS (mTLS) authentication.
client_private_key_pem
Optional
client_private_key_pem: str
- Type: str
(Optional) A PEM-encoded private key, required if client_certificate_pem is specified.
lock_address
Optional
lock_address: str
- Type: str
(Optional) The address of the lock REST endpoint.
Defaults to disabled.
lock_method
Optional
lock_method: str
- Type: str
(Optional) The HTTP method to use when locking.
Defaults to LOCK.
password
Optional
password: str
- Type: str
(Optional) The password for HTTP basic authentication.
retry_max
Optional
retry_max: typing.Union[int, float]
- Type: typing.Union[int, float]
(Optional) The number of HTTP request retries.
Defaults to 2.
retry_wait_max
Optional
retry_wait_max: typing.Union[int, float]
- Type: typing.Union[int, float]
(Optional) The maximum time in seconds to wait between HTTP request attempts.
Defaults to 30.
retry_wait_min
Optional
retry_wait_min: typing.Union[int, float]
- Type: typing.Union[int, float]
(Optional) The minimum time in seconds to wait between HTTP request attempts.
Defaults to 1.
skip_cert_verification
Optional
skip_cert_verification: bool
- Type: bool
(Optional) Whether to skip TLS verification.
Defaults to false.
unlock_address
Optional
unlock_address: str
- Type: str
(Optional) The address of the unlock REST endpoint.
Defaults to disabled.
unlock_method
Optional
unlock_method: str
- Type: str
(Optional) The HTTP method to use when unlocking.
Defaults to UNLOCK.
update_method
Optional
update_method: str
- Type: str
(Optional) HTTP method to use when updating state.
Defaults to POST.
username
Optional
username: str
- Type: str
(Optional) The username for HTTP basic authentication.
LazyAnyValueOptions
Options for creating lazy untyped tokens.
Initializer
import cdktf
cdktf.LazyAnyValueOptions(
display_hint: str = None,
omit_empty_array: bool = None
)
Properties
Name | Type | Description |
---|---|---|
display_hint | str | Use the given name as a display hint. |
omit_empty_array | bool | If the produced value is an array and it is empty, return 'undefined' instead. |
display_hint
Optional
display_hint: str
- Type: str
- Default: No hint
Use the given name as a display hint.
omit_empty_array
Optional
omit_empty_array: bool
- Type: bool
- Default: false
If the produced value is an array and it is empty, return 'undefined' instead.
LazyListValueOptions
Options for creating a lazy list token.
Initializer
import cdktf
cdktf.LazyListValueOptions(
display_hint: str = None,
omit_empty: bool = None
)
Properties
Name | Type | Description |
---|---|---|
display_hint | str | Use the given name as a display hint. |
omit_empty | bool | If the produced list is empty, return 'undefined' instead. |
display_hint
Optional
display_hint: str
- Type: str
- Default: No hint
Use the given name as a display hint.
omit_empty
Optional
omit_empty: bool
- Type: bool
- Default: false
If the produced list is empty, return 'undefined' instead.
LazyStringValueOptions
Options for creating a lazy string token.
Initializer
import cdktf
cdktf.LazyStringValueOptions(
display_hint: str = None
)
Properties
Name | Type | Description |
---|---|---|
display_hint | str | Use the given name as a display hint. |
display_hint
Optional
display_hint: str
- Type: str
- Default: No hint
Use the given name as a display hint.
LocalBackendConfig
The local backend stores state on the local filesystem, locks that state using system APIs, and performs operations locally.
Read more about this backend in the Terraform docs: https://developer.hashicorp.com/terraform/language/settings/backends/local
Initializer
import cdktf
cdktf.LocalBackendConfig(
path: str = None,
workspace_dir: str = None
)
Properties
Name | Type | Description |
---|---|---|
path | str | Path where the state file is stored. |
workspace_dir | str | (Optional) The path to non-default workspaces. |
path
Optional
path: str
- Type: str
- Default: defaults to terraform.${stackId}.tfstate
Path where the state file is stored.
workspace_dir
Optional
workspace_dir: str
- Type: str
(Optional) The path to non-default workspaces.
LocalExecProvisioner
The local-exec provisioner invokes a local executable after a resource is created.
This invokes a process on the machine running Terraform, not on the resource.
See {@link https://developer.hashicorp.com/terraform/language/resources/provisioners/local-exec local-exec}
Initializer
import cdktf
cdktf.LocalExecProvisioner(
command: str,
type: str,
environment: typing.Mapping[str] = None,
interpreter: typing.List[str] = None,
when: str = None,
working_dir: str = None
)
Properties
Name | Type | Description |
---|---|---|
command | str | This is the command to execute. |
type | str | No description. |
environment | typing.Mapping[str] | A record of key value pairs representing the environment of the executed command. |
interpreter | typing.List[str] | If provided, this is a list of interpreter arguments used to execute the command. |
when | str | If provided, specifies when Terraform will execute the command. |
working_dir | str | If provided, specifies the working directory where command will be executed. |
command
Required
command: str
- Type: str
This is the command to execute.
It can be provided as a relative path to the current working directory or as an absolute path. It is evaluated in a shell, and can use environment variables or Terraform variables.
type
Required
type: str
- Type: str
environment
Optional
environment: typing.Mapping[str]
- Type: typing.Mapping[str]
A record of key value pairs representing the environment of the executed command.
It inherits the current process environment.
interpreter
Optional
interpreter: typing.List[str]
- Type: typing.List[str]
If provided, this is a list of interpreter arguments used to execute the command.
The first argument is the interpreter itself. It can be provided as a relative path to the current working directory or as an absolute path The remaining arguments are appended prior to the command. This allows building command lines of the form "/bin/bash", "-c", "echo foo". If interpreter is unspecified, sensible defaults will be chosen based on the system OS.
when
Optional
when: str
- Type: str
If provided, specifies when Terraform will execute the command.
For example, when = destroy specifies that the provisioner will run when the associated resource is destroyed
working_dir
Optional
working_dir: str
- Type: str
If provided, specifies the working directory where command will be executed.
It can be provided as a relative path to the current working directory or as an absolute path. The directory must exist.
OssAssumeRole
Initializer
import cdktf
cdktf.OssAssumeRole(
role_arn: str,
policy: str = None,
session_expiration: typing.Union[int, float] = None,
session_name: str = None
)
Properties
Name | Type | Description |
---|---|---|
role_arn | str | No description. |
policy | str | No description. |
session_expiration | typing.Union[int, float] | No description. |
session_name | str | No description. |
role_arn
Required
role_arn: str
- Type: str
policy
Optional
policy: str
- Type: str
session_expiration
Optional
session_expiration: typing.Union[int, float]
- Type: typing.Union[int, float]
session_name
Optional
session_name: str
- Type: str
OssBackendConfig
Initializer
import cdktf
cdktf.OssBackendConfig(
bucket: str,
access_key: str = None,
acl: str = None,
assume_role: OssAssumeRole = None,
assume_role_policy: str = None,
assume_role_role_arn: str = None,
assume_role_session_expiration: typing.Union[int, float] = None,
assume_role_session_name: str = None,
ecs_role_name: str = None,
encrypt: bool = None,
endpoint: str = None,
key: str = None,
prefix: str = None,
profile: str = None,
region: str = None,
secret_key: str = None,
security_token: str = None,
shared_credentials_file: str = None,
sts_endpoint: str = None,
tablestore_endpoint: str = None,
tablestore_table: str = None
)
Properties
Name | Type | Description |
---|---|---|
bucket | str | (Required) The name of the OSS bucket. |
access_key | str | (Optional) Alibaba Cloud access key. |
acl | str | (Optional) Object ACL to be applied to the state file. |
assume_role | OssAssumeRole | No description. |
assume_role_policy | str | (Optional, Available in 1.1.0+) A more restrictive policy to apply to the temporary credentials. This gives you a way to further restrict the permissions for the resulting temporary security credentials. You cannot use this policy to grant permissions that exceed those of the role that is being assumed. |
assume_role_role_arn | str | (Optional, Available in 1.1.0+) The ARN of the role to assume. If ARN is set to an empty string, it does not perform role switching. It supports the environment variable ALICLOUD_ASSUME_ROLE_ARN. Terraform executes configuration on account with provided credentials. |
assume_role_session_expiration | typing.Union[int, float] | (Optional, Available in 1.1.0+) The time after which the established session for assuming role expires. Valid value range: [900-3600] seconds. Default to 3600 (in this case Alibaba Cloud uses its own default value). It supports environment variable ALICLOUD_ASSUME_ROLE_SESSION_EXPIRATION. |
assume_role_session_name | str | (Optional, Available in 1.1.0+) The session name to use when assuming the role. If omitted, 'terraform' is passed to the AssumeRole call as session name. It supports environment variable ALICLOUD_ASSUME_ROLE_SESSION_NAME. |
ecs_role_name | str | (Optional, Available in 0.12.14+) The RAM Role Name attached on a ECS instance for API operations. You can retrieve this from the 'Access Control' section of the Alibaba Cloud console. |
encrypt | bool | (Optional) Whether to enable server side encryption of the state file. |
endpoint | str | (Optional) A custom endpoint for the OSS API. |
key | str | (Optional) The name of the state file. |
prefix | str | (Optional) The path directory of the state file will be stored. |
profile | str | (Optional, Available in 0.12.8+) This is the Alibaba Cloud profile name as set in the shared credentials file. It can also be sourced from the ALICLOUD_PROFILE environment variable. |
region | str | (Optional) The region of the OSS bucket. |
secret_key | str | (Optional) Alibaba Cloud secret access key. |
security_token | str | (Optional) STS access token. |
shared_credentials_file | str | (Optional, Available in 0.12.8+) This is the path to the shared credentials file. It can also be sourced from the ALICLOUD_SHARED_CREDENTIALS_FILE environment variable. If this is not set and a profile is specified, ~/.aliyun/config.json will be used. |
sts_endpoint | str | (Optional, Available in 1.0.11+) Custom endpoint for the AliCloud Security Token Service (STS) API. It supports environment variable ALICLOUD_STS_ENDPOINT. |
tablestore_endpoint | str | (Optional) A custom endpoint for the TableStore API. |
tablestore_table | str | (Optional) A TableStore table for state locking and consistency. |
bucket
Required
bucket: str
- Type: str
(Required) The name of the OSS bucket.
access_key
Optional
access_key: str
- Type: str
(Optional) Alibaba Cloud access key.
It supports environment variables ALICLOUD_ACCESS_KEY and ALICLOUD_ACCESS_KEY_ID.
acl
Optional
acl: str
- Type: str
(Optional) Object ACL to be applied to the state file.
assume_role
Optional
assume_role
- Deprecated: Use flattened assume role options
assume_role: OssAssumeRole
- Type: OssAssumeRole
assume_role_policy
Optional
assume_role_policy: str
- Type: str
(Optional, Available in 1.1.0+) A more restrictive policy to apply to the temporary credentials. This gives you a way to further restrict the permissions for the resulting temporary security credentials. You cannot use this policy to grant permissions that exceed those of the role that is being assumed.
assume_role_role_arn
Optional
assume_role_role_arn: str
- Type: str
(Optional, Available in 1.1.0+) The ARN of the role to assume. If ARN is set to an empty string, it does not perform role switching. It supports the environment variable ALICLOUD_ASSUME_ROLE_ARN. Terraform executes configuration on account with provided credentials.
assume_role_session_expiration
Optional
assume_role_session_expiration: typing.Union[int, float]
- Type: typing.Union[int, float]
(Optional, Available in 1.1.0+) The time after which the established session for assuming role expires. Valid value range: [900-3600] seconds. Default to 3600 (in this case Alibaba Cloud uses its own default value). It supports environment variable ALICLOUD_ASSUME_ROLE_SESSION_EXPIRATION.
assume_role_session_name
Optional
assume_role_session_name: str
- Type: str
(Optional, Available in 1.1.0+) The session name to use when assuming the role. If omitted, 'terraform' is passed to the AssumeRole call as session name. It supports environment variable ALICLOUD_ASSUME_ROLE_SESSION_NAME.
ecs_role_name
Optional
ecs_role_name: str
- Type: str
(Optional, Available in 0.12.14+) The RAM Role Name attached on a ECS instance for API operations. You can retrieve this from the 'Access Control' section of the Alibaba Cloud console.
encrypt
Optional
encrypt: bool
- Type: bool
(Optional) Whether to enable server side encryption of the state file.
If it is true, OSS will use 'AES256' encryption algorithm to encrypt state file.
endpoint
Optional
endpoint: str
- Type: str
(Optional) A custom endpoint for the OSS API.
It supports environment variables ALICLOUD_OSS_ENDPOINT and OSS_ENDPOINT.
key
Optional
key: str
- Type: str
(Optional) The name of the state file.
Defaults to terraform.tfstate.
prefix
Optional
prefix: str
- Type: str
(Optional) The path directory of the state file will be stored.
Default to "env:".
profile
Optional
profile: str
- Type: str
(Optional, Available in 0.12.8+) This is the Alibaba Cloud profile name as set in the shared credentials file. It can also be sourced from the ALICLOUD_PROFILE environment variable.
region
Optional
region: str
- Type: str
(Optional) The region of the OSS bucket.
It supports environment variables ALICLOUD_REGION and ALICLOUD_DEFAULT_REGION.
secret_key
Optional
secret_key: str
- Type: str
(Optional) Alibaba Cloud secret access key.
It supports environment variables ALICLOUD_SECRET_KEY and ALICLOUD_ACCESS_KEY_SECRET.
security_token
Optional
security_token: str
- Type: str
(Optional) STS access token.
It supports environment variable ALICLOUD_SECURITY_TOKEN.
shared_credentials_file
Optional
shared_credentials_file: str
- Type: str
(Optional, Available in 0.12.8+) This is the path to the shared credentials file. It can also be sourced from the ALICLOUD_SHARED_CREDENTIALS_FILE environment variable. If this is not set and a profile is specified, ~/.aliyun/config.json will be used.
sts_endpoint
Optional
sts_endpoint: str
- Type: str
(Optional, Available in 1.0.11+) Custom endpoint for the AliCloud Security Token Service (STS) API. It supports environment variable ALICLOUD_STS_ENDPOINT.
tablestore_endpoint
Optional
tablestore_endpoint: str
- Type: str
(Optional) A custom endpoint for the TableStore API.
tablestore_table
Optional
tablestore_table: str
- Type: str
(Optional) A TableStore table for state locking and consistency.
The table must have a primary key named LockID of type String.
PgBackendConfig
Initializer
import cdktf
cdktf.PgBackendConfig(
conn_str: str,
schema_name: str = None,
skip_index_creation: bool = None,
skip_schema_creation: bool = None,
skip_table_creation: bool = None
)
Properties
Name | Type | Description |
---|---|---|
conn_str | str | Postgres connection string; |
schema_name | str | Name of the automatically-managed Postgres schema, default to terraform_remote_state. |
skip_index_creation | bool | If set to true, the Postgres index must already exist. |
skip_schema_creation | bool | If set to true, the Postgres schema must already exist. |
skip_table_creation | bool | If set to true, the Postgres table must already exist. |
conn_str
Required
conn_str: str
- Type: str
Postgres connection string;
a postgres:// URL. The PG_CONN_STR and standard libpq environment variables can also be used to indicate how to connect to the PostgreSQL database.
schema_name
Optional
schema_name: str
- Type: str
Name of the automatically-managed Postgres schema, default to terraform_remote_state.
Can also be set using the PG_SCHEMA_NAME environment variable.
skip_index_creation
Optional
skip_index_creation: bool
- Type: bool
If set to true, the Postgres index must already exist.
Can also be set using the PG_SKIP_INDEX_CREATION environment variable. Terraform won't try to create the index, this is useful when it has already been created by a database administrator.
skip_schema_creation
Optional
skip_schema_creation: bool
- Type: bool
If set to true, the Postgres schema must already exist.
Can also be set using the PG_SKIP_SCHEMA_CREATION environment variable. Terraform won't try to create the schema, this is useful when it has already been created by a database administrator.
skip_table_creation
Optional
skip_table_creation: bool
- Type: bool
If set to true, the Postgres table must already exist.
Can also be set using the PG_SKIP_TABLE_CREATION environment variable. Terraform won't try to create the table, this is useful when it has already been created by a database administrator.
Postcondition
Terraform checks a postcondition after evaluating the object it is associated with.
Initializer
import cdktf
cdktf.Postcondition(
condition: typing.Any,
error_message: str
)
Properties
Name | Type | Description |
---|---|---|
condition | typing.Any | This is a boolean expression that should return true if the intended assumption or guarantee is fulfilled or false if it does not. |
error_message | str | This contains the text that Terraform will include as part of error messages when it detects an unmet condition. |
condition
Required
condition: typing.Any
- Type: typing.Any
This is a boolean expression that should return true if the intended assumption or guarantee is fulfilled or false if it does not.
error_message
Required
error_message: str
- Type: str
This contains the text that Terraform will include as part of error messages when it detects an unmet condition.
Precondition
Terraform checks a precondition before evaluating the object it is associated with.
Initializer
import cdktf
cdktf.Precondition(
condition: typing.Any,
error_message: str
)
Properties
Name | Type | Description |
---|---|---|
condition | typing.Any | This is a boolean expression that should return true if the intended assumption or guarantee is fulfilled or false if it does not. |
error_message | str | This contains the text that Terraform will include as part of error messages when it detects an unmet condition. |
condition
Required
condition: typing.Any
- Type: typing.Any
This is a boolean expression that should return true if the intended assumption or guarantee is fulfilled or false if it does not.
error_message
Required
error_message: str
- Type: str
This contains the text that Terraform will include as part of error messages when it detects an unmet condition.
RemoteBackendConfig
Initializer
import cdktf
cdktf.RemoteBackendConfig(
organization: str,
workspaces: IRemoteWorkspace,
hostname: str = None,
token: str = None
)
Properties
Name | Type | Description |
---|---|---|
organization | str | No description. |
workspaces | IRemoteWorkspace | No description. |
hostname | str | No description. |
token | str | No description. |
organization
Required
organization: str
- Type: str
workspaces
Required
workspaces: IRemoteWorkspace
- Type: IRemoteWorkspace
hostname
Optional
hostname: str
- Type: str
token
Optional
token: str
- Type: str
RemoteExecProvisioner
The remote-exec provisioner invokes a script on a remote resource after it is created.
This can be used to run a configuration management tool, bootstrap into a cluster, etc The remote-exec provisioner requires a connection and supports both ssh and winrm.
See {@link https://developer.hashicorp.com/terraform/language/resources/provisioners/remote-exec remote-exec}
Initializer
import cdktf
cdktf.RemoteExecProvisioner(
type: str,
connection: typing.Union[SSHProvisionerConnection, WinrmProvisionerConnection] = None,
inline: typing.List[str] = None,
script: str = None,
scripts: typing.List[str] = None
)
Properties
Name | Type | Description |
---|---|---|
type | str | No description. |
connection | typing.Union[SSHProvisionerConnection, WinrmProvisionerConnection] | Most provisioners require access to the remote resource via SSH or WinRM and expect a nested connection block with details about how to connect. |
inline | typing.List[str] | This is a list of command strings. |
script | str | This is a path (relative or absolute) to a local script that will be copied to the remote resource and then executed. |
scripts | typing.List[str] | This is a list of paths (relative or absolute) to local scripts that will be copied to the remote resource and then executed. |
type
Required
type: str
- Type: str
connection
Optional
connection: typing.Union[SSHProvisionerConnection, WinrmProvisionerConnection]
- Type: typing.Union[SSHProvisionerConnection, WinrmProvisionerConnection]
Most provisioners require access to the remote resource via SSH or WinRM and expect a nested connection block with details about how to connect.
A connection must be provided here or in the parent resource.
inline
Optional
inline: typing.List[str]
- Type: typing.List[str]
This is a list of command strings.
They are executed in the order they are provided. This cannot be provided with script or scripts.
script
Optional
script: str
- Type: str
This is a path (relative or absolute) to a local script that will be copied to the remote resource and then executed.
This cannot be provided with inline or scripts.
scripts
Optional
scripts: typing.List[str]
- Type: typing.List[str]
This is a list of paths (relative or absolute) to local scripts that will be copied to the remote resource and then executed.
They are executed in the order they are provided. This cannot be provided with inline or script.
ResolveOptions
Options to the resolve() operation.
NOT the same as the ResolveContext; ResolveContext is exposed to Token implementors and resolution hooks, whereas this struct is just to bundle a number of things that would otherwise be arguments to resolve() in a readable way.
Initializer
import cdktf
cdktf.ResolveOptions(
resolver: ITokenResolver,
scope: IConstruct,
preparing: bool = None
)
Properties
Name | Type | Description |
---|---|---|
resolver | ITokenResolver | The resolver to apply to any resolvable tokens found. |
scope | constructs.IConstruct | The scope from which resolution is performed. |
preparing | bool | Whether the resolution is being executed during the prepare phase or not. |
resolver
Required
resolver: ITokenResolver
- Type: ITokenResolver
The resolver to apply to any resolvable tokens found.
scope
Required
scope: IConstruct
- Type: constructs.IConstruct
The scope from which resolution is performed.
preparing
Optional
preparing: bool
- Type: bool
- Default: false
Whether the resolution is being executed during the prepare phase or not.
S3BackendAssumeRoleConfig
Initializer
import cdktf
cdktf.S3BackendAssumeRoleConfig(
role_arn: str,
duration: str = None,
external_id: str = None,
policy: str = None,
policy_arns: typing.List[str] = None,
session_name: str = None,
source_identity: str = None,
tags: typing.Mapping[str] = None,
transitive_tag_keys: typing.List[str] = None
)
Properties
Name | Type | Description |
---|---|---|
role_arn | str | (Required) Amazon Resource Name (ARN) of the IAM Role to assume. |
duration | str | (Optional) The duration individual credentials will be valid. |
external_id | str | (Optional) External identifier to use when assuming the role. |
policy | str | (Optional) IAM Policy JSON describing further restricting permissions for the IAM Role being assumed. |
policy_arns | typing.List[str] | (Optional) Set of Amazon Resource Names (ARNs) of IAM Policies describing further restricting permissions for the IAM Role being assumed. |
session_name | str | (Optional) Session name to use when assuming the role. |
source_identity | str | (Optional) Source identity specified by the principal assuming the. |
tags | typing.Mapping[str] | (Optional) Map of assume role session tags. |
transitive_tag_keys | typing.List[str] | (Optional) Set of assume role session tag keys to pass to any subsequent sessions. |
role_arn
Required
role_arn: str
- Type: str
(Required) Amazon Resource Name (ARN) of the IAM Role to assume.
duration
Optional
duration: str
- Type: str
(Optional) The duration individual credentials will be valid.
Credentials are automatically renewed up to the maximum defined by the AWS account. Specified using the format < hours >h< minutes >m< seconds >s with any unit being optional. For example, an hour and a half can be specified as 1h30m or 90m. Must be between 15 minutes (15m) and 12 hours (12h).
external_id
Optional
external_id: str
- Type: str
(Optional) External identifier to use when assuming the role.
policy
Optional
policy: str
- Type: str
(Optional) IAM Policy JSON describing further restricting permissions for the IAM Role being assumed.
policy_arns
Optional
policy_arns: typing.List[str]
- Type: typing.List[str]
(Optional) Set of Amazon Resource Names (ARNs) of IAM Policies describing further restricting permissions for the IAM Role being assumed.
session_name
Optional
session_name: str
- Type: str
(Optional) Session name to use when assuming the role.
source_identity
Optional
source_identity: str
- Type: str
(Optional) Source identity specified by the principal assuming the.
tags
Optional
tags: typing.Mapping[str]
- Type: typing.Mapping[str]
(Optional) Map of assume role session tags.
transitive_tag_keys
Optional
transitive_tag_keys: typing.List[str]
- Type: typing.List[str]
(Optional) Set of assume role session tag keys to pass to any subsequent sessions.
S3BackendAssumeRoleWithWebIdentityConfig
Initializer
import cdktf
cdktf.S3BackendAssumeRoleWithWebIdentityConfig(
duration: str = None,
policy: str = None,
policy_arns: typing.List[str] = None,
role_arn: str = None,
session_name: str = None,
web_identity_token: str = None,
web_identity_token_file: str = None
)
Properties
Name | Type | Description |
---|---|---|
duration | str | (Optional) The duration individual credentials will be valid. |
policy | str | (Optional) IAM Policy JSON describing further restricting permissions for the IAM Role being assumed. |
policy_arns | typing.List[str] | (Optional) Set of Amazon Resource Names (ARNs) of IAM Policies describing further restricting permissions for the IAM Role being assumed. |
role_arn | str | (Required) Amazon Resource Name (ARN) of the IAM Role to assume. |
session_name | str | (Optional) Session name to use when assuming the role. |
web_identity_token | str | (Optional) The value of a web identity token from an OpenID Connect (OIDC) or OAuth provider. |
web_identity_token_file | str | (Optional) File containing a web identity token from an OpenID Connect (OIDC) or OAuth provider. |
duration
Optional
duration: str
- Type: str
(Optional) The duration individual credentials will be valid.
Credentials are automatically renewed up to the maximum defined by the AWS account. Specified using the format < hours >h< minutes >m< seconds >s with any unit being optional. For example, an hour and a half can be specified as 1h30m or 90m. Must be between 15 minutes (15m) and 12 hours (12h).
policy
Optional
policy: str
- Type: str
(Optional) IAM Policy JSON describing further restricting permissions for the IAM Role being assumed.
policy_arns
Optional
policy_arns: typing.List[str]
- Type: typing.List[str]
(Optional) Set of Amazon Resource Names (ARNs) of IAM Policies describing further restricting permissions for the IAM Role being assumed.
role_arn
Optional
role_arn: str
- Type: str
(Required) Amazon Resource Name (ARN) of the IAM Role to assume.
Can also be set with the AWS_ROLE_ARN environment variable.
session_name
Optional
session_name: str
- Type: str
(Optional) Session name to use when assuming the role.
Can also be set with the AWS_ROLE_SESSION_NAME environment variable.
web_identity_token
Optional
web_identity_token: str
- Type: str
(Optional) The value of a web identity token from an OpenID Connect (OIDC) or OAuth provider.
One of web_identity_token or web_identity_token_file is required.
web_identity_token_file
Optional
web_identity_token_file: str
- Type: str
(Optional) File containing a web identity token from an OpenID Connect (OIDC) or OAuth provider.
One of web_identity_token_file or web_identity_token is required. Can also be set with the AWS_WEB_IDENTITY_TOKEN_FILE environment variable.
S3BackendConfig
Stores the state as a given key in a given bucket on Amazon S3.
This backend also supports state locking and consistency checking via Dynamo DB, which can be enabled by setting the dynamodb_table field to an existing DynamoDB table name. A single DynamoDB table can be used to lock multiple remote state files. Terraform generates key names that include the values of the bucket and key variables.
Warning! It is highly recommended that you enable Bucket Versioning on the S3 bucket to allow for state recovery in the case of accidental deletions and human error.
Read more about this backend in the Terraform docs: https://developer.hashicorp.com/terraform/language/settings/backends/s3
Initializer
import cdktf
cdktf.S3BackendConfig(
bucket: str,
key: str,
access_key: str = None,
acl: str = None,
allowed_account_ids: typing.List[str] = None,
assume_role: S3BackendAssumeRoleConfig = None,
assume_role_policy: str = None,
assume_role_policy_arns: typing.List[str] = None,
assume_role_tags: typing.Mapping[str] = None,
assume_role_transitive_tag_keys: typing.List[str] = None,
assume_role_with_web_identity: S3BackendAssumeRoleWithWebIdentityConfig = None,
custom_ca_bundle: str = None,
dynamodb_endpoint: str = None,
dynamodb_table: str = None,
ec2_metadata_service_endpoint: str = None,
ec2_metadata_service_endpoint_mode: str = None,
encrypt: bool = None,
endpoint: str = None,
endpoints: S3BackendEndpointConfig = None,
external_id: str = None,
forbidden_account_ids: typing.List[str] = None,
force_path_style: bool = None,
http_proxy: str = None,
https_proxy: str = None,
iam_endpoint: str = None,
insecure: bool = None,
kms_key_id: str = None,
max_retries: typing.Union[int, float] = None,
no_proxy: str = None,
profile: str = None,
region: str = None,
retry_mode: str = None,
role_arn: str = None,
secret_key: str = None,
session_name: str = None,
shared_config_files: typing.List[str] = None,
shared_credentials_file: str = None,
shared_credentials_files: typing.List[str] = None,
skip_credentials_validation: bool = None,
skip_metadata_api_check: bool = None,
skip_region_validation: bool = None,
skip_requesting_account_id: bool = None,
skip_s3_checksum: bool = None,
sse_customer_key: str = None,
sts_endpoint: str = None,
sts_region: str = None,
token: str = None,
use_legacy_workflow: bool = None,
use_path_style: bool = None,
workspace_key_prefix: str = None
)
Properties
Name | Type | Description |
---|---|---|
bucket | str | Name of the S3 Bucket. |
key | str | Path to the state file inside the S3 Bucket. |
access_key | str | (Optional) AWS access key. |
acl | str | (Optional) Canned ACL to be applied to the state file. |
allowed_account_ids | typing.List[str] | (Optional) List of allowed AWS account IDs to prevent potential destruction of a live environment. |
assume_role | S3BackendAssumeRoleConfig | Assuming an IAM Role can be configured in two ways. |
assume_role_policy | str | (Optional) IAM Policy JSON describing further restricting permissions for the IAM Role being assumed. |
assume_role_policy_arns | typing.List[str] | (Optional) Set of Amazon Resource Names (ARNs) of IAM Policies describing further restricting permissions for the IAM Role being assumed. |
assume_role_tags | typing.Mapping[str] | (Optional) Map of assume role session tags. |
assume_role_transitive_tag_keys | typing.List[str] | (Optional) Set of assume role session tag keys to pass to any subsequent sessions. |
assume_role_with_web_identity | S3BackendAssumeRoleWithWebIdentityConfig | Assume Role With Web Identity Configuration. |
custom_ca_bundle | str | (Optional) File containing custom root and intermediate certificates. |
dynamodb_endpoint | str | (Optional) Custom endpoint for the AWS DynamoDB API. |
dynamodb_table | str | (Optional) Name of DynamoDB Table to use for state locking and consistency. |
ec2_metadata_service_endpoint | str | Optional) Custom endpoint URL for the EC2 Instance Metadata Service (IMDS) API. |
ec2_metadata_service_endpoint_mode | str | (Optional) Mode to use in communicating with the metadata service. |
encrypt | bool | (Optional) Enable server side encryption of the state file. |
endpoint | str | (Optional) Custom endpoint for the AWS S3 API. |
endpoints | S3BackendEndpointConfig | (Optional) The endpoint configuration block. |
external_id | str | (Optional) External identifier to use when assuming the role. |
forbidden_account_ids | typing.List[str] | (Optional) List of forbidden AWS account IDs to prevent potential destruction of a live environment. |
force_path_style | bool | (Optional) Enable path-style S3 URLs (https://< HOST >/< BUCKET > instead of https://< BUCKET >.< HOST >). |
http_proxy | str | (Optional) URL of a proxy to use for HTTP requests when accessing the AWS API. |
https_proxy | str | (Optional) URL of a proxy to use for HTTPS requests when accessing the AWS API. |
iam_endpoint | str | (Optional) Custom endpoint for the AWS Identity and Access Management (IAM) API. |
insecure | bool | Optional) Whether to explicitly allow the backend to perform "insecure" SSL requests. |
kms_key_id | str | (Optional) Amazon Resource Name (ARN) of a Key Management Service (KMS) Key to use for encrypting the state. |
max_retries | typing.Union[int, float] | (Optional) The maximum number of times an AWS API request is retried on retryable failure. |
no_proxy | str | (Optional) Comma-separated list of hosts that should not use HTTP or HTTPS proxies. |
profile | str | (Optional) Name of AWS profile in AWS shared credentials file (e.g. ~/.aws/credentials) or AWS shared configuration file (e.g. ~/.aws/config) to use for credentials and/or configuration. This can also be sourced from the AWS_PROFILE environment variable. |
region | str | AWS Region of the S3 Bucket and DynamoDB Table (if used). |
retry_mode | str | (Optional) Specifies how retries are attempted. |
role_arn | str | (Optional) Amazon Resource Name (ARN) of the IAM Role to assume. |
secret_key | str | (Optional) AWS secret access key. |
session_name | str | (Optional) Session name to use when assuming the role. |
shared_config_files | typing.List[str] | (Optional) List of paths to AWS shared configuration files. |
shared_credentials_file | str | (Optional) Path to the AWS shared credentials file. |
shared_credentials_files | typing.List[str] | (Optional) List of paths to AWS shared credentials files. |
skip_credentials_validation | bool | (Optional) Skip credentials validation via the STS API. |
skip_metadata_api_check | bool | (Optional) Skip usage of EC2 Metadata API. |
skip_region_validation | bool | (Optional) Skip validation of provided region name. |
skip_requesting_account_id | bool | (Optional) Whether to skip requesting the account ID. |
skip_s3_checksum | bool | (Optional) Do not include checksum when uploading S3 Objects. |
sse_customer_key | str | (Optional) The key to use for encrypting state with Server-Side Encryption with Customer-Provided Keys (SSE-C). |
sts_endpoint | str | (Optional) Custom endpoint for the AWS Security Token Service (STS) API. |
sts_region | str | (Optional) AWS region for STS. |
token | str | (Optional) Multi-Factor Authentication (MFA) token. |
use_legacy_workflow | bool | (Optional) Use the legacy authentication workflow, preferring environment variables over backend configuration. |
use_path_style | bool | (Optional) Enable path-style S3 URLs (https://< HOST >/< BUCKET > instead of https://< BUCKET >.< HOST >). |
workspace_key_prefix | str | (Optional) Prefix applied to the state path inside the bucket. |
bucket
Required
bucket: str
- Type: str
Name of the S3 Bucket.
key
Required
key: str
- Type: str
Path to the state file inside the S3 Bucket.
When using a non-default workspace, the state path will be /workspace_key_prefix/workspace_name/key
access_key
Optional
access_key: str
- Type: str
(Optional) AWS access key.
If configured, must also configure secret_key. This can also be sourced from the AWS_ACCESS_KEY_ID environment variable, AWS shared credentials file (e.g. ~/.aws/credentials), or AWS shared configuration file (e.g. ~/.aws/config).
acl
Optional
acl: str
- Type: str
(Optional) Canned ACL to be applied to the state file.
allowed_account_ids
Optional
allowed_account_ids: typing.List[str]
- Type: typing.List[str]
(Optional) List of allowed AWS account IDs to prevent potential destruction of a live environment.
Conflicts with forbidden_account_ids.
assume_role
Optional
assume_role: S3BackendAssumeRoleConfig
Assuming an IAM Role can be configured in two ways.
The preferred way is to use the argument assume_role, the other, which is deprecated, is with arguments at the top level.
assume_role_policy
Optional
assume_role_policy
- Deprecated: Use assumeRole.policy instead.
assume_role_policy: str
- Type: str
(Optional) IAM Policy JSON describing further restricting permissions for the IAM Role being assumed.
assume_role_policy_arns
Optional
assume_role_policy_arns
- Deprecated: Use assumeRole.policyArns instead.
assume_role_policy_arns: typing.List[str]
- Type: typing.List[str]
(Optional) Set of Amazon Resource Names (ARNs) of IAM Policies describing further restricting permissions for the IAM Role being assumed.
assume_role_tags
Optional
assume_role_tags
- Deprecated: Use assumeRole.tags instead.
assume_role_tags: typing.Mapping[str]
- Type: typing.Mapping[str]
(Optional) Map of assume role session tags.
assume_role_transitive_tag_keys
Optional
assume_role_transitive_tag_keys
- Deprecated: Use assumeRole.transitiveTagKeys instead.
assume_role_transitive_tag_keys: typing.List[str]
- Type: typing.List[str]
(Optional) Set of assume role session tag keys to pass to any subsequent sessions.
assume_role_with_web_identity
Optional
assume_role_with_web_identity: S3BackendAssumeRoleWithWebIdentityConfig
Assume Role With Web Identity Configuration.
custom_ca_bundle
Optional
custom_ca_bundle: str
- Type: str
(Optional) File containing custom root and intermediate certificates.
Can also be set using the AWS_CA_BUNDLE environment variable. Setting ca_bundle in the shared config file is not supported.
dynamodb_endpoint
Optional
dynamodb_endpoint
- Deprecated: Use endpoints.dynamodb instead
dynamodb_endpoint: str
- Type: str
(Optional) Custom endpoint for the AWS DynamoDB API.
This can also be sourced from the AWS_DYNAMODB_ENDPOINT environment variable.
dynamodb_table
Optional
dynamodb_table: str
- Type: str
(Optional) Name of DynamoDB Table to use for state locking and consistency.
The table must have a partition key named LockID with type of String. If not configured, state locking will be disabled.
ec2_metadata_service_endpoint
Optional
ec2_metadata_service_endpoint: str
- Type: str
Optional) Custom endpoint URL for the EC2 Instance Metadata Service (IMDS) API.
Can also be set with the AWS_EC2_METADATA_SERVICE_ENDPOINT environment variable.
ec2_metadata_service_endpoint_mode
Optional
ec2_metadata_service_endpoint_mode: str
- Type: str
(Optional) Mode to use in communicating with the metadata service.
Valid values are IPv4 and IPv6. Can also be set with the AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE environment variable.
encrypt
Optional
encrypt: bool
- Type: bool
(Optional) Enable server side encryption of the state file.
endpoint
Optional
endpoint
- Deprecated: Use endpoints.s3 instead
endpoint: str
- Type: str
(Optional) Custom endpoint for the AWS S3 API.
This can also be sourced from the AWS_S3_ENDPOINT environment variable.
endpoints
Optional
endpoints: S3BackendEndpointConfig
- Type: S3BackendEndpointConfig
(Optional) The endpoint configuration block.
external_id
Optional
external_id
- Deprecated: Use assume_role.external_id instead.
external_id: str
- Type: str
(Optional) External identifier to use when assuming the role.
forbidden_account_ids
Optional
forbidden_account_ids: typing.List[str]
- Type: typing.List[str]
(Optional) List of forbidden AWS account IDs to prevent potential destruction of a live environment.
Conflicts with allowed_account_ids.
force_path_style
Optional
force_path_style
- Deprecated: Use usePathStyle instead
force_path_style: bool
- Type: bool
(Optional) Enable path-style S3 URLs (https://< HOST >/< BUCKET > instead of https://< BUCKET >.< HOST >).
http_proxy
Optional
http_proxy: str
- Type: str
(Optional) URL of a proxy to use for HTTP requests when accessing the AWS API.
Can also be set using the HTTP_PROXY or http_proxy environment variables.
https_proxy
Optional
https_proxy: str
- Type: str
(Optional) URL of a proxy to use for HTTPS requests when accessing the AWS API.
Can also be set using the HTTPS_PROXY or https_proxy environment variables.
iam_endpoint
Optional
iam_endpoint
- Deprecated: Use endpoints.iam instead
iam_endpoint: str
- Type: str
(Optional) Custom endpoint for the AWS Identity and Access Management (IAM) API.
This can also be sourced from the AWS_IAM_ENDPOINT environment variable.
insecure
Optional
insecure: bool
- Type: bool
Optional) Whether to explicitly allow the backend to perform "insecure" SSL requests.
If omitted, the default value is false.
kms_key_id
Optional
kms_key_id: str
- Type: str
(Optional) Amazon Resource Name (ARN) of a Key Management Service (KMS) Key to use for encrypting the state.
Note that if this value is specified, Terraform will need kms:Encrypt, kms:Decrypt and kms:GenerateDataKey permissions on this KMS key.
max_retries
Optional
max_retries: typing.Union[int, float]
- Type: typing.Union[int, float]
(Optional) The maximum number of times an AWS API request is retried on retryable failure.
Defaults to 5.
no_proxy
Optional
no_proxy: str
- Type: str
(Optional) Comma-separated list of hosts that should not use HTTP or HTTPS proxies.
Each value can be one of:
- A domain name
- An IP address
- A CIDR address
- An asterisk (*), to indicate that no proxying should be performed Domain name and IP address values can also include a port number. Can also be set using the NO_PROXY or no_proxy environment variables.
profile
Optional
profile: str
- Type: str
(Optional) Name of AWS profile in AWS shared credentials file (e.g. ~/.aws/credentials) or AWS shared configuration file (e.g. ~/.aws/config) to use for credentials and/or configuration. This can also be sourced from the AWS_PROFILE environment variable.
region
Optional
region: str
- Type: str
AWS Region of the S3 Bucket and DynamoDB Table (if used).
This can also be sourced from the AWS_DEFAULT_REGION and AWS_REGION environment variables.
retry_mode
Optional
retry_mode: str
- Type: str
(Optional) Specifies how retries are attempted.
Valid values are standard and adaptive. Can also be configured using the AWS_RETRY_MODE environment variable or the shared config file parameter retry_mode.
role_arn
Optional
role_arn
- Deprecated: Use assumeRole.roleArn instead.
role_arn: str
- Type: str
(Optional) Amazon Resource Name (ARN) of the IAM Role to assume.
secret_key
Optional
secret_key: str
- Type: str
(Optional) AWS secret access key.
If configured, must also configure access_key. This can also be sourced from the AWS_SECRET_ACCESS_KEY environment variable, AWS shared credentials file (e.g. ~/.aws/credentials), or AWS shared configuration file (e.g. ~/.aws/config)
session_name
Optional
session_name
- Deprecated: Use assumeRole.sessionName instead.
session_name: str
- Type: str
(Optional) Session name to use when assuming the role.
shared_config_files
Optional
shared_config_files: typing.List[str]
- Type: typing.List[str]
(Optional) List of paths to AWS shared configuration files.
Defaults to ~/.aws/config.
shared_credentials_file
Optional
shared_credentials_file: str
- Type: str
(Optional) Path to the AWS shared credentials file.
Defaults to ~/.aws/credentials.
shared_credentials_files
Optional
shared_credentials_files: typing.List[str]
- Type: typing.List[str]
(Optional) List of paths to AWS shared credentials files.
Defaults to ~/.aws/credentials.
skip_credentials_validation
Optional
skip_credentials_validation: bool
- Type: bool
(Optional) Skip credentials validation via the STS API.
skip_metadata_api_check
Optional
skip_metadata_api_check: bool
- Type: bool
(Optional) Skip usage of EC2 Metadata API.
skip_region_validation
Optional
skip_region_validation: bool
- Type: bool
(Optional) Skip validation of provided region name.
skip_requesting_account_id
Optional
skip_requesting_account_id: bool
- Type: bool
(Optional) Whether to skip requesting the account ID.
Useful for AWS API implementations that do not have the IAM, STS API, or metadata API.
skip_s3_checksum
Optional
skip_s3_checksum: bool
- Type: bool
(Optional) Do not include checksum when uploading S3 Objects.
Useful for some S3-Compatible APIs.
sse_customer_key
Optional
sse_customer_key: str
- Type: str
(Optional) The key to use for encrypting state with Server-Side Encryption with Customer-Provided Keys (SSE-C).
This is the base64-encoded value of the key, which must decode to 256 bits. This can also be sourced from the AWS_SSE_CUSTOMER_KEY environment variable, which is recommended due to the sensitivity of the value. Setting it inside a terraform file will cause it to be persisted to disk in terraform.tfstate.
sts_endpoint
Optional
sts_endpoint
- Deprecated: Use endpoints.sts instead
sts_endpoint: str
- Type: str
(Optional) Custom endpoint for the AWS Security Token Service (STS) API.
This can also be sourced from the AWS_STS_ENDPOINT environment variable.
sts_region
Optional
sts_region: str
- Type: str
(Optional) AWS region for STS.
If unset, AWS will use the same region for STS as other non-STS operations.
token
Optional
token: str
- Type: str
(Optional) Multi-Factor Authentication (MFA) token.
This can also be sourced from the AWS_SESSION_TOKEN environment variable.
use_legacy_workflow
Optional
use_legacy_workflow: bool
- Type: bool
(Optional) Use the legacy authentication workflow, preferring environment variables over backend configuration.
Defaults to true. This behavior does not align with the authentication flow of the AWS CLI or SDK's, and will be removed in the future.
use_path_style
Optional
use_path_style: bool
- Type: bool
(Optional) Enable path-style S3 URLs (https://< HOST >/< BUCKET > instead of https://< BUCKET >.< HOST >).
workspace_key_prefix
Optional
workspace_key_prefix: str
- Type: str
(Optional) Prefix applied to the state path inside the bucket.
This is only relevant when using a non-default workspace. Defaults to env:
S3BackendEndpointConfig
Initializer
import cdktf
cdktf.S3BackendEndpointConfig(
dynamodb: str = None,
iam: str = None,
s3: str = None,
sso: str = None,
sts: str = None
)
Properties
Name | Type | Description |
---|---|---|
dynamodb | str | (Optional) Custom endpoint URL for the AWS DynamoDB API. |
iam | str | (Optional) Custom endpoint URL for the AWS IAM API. |
s3 | str | (Optional) Custom endpoint URL for the AWS S3 API. |
sso | str | (Optional) Custom endpoint URL for the AWS IAM Identity Center (formerly known as AWS SSO) API. |
sts | str | (Optional) Custom endpoint URL for the AWS STS API. |
dynamodb
Optional
dynamodb: str
- Type: str
(Optional) Custom endpoint URL for the AWS DynamoDB API.
This can also be sourced from the environment variable AWS_ENDPOINT_URL_DYNAMODB or the deprecated environment variable AWS_DYNAMODB_ENDPOINT.
iam
Optional
iam: str
- Type: str
(Optional) Custom endpoint URL for the AWS IAM API.
This can also be sourced from the environment variable AWS_ENDPOINT_URL_IAM or the deprecated environment variable AWS_IAM_ENDPOINT.
s3
Optional
s3: str
- Type: str
(Optional) Custom endpoint URL for the AWS S3 API.
This can also be sourced from the environment variable AWS_ENDPOINT_URL_S3 or the deprecated environment variable AWS_S3_ENDPOINT.
sso
Optional
sso: str
- Type: str
(Optional) Custom endpoint URL for the AWS IAM Identity Center (formerly known as AWS SSO) API.
This can also be sourced from the environment variable AWS_ENDPOINT_URL_SSO.
sts
Optional
sts: str
- Type: str
(Optional) Custom endpoint URL for the AWS STS API.
This can also be sourced from the environment variable AWS_ENDPOINT_URL_STS or the deprecated environment variable AWS_STS_ENDPOINT.
SSHProvisionerConnection
Most provisioners require access to the remote resource via SSH or WinRM and expect a nested connection block with details about how to connect.
Refer to {@link https://developer.hashicorp.com/terraform/language/resources/provisioners/connection connection}
Initializer
import cdktf
cdktf.SSHProvisionerConnection(
host: str,
type: str,
agent: str = None,
agent_identity: str = None,
bastion_certificate: str = None,
bastion_host: str = None,
bastion_host_key: str = None,
bastion_password: str = None,
bastion_port: typing.Union[int, float] = None,
bastion_private_key: str = None,
bastion_user: str = None,
certificate: str = None,
host_key: str = None,
password: str = None,
port: typing.Union[int, float] = None,
private_key: str = None,
proxy_host: str = None,
proxy_port: typing.Union[int, float] = None,
proxy_scheme: str = None,
proxy_user_name: str = None,
proxy_user_password: str = None,
script_path: str = None,
target_platform: str = None,
timeout: str = None,
user: str = None
)
Properties
Name | Type | Description |
---|---|---|
host | str | The address of the resource to connect to. |
type | str | The connection type. |
agent | str | Set to false to disable using ssh-agent to authenticate. |
agent_identity | str | The preferred identity from the ssh agent for authentication. |
bastion_certificate | str | The contents of a signed CA Certificate. |
bastion_host | str | Setting this enables the bastion Host connection. |
bastion_host_key | str | The public key from the remote host or the signing CA, used to verify the host connection. |
bastion_password | str | The password to use for the bastion host. |
bastion_port | typing.Union[int, float] | The port to use connect to the bastion host. |
bastion_private_key | str | The contents of an SSH key file to use for the bastion host. |
bastion_user | str | The user for the connection to the bastion host. |
certificate | str | The contents of a signed CA Certificate. |
host_key | str | The public key from the remote host or the signing CA, used to verify the connection. |
password | str | The password to use for the connection. |
port | typing.Union[int, float] | The port to connect to. |
private_key | str | The contents of an SSH key to use for the connection. |
proxy_host | str | Setting this enables the SSH over HTTP connection. |
proxy_port | typing.Union[int, float] | The port to use connect to the proxy host. |
proxy_scheme | str | The ssh connection also supports the following fields to facilitate connections by SSH over HTTP proxy. |
proxy_user_name | str | The username to use connect to the private proxy host. |
proxy_user_password | str | The password to use connect to the private proxy host. |
script_path | str | The path used to copy scripts meant for remote execution. |
target_platform | str | The target platform to connect to. |
timeout | str | The timeout to wait for the connection to become available. |
user | str | The user to use for the connection. |
host
Required
host: str
- Type: str
The address of the resource to connect to.
type
Required
type: str
- Type: str
The connection type.
Valid values are "ssh" and "winrm". Provisioners typically assume that the remote system runs Microsoft Windows when using WinRM. Behaviors based on the SSH target_platform will force Windows-specific behavior for WinRM, unless otherwise specified.
agent
Optional
agent: str
- Type: str
Set to false to disable using ssh-agent to authenticate.
On Windows the only supported SSH authentication agent is Pageant.
agent_identity
Optional
agent_identity: str
- Type: str
The preferred identity from the ssh agent for authentication.
bastion_certificate
Optional
bastion_certificate: str
- Type: str
The contents of a signed CA Certificate.
The certificate argument must be used in conjunction with a bastion_private_key. These can be loaded from a file on disk using the the file function.
bastion_host
Optional
bastion_host: str
- Type: str
Setting this enables the bastion Host connection.
The provisioner will connect to bastion_host first, and then connect from there to host.
bastion_host_key
Optional
bastion_host_key: str
- Type: str
The public key from the remote host or the signing CA, used to verify the host connection.
bastion_password
Optional
bastion_password: str
- Type: str
The password to use for the bastion host.
bastion_port
Optional
bastion_port: typing.Union[int, float]
- Type: typing.Union[int, float]
The port to use connect to the bastion host.
bastion_private_key
Optional
bastion_private_key: str
- Type: str
The contents of an SSH key file to use for the bastion host.
These can be loaded from a file on disk using the file function.
bastion_user
Optional
bastion_user: str
- Type: str
The user for the connection to the bastion host.
certificate
Optional
certificate: str
- Type: str
The contents of a signed CA Certificate.
The certificate argument must be used in conjunction with a private_key. These can be loaded from a file on disk using the the file function.
host_key
Optional
host_key: str
- Type: str
The public key from the remote host or the signing CA, used to verify the connection.
password
Optional
password: str
- Type: str
The password to use for the connection.
port
Optional
port: typing.Union[int, float]
- Type: typing.Union[int, float]
- Default: 22
The port to connect to.
private_key
Optional
private_key: str
- Type: str
The contents of an SSH key to use for the connection.
These can be loaded from a file on disk using the file function. This takes preference over password if provided.
proxy_host
Optional
proxy_host: str
- Type: str
Setting this enables the SSH over HTTP connection.
This host will be connected to first, and then the host or bastion_host connection will be made from there.
proxy_port
Optional
proxy_port: typing.Union[int, float]
- Type: typing.Union[int, float]
The port to use connect to the proxy host.
proxy_scheme
Optional
proxy_scheme: str
- Type: str
The ssh connection also supports the following fields to facilitate connections by SSH over HTTP proxy.
proxy_user_name
Optional
proxy_user_name: str
- Type: str
The username to use connect to the private proxy host.
This argument should be specified only if authentication is required for the HTTP Proxy server.
proxy_user_password
Optional
proxy_user_password: str
- Type: str
The password to use connect to the private proxy host.
This argument should be specified only if authentication is required for the HTTP Proxy server.
script_path
Optional
script_path: str
- Type: str
The path used to copy scripts meant for remote execution.
Refer to {@link https://developer.hashicorp.com/terraform/language/resources/provisioners/connection#how-provisioners-execute-remote-scripts How Provisioners Execute Remote Scripts below for more details}
target_platform
Optional
target_platform: str
- Type: str
- Default: unix
The target platform to connect to.
Valid values are "windows" and "unix". If the platform is set to windows, the default scriptpath is c:\windows\temp\terraform%RAND%.cmd, assuming the SSH default shell is cmd.exe. If the SSH default shell is PowerShell, set scriptpath to "c:/windows/temp/terraform%RAND%.ps1"
timeout
Optional
timeout: str
- Type: str
- Default: 5m
The timeout to wait for the connection to become available.
Should be provided as a string (e.g., "30s" or "5m".)
user
Optional
user: str
- Type: str
- Default: root
The user to use for the connection.
StackAnnotation
Initializer
import cdktf
cdktf.StackAnnotation(
construct_path: str,
level: AnnotationMetadataEntryType,
message: str,
stacktrace: typing.List[str] = None
)
Properties
Name | Type | Description |
---|---|---|
construct_path | str | No description. |
level | AnnotationMetadataEntryType | No description. |
message | str | No description. |
stacktrace | typing.List[str] | No description. |
construct_path
Required
construct_path: str
- Type: str
level
Required
level: AnnotationMetadataEntryType
message
Required
message: str
- Type: str
stacktrace
Optional
stacktrace: typing.List[str]
- Type: typing.List[str]
StackManifest
Initializer
import cdktf
cdktf.StackManifest(
annotations: typing.List[StackAnnotation],
construct_path: str,
dependencies: typing.List[str],
name: str,
stack_metadata_path: str,
synthesized_stack_path: str,
working_directory: str
)
Properties
Name | Type | Description |
---|---|---|
annotations | typing.List[StackAnnotation] | No description. |
construct_path | str | No description. |
dependencies | typing.List[str] | No description. |
name | str | No description. |
stack_metadata_path | str | No description. |
synthesized_stack_path | str | No description. |
working_directory | str | No description. |
annotations
Required
annotations: typing.List[StackAnnotation]
- Type: typing.List[StackAnnotation]
construct_path
Required
construct_path: str
- Type: str
dependencies
Required
dependencies: typing.List[str]
- Type: typing.List[str]
name
Required
name: str
- Type: str
stack_metadata_path
Required
stack_metadata_path: str
- Type: str
synthesized_stack_path
Required
synthesized_stack_path: str
- Type: str
working_directory
Required
working_directory: str
- Type: str
SwiftBackendConfig
Initializer
import cdktf
cdktf.SwiftBackendConfig(
container: str,
application_credential_id: str = None,
application_credential_name: str = None,
application_credential_secret: str = None,
archive_container: str = None,
auth_url: str = None,
cacert_file: str = None,
cert: str = None,
cloud: str = None,
default_domain: str = None,
domain_id: str = None,
domain_name: str = None,
expire_after: str = None,
insecure: bool = None,
key: str = None,
password: str = None,
project_domain_id: str = None,
project_domain_name: str = None,
region_name: str = None,
state_name: str = None,
tenant_id: str = None,
tenant_name: str = None,
token: str = None,
user_domain_id: str = None,
user_domain_name: str = None,
user_id: str = None,
user_name: str = None
)
Properties
Name | Type | Description |
---|---|---|
container | str | No description. |
application_credential_id | str | No description. |
application_credential_name | str | No description. |
application_credential_secret | str | No description. |
archive_container | str | No description. |
auth_url | str | No description. |
cacert_file | str | No description. |
cert | str | No description. |
cloud | str | No description. |
default_domain | str | No description. |
domain_id | str | No description. |
domain_name | str | No description. |
expire_after | str | No description. |
insecure | bool | No description. |
key | str | No description. |
password | str | No description. |
project_domain_id | str | No description. |
project_domain_name | str | No description. |
region_name | str | No description. |
state_name | str | No description. |
tenant_id | str | No description. |
tenant_name | str | No description. |
token | str | No description. |
user_domain_id | str | No description. |
user_domain_name | str | No description. |
user_id | str | No description. |
user_name | str | No description. |
container
Required
container
- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
container: str
- Type: str
application_credential_id
Optional
application_credential_id
- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
application_credential_id: str
- Type: str
application_credential_name
Optional
application_credential_name
- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
application_credential_name: str
- Type: str
application_credential_secret
Optional
application_credential_secret
- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
application_credential_secret: str
- Type: str
archive_container
Optional
archive_container
- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
archive_container: str
- Type: str
auth_url
Optional
auth_url
- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
auth_url: str
- Type: str
cacert_file
Optional
cacert_file
- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
cacert_file: str
- Type: str
cert
Optional
cert
- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
cert: str
- Type: str
cloud
Optional
cloud
- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
cloud: str
- Type: str
default_domain
Optional
default_domain
- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
default_domain: str
- Type: str
domain_id
Optional
domain_id
- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
domain_id: str
- Type: str
domain_name
Optional
domain_name
- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
domain_name: str
- Type: str
expire_after
Optional
expire_after
- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
expire_after: str
- Type: str
insecure
Optional
insecure
- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
insecure: bool
- Type: bool
key
Optional
key
- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
key: str
- Type: str
password
Optional
password
- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
password: str
- Type: str
project_domain_id
Optional
project_domain_id
- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
project_domain_id: str
- Type: str
project_domain_name
Optional
project_domain_name
- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
project_domain_name: str
- Type: str
region_name
Optional
region_name
- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
region_name: str
- Type: str
state_name
Optional
state_name
- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
state_name: str
- Type: str
tenant_id
Optional
tenant_id
- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
tenant_id: str
- Type: str
tenant_name
Optional
tenant_name
- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
tenant_name: str
- Type: str
token
Optional
token
- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
token: str
- Type: str
user_domain_id
Optional
user_domain_id
- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
user_domain_id: str
- Type: str
user_domain_name
Optional
user_domain_name
- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
user_domain_name: str
- Type: str
user_id
Optional
user_id
- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
user_id: str
- Type: str
user_name
Optional
user_name
- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
user_name: str
- Type: str
TerraformAssetConfig
Initializer
import cdktf
cdktf.TerraformAssetConfig(
path: str,
asset_hash: str = None,
type: AssetType = None
)
Properties
Name | Type | Description |
---|---|---|
path | str | No description. |
asset_hash | str | No description. |
type | AssetType | No description. |
path
Required
path: str
- Type: str
asset_hash
Optional
asset_hash: str
- Type: str
type
Optional
type: AssetType
- Type: AssetType
TerraformCondition
Initializer
import cdktf
cdktf.TerraformCondition(
condition: typing.Any,
error_message: str
)
Properties
Name | Type | Description |
---|---|---|
condition | typing.Any | This is a boolean expression that should return true if the intended assumption or guarantee is fulfilled or false if it does not. |
error_message | str | This contains the text that Terraform will include as part of error messages when it detects an unmet condition. |
condition
Required
condition: typing.Any
- Type: typing.Any
This is a boolean expression that should return true if the intended assumption or guarantee is fulfilled or false if it does not.
error_message
Required
error_message: str
- Type: str
This contains the text that Terraform will include as part of error messages when it detects an unmet condition.
TerraformConstructor
Initializer
from cdktf import testing_matchers
testingMatchers.TerraformConstructor(
tf_resource_type: str
)
Properties
Name | Type | Description |
---|---|---|
tf_resource_type | str | No description. |
tf_resource_type
Required
tf_resource_type: str
- Type: str
TerraformElementMetadata
Initializer
import cdktf
cdktf.TerraformElementMetadata(
path: str,
stack_trace: typing.List[str],
unique_id: str
)
Properties
Name | Type | Description |
---|---|---|
path | str | No description. |
stack_trace | typing.List[str] | No description. |
unique_id | str | No description. |
path
Required
path: str
- Type: str
stack_trace
Required
stack_trace: typing.List[str]
- Type: typing.List[str]
unique_id
Required
unique_id: str
- Type: str
TerraformHclModuleConfig
Initializer
import cdktf
cdktf.TerraformHclModuleConfig(
depends_on: typing.List[ITerraformDependable] = None,
for_each: ITerraformIterator = None,
providers: typing.List[typing.Union[TerraformProvider, TerraformModuleProvider]] = None,
skip_asset_creation_from_local_modules: bool = None,
source: str,
version: str = None,
variables: typing.Mapping[typing.Any] = None
)
Properties
Name | Type | Description |
---|---|---|
depends_on | typing.List[ITerraformDependable] | No description. |
for_each | ITerraformIterator | No description. |
providers | typing.List[typing.Union[TerraformProvider, TerraformModuleProvider]] | No description. |
skip_asset_creation_from_local_modules | bool | No description. |
source | str | No description. |
version | str | No description. |
variables | typing.Mapping[typing.Any] | No description. |
depends_on
Optional
depends_on: typing.List[ITerraformDependable]
- Type: typing.List[ITerraformDependable]
for_each
Optional
for_each: ITerraformIterator
- Type: ITerraformIterator
providers
Optional
providers: typing.List[typing.Union[TerraformProvider, TerraformModuleProvider]]
- Type: typing.List[typing.Union[TerraformProvider, TerraformModuleProvider]]
skip_asset_creation_from_local_modules
Optional
skip_asset_creation_from_local_modules: bool
- Type: bool
source
Required
source: str
- Type: str
version
Optional
version: str
- Type: str
variables
Optional
variables: typing.Mapping[typing.Any]
- Type: typing.Mapping[typing.Any]
TerraformMetaArguments
Initializer
import cdktf
cdktf.TerraformMetaArguments(
connection: typing.Union[SSHProvisionerConnection, WinrmProvisionerConnection] = None,
count: typing.Union[typing.Union[int, float], TerraformCount] = None,
depends_on: typing.List[ITerraformDependable] = None,
for_each: ITerraformIterator = None,
lifecycle: TerraformResourceLifecycle = None,
provider: TerraformProvider = None,
provisioners: typing.List[typing.Union[FileProvisioner, LocalExecProvisioner, RemoteExecProvisioner]] = None
)
Properties
Name | Type | Description |
---|---|---|
connection | typing.Union[SSHProvisionerConnection, WinrmProvisionerConnection] | No description. |
count | typing.Union[typing.Union[int, float], TerraformCount] | No description. |
depends_on | typing.List[ITerraformDependable] | No description. |
for_each | ITerraformIterator | No description. |
lifecycle | TerraformResourceLifecycle | No description. |
provider | TerraformProvider | No description. |
provisioners | typing.List[typing.Union[FileProvisioner, LocalExecProvisioner, RemoteExecProvisioner]] | No description. |
connection
Optional
connection: typing.Union[SSHProvisionerConnection, WinrmProvisionerConnection]
- Type: typing.Union[SSHProvisionerConnection, WinrmProvisionerConnection]
count
Optional
count: typing.Union[typing.Union[int, float], TerraformCount]
- Type: typing.Union[typing.Union[int, float], TerraformCount]
depends_on
Optional
depends_on: typing.List[ITerraformDependable]
- Type: typing.List[ITerraformDependable]
for_each
Optional
for_each: ITerraformIterator
- Type: ITerraformIterator
lifecycle
Optional
lifecycle: TerraformResourceLifecycle
provider
Optional
provider: TerraformProvider
- Type: TerraformProvider
provisioners
Optional
provisioners: typing.List[typing.Union[FileProvisioner, LocalExecProvisioner, RemoteExecProvisioner]]
- Type: typing.List[typing.Union[FileProvisioner, LocalExecProvisioner, RemoteExecProvisioner]]
TerraformModuleConfig
Initializer
import cdktf
cdktf.TerraformModuleConfig(
depends_on: typing.List[ITerraformDependable] = None,
for_each: ITerraformIterator = None,
providers: typing.List[typing.Union[TerraformProvider, TerraformModuleProvider]] = None,
skip_asset_creation_from_local_modules: bool = None,
source: str,
version: str = None
)
Properties
Name | Type | Description |
---|---|---|
depends_on | typing.List[ITerraformDependable] | No description. |
for_each | ITerraformIterator | No description. |
providers | typing.List[typing.Union[TerraformProvider, TerraformModuleProvider]] | No description. |
skip_asset_creation_from_local_modules | bool | No description. |
source | str | No description. |
version | str | No description. |
depends_on
Optional
depends_on: typing.List[ITerraformDependable]
- Type: typing.List[ITerraformDependable]
for_each
Optional
for_each: ITerraformIterator
- Type: ITerraformIterator
providers
Optional
providers: typing.List[typing.Union[TerraformProvider, TerraformModuleProvider]]
- Type: typing.List[typing.Union[TerraformProvider, TerraformModuleProvider]]
skip_asset_creation_from_local_modules
Optional
skip_asset_creation_from_local_modules: bool
- Type: bool
source
Required
source: str
- Type: str
version
Optional
version: str
- Type: str
TerraformModuleProvider
Initializer
import cdktf
cdktf.TerraformModuleProvider(
module_alias: str,
provider: TerraformProvider
)
Properties
Name | Type | Description |
---|---|---|
module_alias | str | No description. |
provider | TerraformProvider | No description. |
module_alias
Required
module_alias: str
- Type: str
provider
Required
provider: TerraformProvider
- Type: TerraformProvider
TerraformModuleUserConfig
Initializer
import cdktf
cdktf.TerraformModuleUserConfig(
depends_on: typing.List[ITerraformDependable] = None,
for_each: ITerraformIterator = None,
providers: typing.List[typing.Union[TerraformProvider, TerraformModuleProvider]] = None,
skip_asset_creation_from_local_modules: bool = None
)
Properties
Name | Type | Description |
---|---|---|
depends_on | typing.List[ITerraformDependable] | No description. |
for_each | ITerraformIterator | No description. |
providers | typing.List[typing.Union[TerraformProvider, TerraformModuleProvider]] | No description. |
skip_asset_creation_from_local_modules | bool | No description. |
depends_on
Optional
depends_on: typing.List[ITerraformDependable]
- Type: typing.List[ITerraformDependable]
for_each
Optional
for_each: ITerraformIterator
- Type: ITerraformIterator
providers
Optional
providers: typing.List[typing.Union[TerraformProvider, TerraformModuleProvider]]
- Type: typing.List[typing.Union[TerraformProvider, TerraformModuleProvider]]
skip_asset_creation_from_local_modules
Optional
skip_asset_creation_from_local_modules: bool
- Type: bool
TerraformOutputConfig
Initializer
import cdktf
cdktf.TerraformOutputConfig(
value: typing.Any,
depends_on: typing.List[ITerraformDependable] = None,
description: str = None,
precondition: Precondition = None,
sensitive: bool = None,
static_id: bool = None
)
Properties
Name | Type | Description |
---|---|---|
value | typing.Any | No description. |
depends_on | typing.List[ITerraformDependable] | No description. |
description | str | No description. |
precondition | Precondition | No description. |
sensitive | bool | No description. |
static_id | bool | If set to true the synthesized Terraform Output will be named after the id passed to the constructor instead of the default (TerraformOutput.friendlyUniqueId). |
value
Required
value: typing.Any
- Type: typing.Any
depends_on
Optional
depends_on: typing.List[ITerraformDependable]
- Type: typing.List[ITerraformDependable]
description
Optional
description: str
- Type: str
precondition
Optional
precondition: Precondition
- Type: Precondition
sensitive
Optional
sensitive: bool
- Type: bool
static_id
Optional
static_id: bool
- Type: bool
- Default: false
If set to true the synthesized Terraform Output will be named after the id
passed to the constructor instead of the default (TerraformOutput.friendlyUniqueId).
TerraformProviderConfig
Initializer
import cdktf
cdktf.TerraformProviderConfig(
terraform_resource_type: str,
terraform_generator_metadata: TerraformProviderGeneratorMetadata = None,
terraform_provider_source: str = None
)
Properties
Name | Type | Description |
---|---|---|
terraform_resource_type | str | No description. |
terraform_generator_metadata | TerraformProviderGeneratorMetadata | No description. |
terraform_provider_source | str | No description. |
terraform_resource_type
Required
terraform_resource_type: str
- Type: str
terraform_generator_metadata
Optional
terraform_generator_metadata: TerraformProviderGeneratorMetadata
terraform_provider_source
Optional
terraform_provider_source: str
- Type: str
TerraformProviderGeneratorMetadata
Initializer
import cdktf
cdktf.TerraformProviderGeneratorMetadata(
provider_name: str,
provider_version: str = None,
provider_version_constraint: str = None
)
Properties
Name | Type | Description |
---|---|---|
provider_name | str | No description. |
provider_version | str | No description. |
provider_version_constraint | str | No description. |
provider_name
Required
provider_name: str
- Type: str
provider_version
Optional
provider_version: str
- Type: str
provider_version_constraint
Optional
provider_version_constraint: str
- Type: str
TerraformResourceConfig
Initializer
import cdktf
cdktf.TerraformResourceConfig(
connection: typing.Union[SSHProvisionerConnection, WinrmProvisionerConnection] = None,
count: typing.Union[typing.Union[int, float], TerraformCount] = None,
depends_on: typing.List[ITerraformDependable] = None,
for_each: ITerraformIterator = None,
lifecycle: TerraformResourceLifecycle = None,
provider: TerraformProvider = None,
provisioners: typing.List[typing.Union[FileProvisioner, LocalExecProvisioner, RemoteExecProvisioner]] = None,
terraform_resource_type: str,
terraform_generator_metadata: TerraformProviderGeneratorMetadata = None
)
Properties
Name | Type | Description |
---|---|---|
connection | typing.Union[SSHProvisionerConnection, WinrmProvisionerConnection] | No description. |
count | typing.Union[typing.Union[int, float], TerraformCount] | No description. |
depends_on | typing.List[ITerraformDependable] | No description. |
for_each | ITerraformIterator | No description. |
lifecycle | TerraformResourceLifecycle | No description. |
provider | TerraformProvider | No description. |
provisioners | typing.List[typing.Union[FileProvisioner, LocalExecProvisioner, RemoteExecProvisioner]] | No description. |
terraform_resource_type | str | No description. |
terraform_generator_metadata | TerraformProviderGeneratorMetadata | No description. |
connection
Optional
connection: typing.Union[SSHProvisionerConnection, WinrmProvisionerConnection]
- Type: typing.Union[SSHProvisionerConnection, WinrmProvisionerConnection]
count
Optional
count: typing.Union[typing.Union[int, float], TerraformCount]
- Type: typing.Union[typing.Union[int, float], TerraformCount]
depends_on
Optional
depends_on: typing.List[ITerraformDependable]
- Type: typing.List[ITerraformDependable]
for_each
Optional
for_each: ITerraformIterator
- Type: ITerraformIterator
lifecycle
Optional
lifecycle: TerraformResourceLifecycle
provider
Optional
provider: TerraformProvider
- Type: TerraformProvider
provisioners
Optional
provisioners: typing.List[typing.Union[FileProvisioner, LocalExecProvisioner, RemoteExecProvisioner]]
- Type: typing.List[typing.Union[FileProvisioner, LocalExecProvisioner, RemoteExecProvisioner]]
terraform_resource_type
Required
terraform_resource_type: str
- Type: str
terraform_generator_metadata
Optional
terraform_generator_metadata: TerraformProviderGeneratorMetadata
TerraformResourceImport
Initializer
import cdktf
cdktf.TerraformResourceImport(
id: str,
provider: TerraformProvider = None
)
Properties
Name | Type | Description |
---|---|---|
id | str | No description. |
provider | TerraformProvider | No description. |
id
Required
id: str
- Type: str
provider
Optional
provider: TerraformProvider
- Type: TerraformProvider
TerraformResourceLifecycle
Initializer
import cdktf
cdktf.TerraformResourceLifecycle(
create_before_destroy: bool = None,
ignore_changes: typing.Union[typing.List[str], str] = None,
postcondition: typing.List[Postcondition] = None,
precondition: typing.List[Precondition] = None,
prevent_destroy: bool = None,
replace_triggered_by: typing.List[typing.Union[str, ITerraformDependable]] = None
)
Properties
Name | Type | Description |
---|---|---|
create_before_destroy | bool | No description. |
ignore_changes | typing.Union[typing.List[str], str] | No description. |
postcondition | typing.List[Postcondition] | No description. |
precondition | typing.List[Precondition] | No description. |
prevent_destroy | bool | No description. |
replace_triggered_by | typing.List[typing.Union[str, ITerraformDependable]] | No description. |
create_before_destroy
Optional
create_before_destroy: bool
- Type: bool
ignore_changes
Optional
ignore_changes: typing.Union[typing.List[str], str]
- Type: typing.Union[typing.List[str], str]
postcondition
Optional
postcondition: typing.List[Postcondition]
- Type: typing.List[Postcondition]
precondition
Optional
precondition: typing.List[Precondition]
- Type: typing.List[Precondition]
prevent_destroy
Optional
prevent_destroy: bool
- Type: bool
replace_triggered_by
Optional
replace_triggered_by: typing.List[typing.Union[str, ITerraformDependable]]
- Type: typing.List[typing.Union[str, ITerraformDependable]]
TerraformResourceMoveById
Initializer
import cdktf
cdktf.TerraformResourceMoveById(
from: str,
to: str
)
Properties
from
Required
from: str
- Type: str
to
Required
to: str
- Type: str
TerraformResourceMoveByTarget
Initializer
import cdktf
cdktf.TerraformResourceMoveByTarget(
move_target: str,
index: typing.Union[str, typing.Union[int, float]] = None
)
Properties
Name | Type | Description |
---|---|---|
move_target | str | No description. |
index | typing.Union[str, typing.Union[int, float]] | No description. |
move_target
Required
move_target: str
- Type: str
index
Optional
index: typing.Union[str, typing.Union[int, float]]
- Type: typing.Union[str, typing.Union[int, float]]
TerraformStackMetadata
Initializer
import cdktf
cdktf.TerraformStackMetadata(
backend: str,
stack_name: str,
version: str,
cloud: str = None
)
Properties
Name | Type | Description |
---|---|---|
backend | str | No description. |
stack_name | str | No description. |
version | str | No description. |
cloud | str | No description. |
backend
Required
backend: str
- Type: str
stack_name
Required
stack_name: str
- Type: str
version
Required
version: str
- Type: str
cloud
Optional
cloud: str
- Type: str
TerraformVariableConfig
Initializer
import cdktf
cdktf.TerraformVariableConfig(
default: typing.Any = None,
description: str = None,
nullable: bool = None,
sensitive: bool = None,
type: str = None,
validation: typing.List[TerraformVariableValidationConfig] = None
)
Properties
Name | Type | Description |
---|---|---|
default | typing.Any | No description. |
description | str | No description. |
nullable | bool | No description. |
sensitive | bool | No description. |
type | str | The type argument in a variable block allows you to restrict the type of value that will be accepted as the value for a variable. |
validation | typing.List[TerraformVariableValidationConfig] | Specify arbitrary custom validation rules for a particular variable using a validation block nested within the corresponding variable block. |
default
Optional
default: typing.Any
- Type: typing.Any
description
Optional
description: str
- Type: str
nullable
Optional
nullable: bool
- Type: bool
sensitive
Optional
sensitive: bool
- Type: bool
type
Optional
type: str
- Type: str
The type argument in a variable block allows you to restrict the type of value that will be accepted as the value for a variable.
If no type constraint is set then a value of any type is accepted.
While type constraints are optional, we recommend specifying them; they serve as easy reminders for users of the module, and allow Terraform to return a helpful error message if the wrong type is used.
Type constraints are created from a mixture of type keywords and type constructors. The supported type keywords are:
- string
- number
- bool
The type constructors allow you to specify complex types such as collections:
- list(< TYPE >)
- set(< TYPE >)
- map(< TYPE >)
- object({< ATTR NAME > = < TYPE >, ... })
- tuple([< TYPE >, ...])
The keyword any may be used to indicate that any type is acceptable. For more information on the meaning and behavior of these different types, as well as detailed information about automatic conversion of complex types, refer to {@link https://developer.hashicorp.com/terraform/language/expressions/type-constraints Type Constraints}.
If both the type and default arguments are specified, the given default value must be convertible to the specified type.
validation
Optional
validation: typing.List[TerraformVariableValidationConfig]
- Type: typing.List[TerraformVariableValidationConfig]
Specify arbitrary custom validation rules for a particular variable using a validation block nested within the corresponding variable block.
TerraformVariableValidationConfig
Add one or more validation blocks within the variable block to specify custom conditions.
Initializer
import cdktf
cdktf.TerraformVariableValidationConfig(
condition: typing.Any,
error_message: str
)
Properties
Name | Type | Description |
---|---|---|
condition | typing.Any | This is a boolean expression that should return true if the intended assumption or guarantee is fulfilled or false if it does not. |
error_message | str | This contains the text that Terraform will include as part of error messages when it detects an unmet condition. |
condition
Required
condition: typing.Any
- Type: typing.Any
This is a boolean expression that should return true if the intended assumption or guarantee is fulfilled or false if it does not.
error_message
Required
error_message: str
- Type: str
This contains the text that Terraform will include as part of error messages when it detects an unmet condition.
TestingAppConfig
Initializer
import cdktf
cdktf.TestingAppConfig(
context: typing.Mapping[typing.Any] = None,
enable_future_flags: bool = None,
fake_cdktf_json_path: bool = None,
outdir: str = None,
stack_traces: bool = None,
stub_version: bool = None
)
Properties
Name | Type | Description |
---|---|---|
context | typing.Mapping[typing.Any] | No description. |
enable_future_flags | bool | No description. |
fake_cdktf_json_path | bool | No description. |
outdir | str | No description. |
stack_traces | bool | No description. |
stub_version | bool | No description. |
context
Optional
context: typing.Mapping[typing.Any]
- Type: typing.Mapping[typing.Any]
enable_future_flags
Optional
enable_future_flags: bool
- Type: bool
fake_cdktf_json_path
Optional
fake_cdktf_json_path: bool
- Type: bool
outdir
Optional
outdir: str
- Type: str
stack_traces
Optional
stack_traces: bool
- Type: bool
stub_version
Optional
stub_version: bool
- Type: bool
WinrmProvisionerConnection
Most provisioners require access to the remote resource via SSH or WinRM and expect a nested connection block with details about how to connect.
See {@link https://developer.hashicorp.com/terraform/language/resources/provisioners/connection connection}
Initializer
import cdktf
cdktf.WinrmProvisionerConnection(
host: str,
type: str,
cacert: str = None,
https: bool = None,
insecure: bool = None,
password: str = None,
port: typing.Union[int, float] = None,
script_path: str = None,
timeout: str = None,
use_ntlm: bool = None,
user: str = None
)
Properties
Name | Type | Description |
---|---|---|
host | str | The address of the resource to connect to. |
type | str | The connection type. |
cacert | str | The CA certificate to validate against. |
https | bool | Set to true to connect using HTTPS instead of HTTP. |
insecure | bool | Set to true to skip validating the HTTPS certificate chain. |
password | str | The password to use for the connection. |
port | typing.Union[int, float] | The port to connect to. |
script_path | str | The path used to copy scripts meant for remote execution. |
timeout | str | The timeout to wait for the connection to become available. |
use_ntlm | bool | Set to true to use NTLM authentication rather than default (basic authentication), removing the requirement for basic authentication to be enabled within the target guest. |
user | str | The user to use for the connection. |
host
Required
host: str
- Type: str
The address of the resource to connect to.
type
Required
type: str
- Type: str
The connection type.
Valid values are "ssh" and "winrm". Provisioners typically assume that the remote system runs Microsoft Windows when using WinRM. Behaviors based on the SSH target_platform will force Windows-specific behavior for WinRM, unless otherwise specified.
cacert
Optional
cacert: str
- Type: str
The CA certificate to validate against.
https
Optional
https: bool
- Type: bool
Set to true to connect using HTTPS instead of HTTP.
insecure
Optional
insecure: bool
- Type: bool
Set to true to skip validating the HTTPS certificate chain.
password
Optional
password: str
- Type: str
The password to use for the connection.
port
Optional
port: typing.Union[int, float]
- Type: typing.Union[int, float]
- Default: 22
The port to connect to.
script_path
Optional
script_path: str
- Type: str
The path used to copy scripts meant for remote execution.
Refer to {@link https://developer.hashicorp.com/terraform/language/resources/provisioners/connection#how-provisioners-execute-remote-scripts How Provisioners Execute Remote Scripts below for more details}
timeout
Optional
timeout: str
- Type: str
- Default: 5m
The timeout to wait for the connection to become available.
Should be provided as a string (e.g., "30s" or "5m".)
use_ntlm
Optional
use_ntlm: bool
- Type: bool
Set to true to use NTLM authentication rather than default (basic authentication), removing the requirement for basic authentication to be enabled within the target guest.
Refer to Authentication for Remote Connections in the Windows App Development documentation for more details.
user
Optional
user: str
- Type: str
- Default: root
The user to use for the connection.