Terraform
Typescript: Structs
AppConfig
Initializer
import { AppConfig } from 'cdktf'
const appConfig: AppConfig = { ... }
Properties
| Name | Type | Description |
|---|---|---|
context | {[ key: string ]: any} | Additional context values for the application. |
hclOutput | boolean | No description. |
outdir | string | The directory to output Terraform resources. |
skipBackendValidation | boolean | Whether to skip backend validation during synthesis of the app. |
skipValidation | boolean | Whether to skip all validations during synthesis of the app. |
stackTraces | boolean | No description. |
contextOptional
public readonly context: {[ key: string ]: any};
- Type: {[ key: string ]: any}
- Default: no additional context
Additional context values for the application.
Context set by the CLI or the context key in cdktf.json has precedence.
Context can be read from any construct using node.getContext(key).
hclOutputOptional
public readonly hclOutput: boolean;
- Type: boolean
outdirOptional
public readonly outdir: string;
- Type: string
- Default: CDKTF_OUTDIR if defined, otherwise "cdktf.out"
The directory to output Terraform resources.
If you are using the CDKTF CLI, this value is automatically set from one of the following three sources:
- The
-o/--outputCLI option - The
CDKTF_OUTDIRenvironment variable - The
outdirkey incdktf.json
If you are using the CDKTF CLI and want to set a different value here, you will also need to set the same value via one of the three ways specified above.
The most common case to set this value is when you are using the CDKTF library directly (e.g. when writing unit tests).
skipBackendValidationOptional
public readonly skipBackendValidation: boolean;
- Type: boolean
- Default: false
Whether to skip backend validation during synthesis of the app.
skipValidationOptional
public readonly skipValidation: boolean;
- Type: boolean
- Default: false
Whether to skip all validations during synthesis of the app.
stackTracesOptional
public readonly stackTraces: boolean;
- Type: boolean
AzurermBackendConfig
Stores the state as a Blob with the given Key within the Blob Container within the Blob Storage Account.
This backend supports state locking and consistency checking with Azure Blob Storage native capabilities.
Note: By default the Azure Backend uses ADAL for authentication which is deprecated in favour of MSAL - MSAL can be used by setting use_microsoft_graph to true. The default for this will change in Terraform 1.2, so that MSAL authentication is used by default.
Read more about this backend in the Terraform docs: https://developer.hashicorp.com/terraform/language/settings/backends/azurerm
Initializer
import { AzurermBackendConfig } from 'cdktf'
const azurermBackendConfig: AzurermBackendConfig = { ... }
Properties
| Name | Type | Description |
|---|---|---|
containerName | string | (Required) The Name of the Storage Container within the Storage Account. |
key | string | (Required) The name of the Blob used to retrieve/store Terraform's State file inside the Storage Container. |
storageAccountName | string | (Required) The Name of the Storage Account. |
accessKey | string | access_key - (Optional) The Access Key used to access the Blob Storage Account. |
clientCertificatePassword | string | (Optional) The password associated with the Client Certificate specified in client_certificate_path. |
clientCertificatePath | string | (Optional) The path to the PFX file used as the Client Certificate when authenticating as a Service Principal. |
clientId | string | (Optional) The Client ID of the Service Principal. |
clientSecret | string | (Optional) The Client Secret of the Service Principal. |
endpoint | string | (Optional) The Custom Endpoint for Azure Resource Manager. This can also be sourced from the ARM_ENDPOINT environment variable. |
environment | string | (Optional) The Azure Environment which should be used. |
metadataHost | string | (Optional) The Hostname of the Azure Metadata Service (for example management.azure.com), used to obtain the Cloud Environment when using a Custom Azure Environment. This can also be sourced from the ARM_METADATA_HOSTNAME Environment Variable.). |
msiEndpoint | string | (Optional) The path to a custom Managed Service Identity endpoint which is automatically determined if not specified. |
oidcRequestToken | string | (Optional) The bearer token for the request to the OIDC provider. |
oidcRequestUrl | string | (Optional) The URL for the OIDC provider from which to request an ID token. |
oidcToken | string | (Optional) The ID token when authenticating using OpenID Connect (OIDC). |
oidcTokenFilePath | string | (Optional) The path to a file containing an ID token when authenticating using OpenID Connect (OIDC). |
resourceGroupName | string | (Required) The Name of the Resource Group in which the Storage Account exists. |
sasToken | string | (Optional) The SAS Token used to access the Blob Storage Account. |
snapshot | boolean | (Optional) Should the Blob used to store the Terraform Statefile be snapshotted before use? |
subscriptionId | string | (Optional) The Subscription ID in which the Storage Account exists. |
tenantId | string | (Optional) The Tenant ID in which the Subscription exists. |
useAzureadAuth | boolean | (Optional) Should AzureAD Authentication be used to access the Blob Storage Account. |
useMicrosoftGraph | boolean | (Optional) Should MSAL be used for authentication instead of ADAL, and should Microsoft Graph be used instead of Azure Active Directory Graph? |
useMsi | boolean | (Optional) Should Managed Service Identity authentication be used? |
useOidc | boolean | (Optional) Should OIDC authentication be used? This can also be sourced from the ARM_USE_OIDC environment variable. |
containerNameRequired
public readonly containerName: string;
- Type: string
(Required) The Name of the Storage Container within the Storage Account.
keyRequired
public readonly key: string;
- Type: string
(Required) The name of the Blob used to retrieve/store Terraform's State file inside the Storage Container.
storageAccountNameRequired
public readonly storageAccountName: string;
- Type: string
(Required) The Name of the Storage Account.
accessKeyOptional
public readonly accessKey: string;
- Type: string
access_key - (Optional) The Access Key used to access the Blob Storage Account.
This can also be sourced from the ARM_ACCESS_KEY environment variable.
clientCertificatePasswordOptional
public readonly clientCertificatePassword: string;
- Type: string
(Optional) The password associated with the Client Certificate specified in client_certificate_path.
This can also be sourced from the ARM_CLIENT_CERTIFICATE_PASSWORD environment variable.
clientCertificatePathOptional
public readonly clientCertificatePath: string;
- Type: string
(Optional) The path to the PFX file used as the Client Certificate when authenticating as a Service Principal.
This can also be sourced from the ARM_CLIENT_CERTIFICATE_PATH environment variable.
clientIdOptional
public readonly clientId: string;
- Type: string
(Optional) The Client ID of the Service Principal.
This can also be sourced from the ARM_CLIENT_ID environment variable.
clientSecretOptional
public readonly clientSecret: string;
- Type: string
(Optional) The Client Secret of the Service Principal.
This can also be sourced from the ARM_CLIENT_SECRET environment variable.
endpointOptional
public readonly endpoint: string;
- Type: string
(Optional) The Custom Endpoint for Azure Resource Manager. This can also be sourced from the ARM_ENDPOINT environment variable.
NOTE: An endpoint should only be configured when using Azure Stack.
environmentOptional
public readonly environment: string;
- Type: string
(Optional) The Azure Environment which should be used.
This can also be sourced from the ARM_ENVIRONMENT environment variable. Possible values are public, china, german, stack and usgovernment. Defaults to public.
metadataHostOptional
public readonly metadataHost: string;
- Type: string
(Optional) The Hostname of the Azure Metadata Service (for example management.azure.com), used to obtain the Cloud Environment when using a Custom Azure Environment. This can also be sourced from the ARM_METADATA_HOSTNAME Environment Variable.).
msiEndpointOptional
public readonly msiEndpoint: string;
- Type: string
(Optional) The path to a custom Managed Service Identity endpoint which is automatically determined if not specified.
This can also be sourced from the ARM_MSI_ENDPOINT environment variable.
oidcRequestTokenOptional
public readonly oidcRequestToken: string;
- Type: string
(Optional) The bearer token for the request to the OIDC provider.
This can also be sourced from the ARM_OIDC_REQUEST_TOKEN or ACTIONS_ID_TOKEN_REQUEST_TOKEN environment variables.
oidcRequestUrlOptional
public readonly oidcRequestUrl: string;
- Type: string
(Optional) The URL for the OIDC provider from which to request an ID token.
This can also be sourced from the ARM_OIDC_REQUEST_URL or ACTIONS_ID_TOKEN_REQUEST_URL environment variables.
oidcTokenOptional
public readonly oidcToken: string;
- Type: string
(Optional) The ID token when authenticating using OpenID Connect (OIDC).
This can also be sourced from the ARM_OIDC_TOKEN environment variable.
oidcTokenFilePathOptional
public readonly oidcTokenFilePath: string;
- Type: string
(Optional) The path to a file containing an ID token when authenticating using OpenID Connect (OIDC).
This can also be sourced from the ARM_OIDC_TOKEN_FILE_PATH environment variable.
resourceGroupNameOptional
public readonly resourceGroupName: string;
- Type: string
(Required) The Name of the Resource Group in which the Storage Account exists.
sasTokenOptional
public readonly sasToken: string;
- Type: string
(Optional) The SAS Token used to access the Blob Storage Account.
This can also be sourced from the ARM_SAS_TOKEN environment variable.
snapshotOptional
public readonly snapshot: boolean;
- Type: boolean
(Optional) Should the Blob used to store the Terraform Statefile be snapshotted before use?
Defaults to false. This value can also be sourced from the ARM_SNAPSHOT environment variable.
subscriptionIdOptional
public readonly subscriptionId: string;
- Type: string
(Optional) The Subscription ID in which the Storage Account exists.
This can also be sourced from the ARM_SUBSCRIPTION_ID environment variable.
tenantIdOptional
public readonly tenantId: string;
- Type: string
(Optional) The Tenant ID in which the Subscription exists.
This can also be sourced from the ARM_TENANT_ID environment variable.
useAzureadAuthOptional
public readonly useAzureadAuth: boolean;
- Type: boolean
(Optional) Should AzureAD Authentication be used to access the Blob Storage Account.
This can also be sourced from the ARM_USE_AZUREAD environment variable.
Note: When using AzureAD for Authentication to Storage you also need to ensure the Storage Blob Data Owner role is assigned.
useMicrosoftGraphOptional
public readonly useMicrosoftGraph: boolean;
- Type: boolean
(Optional) Should MSAL be used for authentication instead of ADAL, and should Microsoft Graph be used instead of Azure Active Directory Graph?
Defaults to true.
Note: In Terraform 1.2 the Azure Backend uses MSAL (and Microsoft Graph) rather than ADAL (and Azure Active Directory Graph) for authentication by default - you can disable this by setting use_microsoft_graph to false. This setting will be removed in Terraform 1.3, due to Microsoft's deprecation of ADAL.
useMsiOptional
public readonly useMsi: boolean;
- Type: boolean
(Optional) Should Managed Service Identity authentication be used?
This can also be sourced from the ARM_USE_MSI environment variable.
useOidcOptional
public readonly useOidc: boolean;
- Type: boolean
(Optional) Should OIDC authentication be used? This can also be sourced from the ARM_USE_OIDC environment variable.
Note: When using OIDC for authentication, use_microsoft_graph must be set to true (which is the default).
CloudBackendConfig
The Cloud Backend synthesizes a {@link https://developer.hashicorp.com/terraform/cli/cloud/settings#the-cloud-block cloud block}. The cloud block is a nested block within the top-level terraform settings block. It specifies which Terraform Cloud workspaces to use for the current working directory. The cloud block only affects Terraform CLI's behavior. When Terraform Cloud uses a configuration that contains a cloud block - for example, when a workspace is configured to use a VCS provider directly - it ignores the block and behaves according to its own workspace settings.
https://developer.hashicorp.com/terraform/cli/cloud/settings#arguments
Initializer
import { CloudBackendConfig } from 'cdktf'
const cloudBackendConfig: CloudBackendConfig = { ... }
Properties
| Name | Type | Description |
|---|---|---|
organization | string | The name of the organization containing the workspace(s) the current configuration should use. |
workspaces | NamedCloudWorkspace | TaggedCloudWorkspaces | A nested block that specifies which remote Terraform Cloud workspaces to use for the current configuration. |
hostname | string | The hostname of a Terraform Enterprise installation, if using Terraform Enterprise. |
token | string | The token used to authenticate with Terraform Cloud. |
organizationRequired
public readonly organization: string;
- Type: string
The name of the organization containing the workspace(s) the current configuration should use.
workspacesRequired
public readonly workspaces: NamedCloudWorkspace | TaggedCloudWorkspaces;
A nested block that specifies which remote Terraform Cloud workspaces to use for the current configuration.
The workspaces block must contain exactly one of the following arguments, each denoting a strategy for how workspaces should be mapped:
hostnameOptional
public readonly hostname: string;
- Type: string
- Default: app.terraform.io
The hostname of a Terraform Enterprise installation, if using Terraform Enterprise.
tokenOptional
public readonly token: string;
- Type: string
The token used to authenticate with Terraform Cloud.
We recommend omitting the token from the configuration, and instead using terraform login or manually configuring credentials in the CLI config file.
ConsulBackendConfig
Stores the state in the Consul KV store at a given path. This backend supports state locking.
Read more about this backend in the Terraform docs: https://developer.hashicorp.com/terraform/language/settings/backends/consul
Initializer
import { ConsulBackendConfig } from 'cdktf'
const consulBackendConfig: ConsulBackendConfig = { ... }
Properties
| Name | Type | Description |
|---|---|---|
accessToken | string | (Required) Access token. |
path | string | (Required) Path in the Consul KV store. |
address | string | (Optional) DNS name and port of your Consul endpoint specified in the format dnsname:port. |
caFile | string | (Optional) A path to a PEM-encoded certificate authority used to verify the remote agent's certificate. |
certFile | string | (Optional) A path to a PEM-encoded certificate provided to the remote agent; |
datacenter | string | (Optional) The datacenter to use. |
gzip | boolean | (Optional) true to compress the state data using gzip, or false (the default) to leave it uncompressed. |
httpAuth | string | (Optional) HTTP Basic Authentication credentials to be used when communicating with Consul, in the format of either user or user:pass. |
keyFile | string | (Optional) A path to a PEM-encoded private key, required if cert_file is specified. |
lock | boolean | (Optional) false to disable locking. |
scheme | string | (Optional) Specifies what protocol to use when talking to the given address,either http or https. |
accessTokenRequired
public readonly accessToken: string;
- Type: string
(Required) Access token.
pathRequired
public readonly path: string;
- Type: string
(Required) Path in the Consul KV store.
addressOptional
public readonly address: string;
- Type: string
(Optional) DNS name and port of your Consul endpoint specified in the format dnsname:port.
Defaults to the local agent HTTP listener.
caFileOptional
public readonly caFile: string;
- Type: string
(Optional) A path to a PEM-encoded certificate authority used to verify the remote agent's certificate.
certFileOptional
public readonly certFile: string;
- Type: string
(Optional) A path to a PEM-encoded certificate provided to the remote agent;
requires use of key_file.
datacenterOptional
public readonly datacenter: string;
- Type: string
(Optional) The datacenter to use.
Defaults to that of the agent.
gzipOptional
public readonly gzip: boolean;
- Type: boolean
(Optional) true to compress the state data using gzip, or false (the default) to leave it uncompressed.
httpAuthOptional
public readonly httpAuth: string;
- Type: string
(Optional) HTTP Basic Authentication credentials to be used when communicating with Consul, in the format of either user or user:pass.
keyFileOptional
public readonly keyFile: string;
- Type: string
(Optional) A path to a PEM-encoded private key, required if cert_file is specified.
lockOptional
public readonly lock: boolean;
- Type: boolean
(Optional) false to disable locking.
This defaults to true, but will require session permissions with Consul and at least kv write permissions on $path/.lock to perform locking.
schemeOptional
public readonly scheme: string;
- Type: string
(Optional) Specifies what protocol to use when talking to the given address,either http or https.
SSL support can also be triggered by setting then environment variable CONSUL_HTTP_SSL to true.
CosBackendAssumeRole
Initializer
import { CosBackendAssumeRole } from 'cdktf'
const cosBackendAssumeRole: CosBackendAssumeRole = { ... }
Properties
| Name | Type | Description |
|---|---|---|
roleArn | string | (Required) The ARN of the role to assume. |
sessionDuration | number | (Required) The duration of the session when making the AssumeRole call. |
sessionName | string | (Required) The session name to use when making the AssumeRole call. |
policy | any | (Optional) A more restrictive policy when making the AssumeRole call. |
roleArnRequired
public readonly roleArn: string;
- Type: string
(Required) The ARN of the role to assume.
It can be sourced from the TENCENTCLOUD_ASSUME_ROLE_ARN.
sessionDurationRequired
public readonly sessionDuration: number;
- Type: number
(Required) The duration of the session when making the AssumeRole call.
Its value ranges from 0 to 43200(seconds), and default is 7200 seconds. It can be sourced from the TENCENTCLOUD_ASSUME_ROLE_SESSION_DURATION.
sessionNameRequired
public readonly sessionName: string;
- Type: string
(Required) The session name to use when making the AssumeRole call.
It can be sourced from the TENCENTCLOUD_ASSUME_ROLE_SESSION_NAME.
policyOptional
public readonly policy: any;
- Type: any
(Optional) A more restrictive policy when making the AssumeRole call.
Its content must not contains principal elements. Please refer to {@link https://www.tencentcloud.com/document/product/598/10603 policies syntax logic}.
CosBackendConfig
Stores the state as an object in a configurable prefix in a given bucket on Tencent Cloud Object Storage (COS).
This backend supports state locking.
Warning! It is highly recommended that you enable Object Versioning on the COS bucket to allow for state recovery in the case of accidental deletions and human error.
Read more about this backend in the Terraform docs: https://developer.hashicorp.com/terraform/language/settings/backends/cos
Initializer
import { CosBackendConfig } from 'cdktf'
const cosBackendConfig: CosBackendConfig = { ... }
Properties
| Name | Type | Description |
|---|---|---|
bucket | string | (Required) The name of the COS bucket. |
accelerate | boolean | (Optional) Whether to enable global Acceleration. |
acl | string | (Optional) Object ACL to be applied to the state file, allows private and public-read. |
assumeRole | CosBackendAssumeRole | (Optional) The assume_role block. |
domain | string | (Optional) The root domain of the API request. |
encrypt | boolean | (Optional) Whether to enable server side encryption of the state file. |
endpoint | string | (Optional) The Custom Endpoint for the COS backend. |
key | string | (Optional) The path for saving the state file in bucket. |
prefix | string | (Optional) The directory for saving the state file in bucket. |
region | string | (Optional) The region of the COS bucket. |
secretId | string | (Optional) Secret id of Tencent Cloud. |
secretKey | string | (Optional) Secret key of Tencent Cloud. |
securityToken | string | (Optional) TencentCloud Security Token of temporary access credentials. |
bucketRequired
public readonly bucket: string;
- Type: string
(Required) The name of the COS bucket.
You shall manually create it first.
accelerateOptional
public readonly accelerate: boolean;
- Type: boolean
(Optional) Whether to enable global Acceleration.
Defaults to false.
aclOptional
public readonly acl: string;
- Type: string
(Optional) Object ACL to be applied to the state file, allows private and public-read.
Defaults to private.
assumeRoleOptional
public readonly assumeRole: CosBackendAssumeRole;
- Type: CosBackendAssumeRole
(Optional) The assume_role block.
If provided, terraform will attempt to assume this role using the supplied credentials.
domainOptional
public readonly domain: string;
- Type: string
(Optional) The root domain of the API request.
Defaults to tencentcloudapi.com. It supports the environment variable TENCENTCLOUD_DOMAIN.
encryptOptional
public readonly encrypt: boolean;
- Type: boolean
(Optional) Whether to enable server side encryption of the state file.
If it is true, COS will use 'AES256' encryption algorithm to encrypt state file.
endpointOptional
public readonly endpoint: string;
- Type: string
(Optional) The Custom Endpoint for the COS backend.
It supports the environment variable TENCENTCLOUD_ENDPOINT.
keyOptional
public readonly key: string;
- Type: string
(Optional) The path for saving the state file in bucket.
Defaults to terraform.tfstate.
prefixOptional
public readonly prefix: string;
- Type: string
(Optional) The directory for saving the state file in bucket.
Default to "env:".
regionOptional
public readonly region: string;
- Type: string
(Optional) The region of the COS bucket.
It supports environment variables TENCENTCLOUD_REGION.
secretIdOptional
public readonly secretId: string;
- Type: string
(Optional) Secret id of Tencent Cloud.
It supports environment variables TENCENTCLOUD_SECRET_ID.
secretKeyOptional
public readonly secretKey: string;
- Type: string
(Optional) Secret key of Tencent Cloud.
It supports environment variables TENCENTCLOUD_SECRET_KEY.
securityTokenOptional
public readonly securityToken: string;
- Type: string
(Optional) TencentCloud Security Token of temporary access credentials.
It supports environment variables TENCENTCLOUD_SECURITY_TOKEN.
DataConfig
Initializer
import { DataConfig } from 'cdktf'
const dataConfig: DataConfig = { ... }
Properties
| Name | Type | Description |
|---|---|---|
connection | SSHProvisionerConnection | WinrmProvisionerConnection | No description. |
count | number | TerraformCount | No description. |
dependsOn | ITerraformDependable[] | No description. |
forEach | ITerraformIterator | No description. |
lifecycle | TerraformResourceLifecycle | No description. |
provider | TerraformProvider | No description. |
provisioners | FileProvisioner | LocalExecProvisioner | RemoteExecProvisioner[] | No description. |
input | {[ key: string ]: any} | (Optional) A value which will be stored in the instance state, and reflected in the output attribute after apply. |
triggersReplace | {[ key: string ]: any} | (Optional) A value which is stored in the instance state, and will force replacement when the value changes. |
connectionOptional
public readonly connection: SSHProvisionerConnection | WinrmProvisionerConnection;
countOptional
public readonly count: number | TerraformCount;
- Type: number | TerraformCount
dependsOnOptional
public readonly dependsOn: ITerraformDependable[];
- Type: ITerraformDependable[]
forEachOptional
public readonly forEach: ITerraformIterator;
- Type: ITerraformIterator
lifecycleOptional
public readonly lifecycle: TerraformResourceLifecycle;
providerOptional
public readonly provider: TerraformProvider;
- Type: TerraformProvider
provisionersOptional
public readonly provisioners: FileProvisioner | LocalExecProvisioner | RemoteExecProvisioner[];
- Type: FileProvisioner | LocalExecProvisioner | RemoteExecProvisioner[]
inputOptional
public readonly input: {[ key: string ]: any};
- Type: {[ key: string ]: any}
(Optional) A value which will be stored in the instance state, and reflected in the output attribute after apply.
https://developer.hashicorp.com/terraform/language/resources/terraform-data#input
triggersReplaceOptional
public readonly triggersReplace: {[ key: string ]: any};
- Type: {[ key: string ]: any}
(Optional) A value which is stored in the instance state, and will force replacement when the value changes.
https://developer.hashicorp.com/terraform/language/resources/terraform-data#triggers_replace
DataTerraformRemoteStateAzurermConfig
Initializer
import { DataTerraformRemoteStateAzurermConfig } from 'cdktf'
const dataTerraformRemoteStateAzurermConfig: DataTerraformRemoteStateAzurermConfig = { ... }
Properties
| Name | Type | Description |
|---|---|---|
defaults | {[ key: string ]: any} | No description. |
workspace | string | No description. |
containerName | string | (Required) The Name of the Storage Container within the Storage Account. |
key | string | (Required) The name of the Blob used to retrieve/store Terraform's State file inside the Storage Container. |
storageAccountName | string | (Required) The Name of the Storage Account. |
accessKey | string | access_key - (Optional) The Access Key used to access the Blob Storage Account. |
clientCertificatePassword | string | (Optional) The password associated with the Client Certificate specified in client_certificate_path. |
clientCertificatePath | string | (Optional) The path to the PFX file used as the Client Certificate when authenticating as a Service Principal. |
clientId | string | (Optional) The Client ID of the Service Principal. |
clientSecret | string | (Optional) The Client Secret of the Service Principal. |
endpoint | string | (Optional) The Custom Endpoint for Azure Resource Manager. This can also be sourced from the ARM_ENDPOINT environment variable. |
environment | string | (Optional) The Azure Environment which should be used. |
metadataHost | string | (Optional) The Hostname of the Azure Metadata Service (for example management.azure.com), used to obtain the Cloud Environment when using a Custom Azure Environment. This can also be sourced from the ARM_METADATA_HOSTNAME Environment Variable.). |
msiEndpoint | string | (Optional) The path to a custom Managed Service Identity endpoint which is automatically determined if not specified. |
oidcRequestToken | string | (Optional) The bearer token for the request to the OIDC provider. |
oidcRequestUrl | string | (Optional) The URL for the OIDC provider from which to request an ID token. |
oidcToken | string | (Optional) The ID token when authenticating using OpenID Connect (OIDC). |
oidcTokenFilePath | string | (Optional) The path to a file containing an ID token when authenticating using OpenID Connect (OIDC). |
resourceGroupName | string | (Required) The Name of the Resource Group in which the Storage Account exists. |
sasToken | string | (Optional) The SAS Token used to access the Blob Storage Account. |
snapshot | boolean | (Optional) Should the Blob used to store the Terraform Statefile be snapshotted before use? |
subscriptionId | string | (Optional) The Subscription ID in which the Storage Account exists. |
tenantId | string | (Optional) The Tenant ID in which the Subscription exists. |
useAzureadAuth | boolean | (Optional) Should AzureAD Authentication be used to access the Blob Storage Account. |
useMicrosoftGraph | boolean | (Optional) Should MSAL be used for authentication instead of ADAL, and should Microsoft Graph be used instead of Azure Active Directory Graph? |
useMsi | boolean | (Optional) Should Managed Service Identity authentication be used? |
useOidc | boolean | (Optional) Should OIDC authentication be used? This can also be sourced from the ARM_USE_OIDC environment variable. |
defaultsOptional
public readonly defaults: {[ key: string ]: any};
- Type: {[ key: string ]: any}
workspaceOptional
public readonly workspace: string;
- Type: string
containerNameRequired
public readonly containerName: string;
- Type: string
(Required) The Name of the Storage Container within the Storage Account.
keyRequired
public readonly key: string;
- Type: string
(Required) The name of the Blob used to retrieve/store Terraform's State file inside the Storage Container.
storageAccountNameRequired
public readonly storageAccountName: string;
- Type: string
(Required) The Name of the Storage Account.
accessKeyOptional
public readonly accessKey: string;
- Type: string
access_key - (Optional) The Access Key used to access the Blob Storage Account.
This can also be sourced from the ARM_ACCESS_KEY environment variable.
clientCertificatePasswordOptional
public readonly clientCertificatePassword: string;
- Type: string
(Optional) The password associated with the Client Certificate specified in client_certificate_path.
This can also be sourced from the ARM_CLIENT_CERTIFICATE_PASSWORD environment variable.
clientCertificatePathOptional
public readonly clientCertificatePath: string;
- Type: string
(Optional) The path to the PFX file used as the Client Certificate when authenticating as a Service Principal.
This can also be sourced from the ARM_CLIENT_CERTIFICATE_PATH environment variable.
clientIdOptional
public readonly clientId: string;
- Type: string
(Optional) The Client ID of the Service Principal.
This can also be sourced from the ARM_CLIENT_ID environment variable.
clientSecretOptional
public readonly clientSecret: string;
- Type: string
(Optional) The Client Secret of the Service Principal.
This can also be sourced from the ARM_CLIENT_SECRET environment variable.
endpointOptional
public readonly endpoint: string;
- Type: string
(Optional) The Custom Endpoint for Azure Resource Manager. This can also be sourced from the ARM_ENDPOINT environment variable.
NOTE: An endpoint should only be configured when using Azure Stack.
environmentOptional
public readonly environment: string;
- Type: string
(Optional) The Azure Environment which should be used.
This can also be sourced from the ARM_ENVIRONMENT environment variable. Possible values are public, china, german, stack and usgovernment. Defaults to public.
metadataHostOptional
public readonly metadataHost: string;
- Type: string
(Optional) The Hostname of the Azure Metadata Service (for example management.azure.com), used to obtain the Cloud Environment when using a Custom Azure Environment. This can also be sourced from the ARM_METADATA_HOSTNAME Environment Variable.).
msiEndpointOptional
public readonly msiEndpoint: string;
- Type: string
(Optional) The path to a custom Managed Service Identity endpoint which is automatically determined if not specified.
This can also be sourced from the ARM_MSI_ENDPOINT environment variable.
oidcRequestTokenOptional
public readonly oidcRequestToken: string;
- Type: string
(Optional) The bearer token for the request to the OIDC provider.
This can also be sourced from the ARM_OIDC_REQUEST_TOKEN or ACTIONS_ID_TOKEN_REQUEST_TOKEN environment variables.
oidcRequestUrlOptional
public readonly oidcRequestUrl: string;
- Type: string
(Optional) The URL for the OIDC provider from which to request an ID token.
This can also be sourced from the ARM_OIDC_REQUEST_URL or ACTIONS_ID_TOKEN_REQUEST_URL environment variables.
oidcTokenOptional
public readonly oidcToken: string;
- Type: string
(Optional) The ID token when authenticating using OpenID Connect (OIDC).
This can also be sourced from the ARM_OIDC_TOKEN environment variable.
oidcTokenFilePathOptional
public readonly oidcTokenFilePath: string;
- Type: string
(Optional) The path to a file containing an ID token when authenticating using OpenID Connect (OIDC).
This can also be sourced from the ARM_OIDC_TOKEN_FILE_PATH environment variable.
resourceGroupNameOptional
public readonly resourceGroupName: string;
- Type: string
(Required) The Name of the Resource Group in which the Storage Account exists.
sasTokenOptional
public readonly sasToken: string;
- Type: string
(Optional) The SAS Token used to access the Blob Storage Account.
This can also be sourced from the ARM_SAS_TOKEN environment variable.
snapshotOptional
public readonly snapshot: boolean;
- Type: boolean
(Optional) Should the Blob used to store the Terraform Statefile be snapshotted before use?
Defaults to false. This value can also be sourced from the ARM_SNAPSHOT environment variable.
subscriptionIdOptional
public readonly subscriptionId: string;
- Type: string
(Optional) The Subscription ID in which the Storage Account exists.
This can also be sourced from the ARM_SUBSCRIPTION_ID environment variable.
tenantIdOptional
public readonly tenantId: string;
- Type: string
(Optional) The Tenant ID in which the Subscription exists.
This can also be sourced from the ARM_TENANT_ID environment variable.
useAzureadAuthOptional
public readonly useAzureadAuth: boolean;
- Type: boolean
(Optional) Should AzureAD Authentication be used to access the Blob Storage Account.
This can also be sourced from the ARM_USE_AZUREAD environment variable.
Note: When using AzureAD for Authentication to Storage you also need to ensure the Storage Blob Data Owner role is assigned.
useMicrosoftGraphOptional
public readonly useMicrosoftGraph: boolean;
- Type: boolean
(Optional) Should MSAL be used for authentication instead of ADAL, and should Microsoft Graph be used instead of Azure Active Directory Graph?
Defaults to true.
Note: In Terraform 1.2 the Azure Backend uses MSAL (and Microsoft Graph) rather than ADAL (and Azure Active Directory Graph) for authentication by default - you can disable this by setting use_microsoft_graph to false. This setting will be removed in Terraform 1.3, due to Microsoft's deprecation of ADAL.
useMsiOptional
public readonly useMsi: boolean;
- Type: boolean
(Optional) Should Managed Service Identity authentication be used?
This can also be sourced from the ARM_USE_MSI environment variable.
useOidcOptional
public readonly useOidc: boolean;
- Type: boolean
(Optional) Should OIDC authentication be used? This can also be sourced from the ARM_USE_OIDC environment variable.
Note: When using OIDC for authentication, use_microsoft_graph must be set to true (which is the default).
DataTerraformRemoteStateConfig
Initializer
import { DataTerraformRemoteStateConfig } from 'cdktf'
const dataTerraformRemoteStateConfig: DataTerraformRemoteStateConfig = { ... }
Properties
defaultsOptional
public readonly defaults: {[ key: string ]: any};
- Type: {[ key: string ]: any}
workspaceOptional
public readonly workspace: string;
- Type: string
DataTerraformRemoteStateConsulConfig
Initializer
import { DataTerraformRemoteStateConsulConfig } from 'cdktf'
const dataTerraformRemoteStateConsulConfig: DataTerraformRemoteStateConsulConfig = { ... }
Properties
| Name | Type | Description |
|---|---|---|
defaults | {[ key: string ]: any} | No description. |
workspace | string | No description. |
accessToken | string | (Required) Access token. |
path | string | (Required) Path in the Consul KV store. |
address | string | (Optional) DNS name and port of your Consul endpoint specified in the format dnsname:port. |
caFile | string | (Optional) A path to a PEM-encoded certificate authority used to verify the remote agent's certificate. |
certFile | string | (Optional) A path to a PEM-encoded certificate provided to the remote agent; |
datacenter | string | (Optional) The datacenter to use. |
gzip | boolean | (Optional) true to compress the state data using gzip, or false (the default) to leave it uncompressed. |
httpAuth | string | (Optional) HTTP Basic Authentication credentials to be used when communicating with Consul, in the format of either user or user:pass. |
keyFile | string | (Optional) A path to a PEM-encoded private key, required if cert_file is specified. |
lock | boolean | (Optional) false to disable locking. |
scheme | string | (Optional) Specifies what protocol to use when talking to the given address,either http or https. |
defaultsOptional
public readonly defaults: {[ key: string ]: any};
- Type: {[ key: string ]: any}
workspaceOptional
public readonly workspace: string;
- Type: string
accessTokenRequired
public readonly accessToken: string;
- Type: string
(Required) Access token.
pathRequired
public readonly path: string;
- Type: string
(Required) Path in the Consul KV store.
addressOptional
public readonly address: string;
- Type: string
(Optional) DNS name and port of your Consul endpoint specified in the format dnsname:port.
Defaults to the local agent HTTP listener.
caFileOptional
public readonly caFile: string;
- Type: string
(Optional) A path to a PEM-encoded certificate authority used to verify the remote agent's certificate.
certFileOptional
public readonly certFile: string;
- Type: string
(Optional) A path to a PEM-encoded certificate provided to the remote agent;
requires use of key_file.
datacenterOptional
public readonly datacenter: string;
- Type: string
(Optional) The datacenter to use.
Defaults to that of the agent.
gzipOptional
public readonly gzip: boolean;
- Type: boolean
(Optional) true to compress the state data using gzip, or false (the default) to leave it uncompressed.
httpAuthOptional
public readonly httpAuth: string;
- Type: string
(Optional) HTTP Basic Authentication credentials to be used when communicating with Consul, in the format of either user or user:pass.
keyFileOptional
public readonly keyFile: string;
- Type: string
(Optional) A path to a PEM-encoded private key, required if cert_file is specified.
lockOptional
public readonly lock: boolean;
- Type: boolean
(Optional) false to disable locking.
This defaults to true, but will require session permissions with Consul and at least kv write permissions on $path/.lock to perform locking.
schemeOptional
public readonly scheme: string;
- Type: string
(Optional) Specifies what protocol to use when talking to the given address,either http or https.
SSL support can also be triggered by setting then environment variable CONSUL_HTTP_SSL to true.
DataTerraformRemoteStateCosConfig
Initializer
import { DataTerraformRemoteStateCosConfig } from 'cdktf'
const dataTerraformRemoteStateCosConfig: DataTerraformRemoteStateCosConfig = { ... }
Properties
| Name | Type | Description |
|---|---|---|
defaults | {[ key: string ]: any} | No description. |
workspace | string | No description. |
bucket | string | (Required) The name of the COS bucket. |
accelerate | boolean | (Optional) Whether to enable global Acceleration. |
acl | string | (Optional) Object ACL to be applied to the state file, allows private and public-read. |
assumeRole | CosBackendAssumeRole | (Optional) The assume_role block. |
domain | string | (Optional) The root domain of the API request. |
encrypt | boolean | (Optional) Whether to enable server side encryption of the state file. |
endpoint | string | (Optional) The Custom Endpoint for the COS backend. |
key | string | (Optional) The path for saving the state file in bucket. |
prefix | string | (Optional) The directory for saving the state file in bucket. |
region | string | (Optional) The region of the COS bucket. |
secretId | string | (Optional) Secret id of Tencent Cloud. |
secretKey | string | (Optional) Secret key of Tencent Cloud. |
securityToken | string | (Optional) TencentCloud Security Token of temporary access credentials. |
defaultsOptional
public readonly defaults: {[ key: string ]: any};
- Type: {[ key: string ]: any}
workspaceOptional
public readonly workspace: string;
- Type: string
bucketRequired
public readonly bucket: string;
- Type: string
(Required) The name of the COS bucket.
You shall manually create it first.
accelerateOptional
public readonly accelerate: boolean;
- Type: boolean
(Optional) Whether to enable global Acceleration.
Defaults to false.
aclOptional
public readonly acl: string;
- Type: string
(Optional) Object ACL to be applied to the state file, allows private and public-read.
Defaults to private.
assumeRoleOptional
public readonly assumeRole: CosBackendAssumeRole;
- Type: CosBackendAssumeRole
(Optional) The assume_role block.
If provided, terraform will attempt to assume this role using the supplied credentials.
domainOptional
public readonly domain: string;
- Type: string
(Optional) The root domain of the API request.
Defaults to tencentcloudapi.com. It supports the environment variable TENCENTCLOUD_DOMAIN.
encryptOptional
public readonly encrypt: boolean;
- Type: boolean
(Optional) Whether to enable server side encryption of the state file.
If it is true, COS will use 'AES256' encryption algorithm to encrypt state file.
endpointOptional
public readonly endpoint: string;
- Type: string
(Optional) The Custom Endpoint for the COS backend.
It supports the environment variable TENCENTCLOUD_ENDPOINT.
keyOptional
public readonly key: string;
- Type: string
(Optional) The path for saving the state file in bucket.
Defaults to terraform.tfstate.
prefixOptional
public readonly prefix: string;
- Type: string
(Optional) The directory for saving the state file in bucket.
Default to "env:".
regionOptional
public readonly region: string;
- Type: string
(Optional) The region of the COS bucket.
It supports environment variables TENCENTCLOUD_REGION.
secretIdOptional
public readonly secretId: string;
- Type: string
(Optional) Secret id of Tencent Cloud.
It supports environment variables TENCENTCLOUD_SECRET_ID.
secretKeyOptional
public readonly secretKey: string;
- Type: string
(Optional) Secret key of Tencent Cloud.
It supports environment variables TENCENTCLOUD_SECRET_KEY.
securityTokenOptional
public readonly securityToken: string;
- Type: string
(Optional) TencentCloud Security Token of temporary access credentials.
It supports environment variables TENCENTCLOUD_SECURITY_TOKEN.
DataTerraformRemoteStateGcsConfig
Initializer
import { DataTerraformRemoteStateGcsConfig } from 'cdktf'
const dataTerraformRemoteStateGcsConfig: DataTerraformRemoteStateGcsConfig = { ... }
Properties
| Name | Type | Description |
|---|---|---|
defaults | {[ key: string ]: any} | No description. |
workspace | string | No description. |
bucket | string | (Required) The name of the GCS bucket. |
accessToken | string | (Optional) A temporary [OAuth 2.0 access token] obtained from the Google Authorization server, i.e. the Authorization: Bearer token used to authenticate HTTP requests to GCP APIs. This is an alternative to credentials. If both are specified, access_token will be used over the credentials field. |
credentials | string | (Optional) Local path to Google Cloud Platform account credentials in JSON format. |
encryptionKey | string | (Optional) A 32 byte base64 encoded 'customer supplied encryption key' used to encrypt all state. |
impersonateServiceAccount | string | (Optional) The service account to impersonate for accessing the State Bucket. |
impersonateServiceAccountDelegates | string[] | (Optional) The delegation chain for an impersonating a service account. |
kmsEncryptionKey | string | (Optional) A Cloud KMS key ('customer-managed encryption key') used when reading and writing state files in the bucket. |
prefix | string | (Optional) GCS prefix inside the bucket. |
storeageCustomEndpoint | string | (Optional) A URL containing three parts: the protocol, the DNS name pointing to a Private Service Connect endpoint, and the path for the Cloud Storage API (/storage/v1/b). |
defaultsOptional
public readonly defaults: {[ key: string ]: any};
- Type: {[ key: string ]: any}
workspaceOptional
public readonly workspace: string;
- Type: string
bucketRequired
public readonly bucket: string;
- Type: string
(Required) The name of the GCS bucket.
This name must be globally unique.
accessTokenOptional
public readonly accessToken: string;
- Type: string
(Optional) A temporary [OAuth 2.0 access token] obtained from the Google Authorization server, i.e. the Authorization: Bearer token used to authenticate HTTP requests to GCP APIs. This is an alternative to credentials. If both are specified, access_token will be used over the credentials field.
credentialsOptional
public readonly credentials: string;
- Type: string
(Optional) Local path to Google Cloud Platform account credentials in JSON format.
If unset, Google Application Default Credentials are used. The provided credentials must have Storage Object Admin role on the bucket.
Warning: if using the Google Cloud Platform provider as well, it will also pick up the GOOGLE_CREDENTIALS environment variable.
encryptionKeyOptional
public readonly encryptionKey: string;
- Type: string
(Optional) A 32 byte base64 encoded 'customer supplied encryption key' used to encrypt all state.
impersonateServiceAccountOptional
public readonly impersonateServiceAccount: string;
- Type: string
(Optional) The service account to impersonate for accessing the State Bucket.
You must have roles/iam.serviceAccountTokenCreator role on that account for the impersonation to succeed. If you are using a delegation chain, you can specify that using the impersonate_service_account_delegates field. Alternatively, this can be specified using the GOOGLE_IMPERSONATE_SERVICE_ACCOUNT environment variable.
impersonateServiceAccountDelegatesOptional
public readonly impersonateServiceAccountDelegates: string[];
- Type: string[]
(Optional) The delegation chain for an impersonating a service account.
kmsEncryptionKeyOptional
public readonly kmsEncryptionKey: string;
- Type: string
(Optional) A Cloud KMS key ('customer-managed encryption key') used when reading and writing state files in the bucket.
Format should be projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{name}}. For more information, including IAM requirements, see {@link https://cloud.google.com/storage/docs/encryption/customer-managed-keys Customer-managed Encryption Keys}.
prefixOptional
public readonly prefix: string;
- Type: string
(Optional) GCS prefix inside the bucket.
Named states for workspaces are stored in an object called < prefix >/< name >.tfstate.
storeageCustomEndpointOptional
public readonly storeageCustomEndpoint: string;
- Type: string
(Optional) A URL containing three parts: the protocol, the DNS name pointing to a Private Service Connect endpoint, and the path for the Cloud Storage API (/storage/v1/b).
{@link https://developer.hashicorp.com/terraform/language/settings/backends/gcs#storage_custom_endpoint See here for more details}
DataTerraformRemoteStateHttpConfig
Initializer
import { DataTerraformRemoteStateHttpConfig } from 'cdktf'
const dataTerraformRemoteStateHttpConfig: DataTerraformRemoteStateHttpConfig = { ... }
Properties
| Name | Type | Description |
|---|---|---|
defaults | {[ key: string ]: any} | No description. |
workspace | string | No description. |
address | string | (Required) The address of the REST endpoint. |
clientCaCertificatePem | string | (Optional) A PEM-encoded CA certificate chain used by the client to verify server certificates during TLS authentication. |
clientCertificatePem | string | (Optional) A PEM-encoded certificate used by the server to verify the client during mutual TLS (mTLS) authentication. |
clientPrivateKeyPem | string | (Optional) A PEM-encoded private key, required if client_certificate_pem is specified. |
lockAddress | string | (Optional) The address of the lock REST endpoint. |
lockMethod | string | (Optional) The HTTP method to use when locking. |
password | string | (Optional) The password for HTTP basic authentication. |
retryMax | number | (Optional) The number of HTTP request retries. |
retryWaitMax | number | (Optional) The maximum time in seconds to wait between HTTP request attempts. |
retryWaitMin | number | (Optional) The minimum time in seconds to wait between HTTP request attempts. |
skipCertVerification | boolean | (Optional) Whether to skip TLS verification. |
unlockAddress | string | (Optional) The address of the unlock REST endpoint. |
unlockMethod | string | (Optional) The HTTP method to use when unlocking. |
updateMethod | string | (Optional) HTTP method to use when updating state. |
username | string | (Optional) The username for HTTP basic authentication. |
defaultsOptional
public readonly defaults: {[ key: string ]: any};
- Type: {[ key: string ]: any}
workspaceOptional
public readonly workspace: string;
- Type: string
addressRequired
public readonly address: string;
- Type: string
(Required) The address of the REST endpoint.
clientCaCertificatePemOptional
public readonly clientCaCertificatePem: string;
- Type: string
(Optional) A PEM-encoded CA certificate chain used by the client to verify server certificates during TLS authentication.
clientCertificatePemOptional
public readonly clientCertificatePem: string;
- Type: string
(Optional) A PEM-encoded certificate used by the server to verify the client during mutual TLS (mTLS) authentication.
clientPrivateKeyPemOptional
public readonly clientPrivateKeyPem: string;
- Type: string
(Optional) A PEM-encoded private key, required if client_certificate_pem is specified.
lockAddressOptional
public readonly lockAddress: string;
- Type: string
(Optional) The address of the lock REST endpoint.
Defaults to disabled.
lockMethodOptional
public readonly lockMethod: string;
- Type: string
(Optional) The HTTP method to use when locking.
Defaults to LOCK.
passwordOptional
public readonly password: string;
- Type: string
(Optional) The password for HTTP basic authentication.
retryMaxOptional
public readonly retryMax: number;
- Type: number
(Optional) The number of HTTP request retries.
Defaults to 2.
retryWaitMaxOptional
public readonly retryWaitMax: number;
- Type: number
(Optional) The maximum time in seconds to wait between HTTP request attempts.
Defaults to 30.
retryWaitMinOptional
public readonly retryWaitMin: number;
- Type: number
(Optional) The minimum time in seconds to wait between HTTP request attempts.
Defaults to 1.
skipCertVerificationOptional
public readonly skipCertVerification: boolean;
- Type: boolean
(Optional) Whether to skip TLS verification.
Defaults to false.
unlockAddressOptional
public readonly unlockAddress: string;
- Type: string
(Optional) The address of the unlock REST endpoint.
Defaults to disabled.
unlockMethodOptional
public readonly unlockMethod: string;
- Type: string
(Optional) The HTTP method to use when unlocking.
Defaults to UNLOCK.
updateMethodOptional
public readonly updateMethod: string;
- Type: string
(Optional) HTTP method to use when updating state.
Defaults to POST.
usernameOptional
public readonly username: string;
- Type: string
(Optional) The username for HTTP basic authentication.
DataTerraformRemoteStateLocalConfig
Initializer
import { DataTerraformRemoteStateLocalConfig } from 'cdktf'
const dataTerraformRemoteStateLocalConfig: DataTerraformRemoteStateLocalConfig = { ... }
Properties
| Name | Type | Description |
|---|---|---|
defaults | {[ key: string ]: any} | No description. |
workspace | string | No description. |
path | string | Path where the state file is stored. |
workspaceDir | string | (Optional) The path to non-default workspaces. |
defaultsOptional
public readonly defaults: {[ key: string ]: any};
- Type: {[ key: string ]: any}
workspaceOptional
public readonly workspace: string;
- Type: string
pathOptional
public readonly path: string;
- Type: string
- Default: defaults to terraform.${stackId}.tfstate
Path where the state file is stored.
workspaceDirOptional
public readonly workspaceDir: string;
- Type: string
(Optional) The path to non-default workspaces.
DataTerraformRemoteStateOssConfig
Initializer
import { DataTerraformRemoteStateOssConfig } from 'cdktf'
const dataTerraformRemoteStateOssConfig: DataTerraformRemoteStateOssConfig = { ... }
Properties
| Name | Type | Description |
|---|---|---|
defaults | {[ key: string ]: any} | No description. |
workspace | string | No description. |
bucket | string | (Required) The name of the OSS bucket. |
accessKey | string | (Optional) Alibaba Cloud access key. |
acl | string | (Optional) Object ACL to be applied to the state file. |
assumeRole | OssAssumeRole | No description. |
assumeRolePolicy | string | (Optional, Available in 1.1.0+) A more restrictive policy to apply to the temporary credentials. This gives you a way to further restrict the permissions for the resulting temporary security credentials. You cannot use this policy to grant permissions that exceed those of the role that is being assumed. |
assumeRoleRoleArn | string | (Optional, Available in 1.1.0+) The ARN of the role to assume. If ARN is set to an empty string, it does not perform role switching. It supports the environment variable ALICLOUD_ASSUME_ROLE_ARN. Terraform executes configuration on account with provided credentials. |
assumeRoleSessionExpiration | number | (Optional, Available in 1.1.0+) The time after which the established session for assuming role expires. Valid value range: [900-3600] seconds. Default to 3600 (in this case Alibaba Cloud uses its own default value). It supports environment variable ALICLOUD_ASSUME_ROLE_SESSION_EXPIRATION. |
assumeRoleSessionName | string | (Optional, Available in 1.1.0+) The session name to use when assuming the role. If omitted, 'terraform' is passed to the AssumeRole call as session name. It supports environment variable ALICLOUD_ASSUME_ROLE_SESSION_NAME. |
ecsRoleName | string | (Optional, Available in 0.12.14+) The RAM Role Name attached on a ECS instance for API operations. You can retrieve this from the 'Access Control' section of the Alibaba Cloud console. |
encrypt | boolean | (Optional) Whether to enable server side encryption of the state file. |
endpoint | string | (Optional) A custom endpoint for the OSS API. |
key | string | (Optional) The name of the state file. |
prefix | string | (Optional) The path directory of the state file will be stored. |
profile | string | (Optional, Available in 0.12.8+) This is the Alibaba Cloud profile name as set in the shared credentials file. It can also be sourced from the ALICLOUD_PROFILE environment variable. |
region | string | (Optional) The region of the OSS bucket. |
secretKey | string | (Optional) Alibaba Cloud secret access key. |
securityToken | string | (Optional) STS access token. |
sharedCredentialsFile | string | (Optional, Available in 0.12.8+) This is the path to the shared credentials file. It can also be sourced from the ALICLOUD_SHARED_CREDENTIALS_FILE environment variable. If this is not set and a profile is specified, ~/.aliyun/config.json will be used. |
stsEndpoint | string | (Optional, Available in 1.0.11+) Custom endpoint for the AliCloud Security Token Service (STS) API. It supports environment variable ALICLOUD_STS_ENDPOINT. |
tablestoreEndpoint | string | (Optional) A custom endpoint for the TableStore API. |
tablestoreTable | string | (Optional) A TableStore table for state locking and consistency. |
defaultsOptional
public readonly defaults: {[ key: string ]: any};
- Type: {[ key: string ]: any}
workspaceOptional
public readonly workspace: string;
- Type: string
bucketRequired
public readonly bucket: string;
- Type: string
(Required) The name of the OSS bucket.
accessKeyOptional
public readonly accessKey: string;
- Type: string
(Optional) Alibaba Cloud access key.
It supports environment variables ALICLOUD_ACCESS_KEY and ALICLOUD_ACCESS_KEY_ID.
aclOptional
public readonly acl: string;
- Type: string
(Optional) Object ACL to be applied to the state file.
assumeRole
assumeRole- Deprecated: Use flattened assume role options
public readonly assumeRole: OssAssumeRole;
- Type: OssAssumeRole
assumeRolePolicyOptional
public readonly assumeRolePolicy: string;
- Type: string
(Optional, Available in 1.1.0+) A more restrictive policy to apply to the temporary credentials. This gives you a way to further restrict the permissions for the resulting temporary security credentials. You cannot use this policy to grant permissions that exceed those of the role that is being assumed.
assumeRoleRoleArnOptional
public readonly assumeRoleRoleArn: string;
- Type: string
(Optional, Available in 1.1.0+) The ARN of the role to assume. If ARN is set to an empty string, it does not perform role switching. It supports the environment variable ALICLOUD_ASSUME_ROLE_ARN. Terraform executes configuration on account with provided credentials.
assumeRoleSessionExpirationOptional
public readonly assumeRoleSessionExpiration: number;
- Type: number
(Optional, Available in 1.1.0+) The time after which the established session for assuming role expires. Valid value range: [900-3600] seconds. Default to 3600 (in this case Alibaba Cloud uses its own default value). It supports environment variable ALICLOUD_ASSUME_ROLE_SESSION_EXPIRATION.
assumeRoleSessionNameOptional
public readonly assumeRoleSessionName: string;
- Type: string
(Optional, Available in 1.1.0+) The session name to use when assuming the role. If omitted, 'terraform' is passed to the AssumeRole call as session name. It supports environment variable ALICLOUD_ASSUME_ROLE_SESSION_NAME.
ecsRoleNameOptional
public readonly ecsRoleName: string;
- Type: string
(Optional, Available in 0.12.14+) The RAM Role Name attached on a ECS instance for API operations. You can retrieve this from the 'Access Control' section of the Alibaba Cloud console.
encryptOptional
public readonly encrypt: boolean;
- Type: boolean
(Optional) Whether to enable server side encryption of the state file.
If it is true, OSS will use 'AES256' encryption algorithm to encrypt state file.
endpointOptional
public readonly endpoint: string;
- Type: string
(Optional) A custom endpoint for the OSS API.
It supports environment variables ALICLOUD_OSS_ENDPOINT and OSS_ENDPOINT.
keyOptional
public readonly key: string;
- Type: string
(Optional) The name of the state file.
Defaults to terraform.tfstate.
prefixOptional
public readonly prefix: string;
- Type: string
(Optional) The path directory of the state file will be stored.
Default to "env:".
profileOptional
public readonly profile: string;
- Type: string
(Optional, Available in 0.12.8+) This is the Alibaba Cloud profile name as set in the shared credentials file. It can also be sourced from the ALICLOUD_PROFILE environment variable.
regionOptional
public readonly region: string;
- Type: string
(Optional) The region of the OSS bucket.
It supports environment variables ALICLOUD_REGION and ALICLOUD_DEFAULT_REGION.
secretKeyOptional
public readonly secretKey: string;
- Type: string
(Optional) Alibaba Cloud secret access key.
It supports environment variables ALICLOUD_SECRET_KEY and ALICLOUD_ACCESS_KEY_SECRET.
securityTokenOptional
public readonly securityToken: string;
- Type: string
(Optional) STS access token.
It supports environment variable ALICLOUD_SECURITY_TOKEN.
sharedCredentialsFileOptional
public readonly sharedCredentialsFile: string;
- Type: string
(Optional, Available in 0.12.8+) This is the path to the shared credentials file. It can also be sourced from the ALICLOUD_SHARED_CREDENTIALS_FILE environment variable. If this is not set and a profile is specified, ~/.aliyun/config.json will be used.
stsEndpointOptional
public readonly stsEndpoint: string;
- Type: string
(Optional, Available in 1.0.11+) Custom endpoint for the AliCloud Security Token Service (STS) API. It supports environment variable ALICLOUD_STS_ENDPOINT.
tablestoreEndpointOptional
public readonly tablestoreEndpoint: string;
- Type: string
(Optional) A custom endpoint for the TableStore API.
tablestoreTableOptional
public readonly tablestoreTable: string;
- Type: string
(Optional) A TableStore table for state locking and consistency.
The table must have a primary key named LockID of type String.
DataTerraformRemoteStatePgConfig
Initializer
import { DataTerraformRemoteStatePgConfig } from 'cdktf'
const dataTerraformRemoteStatePgConfig: DataTerraformRemoteStatePgConfig = { ... }
Properties
| Name | Type | Description |
|---|---|---|
defaults | {[ key: string ]: any} | No description. |
workspace | string | No description. |
connStr | string | Postgres connection string; |
schemaName | string | Name of the automatically-managed Postgres schema, default to terraform_remote_state. |
skipIndexCreation | boolean | If set to true, the Postgres index must already exist. |
skipSchemaCreation | boolean | If set to true, the Postgres schema must already exist. |
skipTableCreation | boolean | If set to true, the Postgres table must already exist. |
defaultsOptional
public readonly defaults: {[ key: string ]: any};
- Type: {[ key: string ]: any}
workspaceOptional
public readonly workspace: string;
- Type: string
connStrRequired
public readonly connStr: string;
- Type: string
Postgres connection string;
a postgres:// URL. The PG_CONN_STR and standard libpq environment variables can also be used to indicate how to connect to the PostgreSQL database.
schemaNameOptional
public readonly schemaName: string;
- Type: string
Name of the automatically-managed Postgres schema, default to terraform_remote_state.
Can also be set using the PG_SCHEMA_NAME environment variable.
skipIndexCreationOptional
public readonly skipIndexCreation: boolean;
- Type: boolean
If set to true, the Postgres index must already exist.
Can also be set using the PG_SKIP_INDEX_CREATION environment variable. Terraform won't try to create the index, this is useful when it has already been created by a database administrator.
skipSchemaCreationOptional
public readonly skipSchemaCreation: boolean;
- Type: boolean
If set to true, the Postgres schema must already exist.
Can also be set using the PG_SKIP_SCHEMA_CREATION environment variable. Terraform won't try to create the schema, this is useful when it has already been created by a database administrator.
skipTableCreationOptional
public readonly skipTableCreation: boolean;
- Type: boolean
If set to true, the Postgres table must already exist.
Can also be set using the PG_SKIP_TABLE_CREATION environment variable. Terraform won't try to create the table, this is useful when it has already been created by a database administrator.
DataTerraformRemoteStateRemoteConfig
Initializer
import { DataTerraformRemoteStateRemoteConfig } from 'cdktf'
const dataTerraformRemoteStateRemoteConfig: DataTerraformRemoteStateRemoteConfig = { ... }
Properties
| Name | Type | Description |
|---|---|---|
defaults | {[ key: string ]: any} | No description. |
workspace | string | No description. |
organization | string | No description. |
workspaces | IRemoteWorkspace | No description. |
hostname | string | No description. |
token | string | No description. |
defaultsOptional
public readonly defaults: {[ key: string ]: any};
- Type: {[ key: string ]: any}
workspaceOptional
public readonly workspace: string;
- Type: string
organizationRequired
public readonly organization: string;
- Type: string
workspacesRequired
public readonly workspaces: IRemoteWorkspace;
- Type: IRemoteWorkspace
hostnameOptional
public readonly hostname: string;
- Type: string
tokenOptional
public readonly token: string;
- Type: string
DataTerraformRemoteStateS3Config
Initializer
import { DataTerraformRemoteStateS3Config } from 'cdktf'
const dataTerraformRemoteStateS3Config: DataTerraformRemoteStateS3Config = { ... }
Properties
| Name | Type | Description |
|---|---|---|
defaults | {[ key: string ]: any} | No description. |
workspace | string | No description. |
bucket | string | Name of the S3 Bucket. |
key | string | Path to the state file inside the S3 Bucket. |
accessKey | string | (Optional) AWS access key. |
acl | string | (Optional) Canned ACL to be applied to the state file. |
allowedAccountIds | string[] | (Optional) List of allowed AWS account IDs to prevent potential destruction of a live environment. |
assumeRole | S3BackendAssumeRoleConfig | Assuming an IAM Role can be configured in two ways. |
assumeRolePolicy | string | (Optional) IAM Policy JSON describing further restricting permissions for the IAM Role being assumed. |
assumeRolePolicyArns | string[] | (Optional) Set of Amazon Resource Names (ARNs) of IAM Policies describing further restricting permissions for the IAM Role being assumed. |
assumeRoleTags | {[ key: string ]: string} | (Optional) Map of assume role session tags. |
assumeRoleTransitiveTagKeys | string[] | (Optional) Set of assume role session tag keys to pass to any subsequent sessions. |
assumeRoleWithWebIdentity | S3BackendAssumeRoleWithWebIdentityConfig | Assume Role With Web Identity Configuration. |
customCaBundle | string | (Optional) File containing custom root and intermediate certificates. |
dynamodbEndpoint | string | (Optional) Custom endpoint for the AWS DynamoDB API. |
dynamodbTable | string | (Optional) Name of DynamoDB Table to use for state locking and consistency. |
ec2MetadataServiceEndpoint | string | Optional) Custom endpoint URL for the EC2 Instance Metadata Service (IMDS) API. |
ec2MetadataServiceEndpointMode | string | (Optional) Mode to use in communicating with the metadata service. |
encrypt | boolean | (Optional) Enable server side encryption of the state file. |
endpoint | string | (Optional) Custom endpoint for the AWS S3 API. |
endpoints | S3BackendEndpointConfig | (Optional) The endpoint configuration block. |
externalId | string | (Optional) External identifier to use when assuming the role. |
forbiddenAccountIds | string[] | (Optional) List of forbidden AWS account IDs to prevent potential destruction of a live environment. |
forcePathStyle | boolean | (Optional) Enable path-style S3 URLs (https://< HOST >/< BUCKET > instead of https://< BUCKET >.< HOST >). |
httpProxy | string | (Optional) URL of a proxy to use for HTTP requests when accessing the AWS API. |
httpsProxy | string | (Optional) URL of a proxy to use for HTTPS requests when accessing the AWS API. |
iamEndpoint | string | (Optional) Custom endpoint for the AWS Identity and Access Management (IAM) API. |
insecure | boolean | Optional) Whether to explicitly allow the backend to perform "insecure" SSL requests. |
kmsKeyId | string | (Optional) Amazon Resource Name (ARN) of a Key Management Service (KMS) Key to use for encrypting the state. |
maxRetries | number | (Optional) The maximum number of times an AWS API request is retried on retryable failure. |
noProxy | string | (Optional) Comma-separated list of hosts that should not use HTTP or HTTPS proxies. |
profile | string | (Optional) Name of AWS profile in AWS shared credentials file (e.g. ~/.aws/credentials) or AWS shared configuration file (e.g. ~/.aws/config) to use for credentials and/or configuration. This can also be sourced from the AWS_PROFILE environment variable. |
region | string | AWS Region of the S3 Bucket and DynamoDB Table (if used). |
retryMode | string | (Optional) Specifies how retries are attempted. |
roleArn | string | (Optional) Amazon Resource Name (ARN) of the IAM Role to assume. |
secretKey | string | (Optional) AWS secret access key. |
sessionName | string | (Optional) Session name to use when assuming the role. |
sharedConfigFiles | string[] | (Optional) List of paths to AWS shared configuration files. |
sharedCredentialsFile | string | (Optional) Path to the AWS shared credentials file. |
sharedCredentialsFiles | string[] | (Optional) List of paths to AWS shared credentials files. |
skipCredentialsValidation | boolean | (Optional) Skip credentials validation via the STS API. |
skipMetadataApiCheck | boolean | (Optional) Skip usage of EC2 Metadata API. |
skipRegionValidation | boolean | (Optional) Skip validation of provided region name. |
skipRequestingAccountId | boolean | (Optional) Whether to skip requesting the account ID. |
skipS3Checksum | boolean | (Optional) Do not include checksum when uploading S3 Objects. |
sseCustomerKey | string | (Optional) The key to use for encrypting state with Server-Side Encryption with Customer-Provided Keys (SSE-C). |
stsEndpoint | string | (Optional) Custom endpoint for the AWS Security Token Service (STS) API. |
stsRegion | string | (Optional) AWS region for STS. |
token | string | (Optional) Multi-Factor Authentication (MFA) token. |
useLegacyWorkflow | boolean | (Optional) Use the legacy authentication workflow, preferring environment variables over backend configuration. |
usePathStyle | boolean | (Optional) Enable path-style S3 URLs (https://< HOST >/< BUCKET > instead of https://< BUCKET >.< HOST >). |
workspaceKeyPrefix | string | (Optional) Prefix applied to the state path inside the bucket. |
defaultsOptional
public readonly defaults: {[ key: string ]: any};
- Type: {[ key: string ]: any}
workspaceOptional
public readonly workspace: string;
- Type: string
bucketRequired
public readonly bucket: string;
- Type: string
Name of the S3 Bucket.
keyRequired
public readonly key: string;
- Type: string
Path to the state file inside the S3 Bucket.
When using a non-default workspace, the state path will be /workspace_key_prefix/workspace_name/key
accessKeyOptional
public readonly accessKey: string;
- Type: string
(Optional) AWS access key.
If configured, must also configure secret_key. This can also be sourced from the AWS_ACCESS_KEY_ID environment variable, AWS shared credentials file (e.g. ~/.aws/credentials), or AWS shared configuration file (e.g. ~/.aws/config).
aclOptional
public readonly acl: string;
- Type: string
(Optional) Canned ACL to be applied to the state file.
allowedAccountIdsOptional
public readonly allowedAccountIds: string[];
- Type: string[]
(Optional) List of allowed AWS account IDs to prevent potential destruction of a live environment.
Conflicts with forbidden_account_ids.
assumeRoleOptional
public readonly assumeRole: S3BackendAssumeRoleConfig;
Assuming an IAM Role can be configured in two ways.
The preferred way is to use the argument assume_role, the other, which is deprecated, is with arguments at the top level.
assumeRolePolicy
assumeRolePolicy- Deprecated: Use assumeRole.policy instead.
public readonly assumeRolePolicy: string;
- Type: string
(Optional) IAM Policy JSON describing further restricting permissions for the IAM Role being assumed.
assumeRolePolicyArns
assumeRolePolicyArns- Deprecated: Use assumeRole.policyArns instead.
public readonly assumeRolePolicyArns: string[];
- Type: string[]
(Optional) Set of Amazon Resource Names (ARNs) of IAM Policies describing further restricting permissions for the IAM Role being assumed.
assumeRoleTags
assumeRoleTags- Deprecated: Use assumeRole.tags instead.
public readonly assumeRoleTags: {[ key: string ]: string};
- Type: {[ key: string ]: string}
(Optional) Map of assume role session tags.
assumeRoleTransitiveTagKeys
assumeRoleTransitiveTagKeys- Deprecated: Use assumeRole.transitiveTagKeys instead.
public readonly assumeRoleTransitiveTagKeys: string[];
- Type: string[]
(Optional) Set of assume role session tag keys to pass to any subsequent sessions.
assumeRoleWithWebIdentityOptional
public readonly assumeRoleWithWebIdentity: S3BackendAssumeRoleWithWebIdentityConfig;
Assume Role With Web Identity Configuration.
customCaBundleOptional
public readonly customCaBundle: string;
- Type: string
(Optional) File containing custom root and intermediate certificates.
Can also be set using the AWS_CA_BUNDLE environment variable. Setting ca_bundle in the shared config file is not supported.
dynamodbEndpoint
dynamodbEndpoint- Deprecated: Use endpoints.dynamodb instead
public readonly dynamodbEndpoint: string;
- Type: string
(Optional) Custom endpoint for the AWS DynamoDB API.
This can also be sourced from the AWS_DYNAMODB_ENDPOINT environment variable.
dynamodbTableOptional
public readonly dynamodbTable: string;
- Type: string
(Optional) Name of DynamoDB Table to use for state locking and consistency.
The table must have a partition key named LockID with type of String. If not configured, state locking will be disabled.
ec2MetadataServiceEndpointOptional
public readonly ec2MetadataServiceEndpoint: string;
- Type: string
Optional) Custom endpoint URL for the EC2 Instance Metadata Service (IMDS) API.
Can also be set with the AWS_EC2_METADATA_SERVICE_ENDPOINT environment variable.
ec2MetadataServiceEndpointModeOptional
public readonly ec2MetadataServiceEndpointMode: string;
- Type: string
(Optional) Mode to use in communicating with the metadata service.
Valid values are IPv4 and IPv6. Can also be set with the AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE environment variable.
encryptOptional
public readonly encrypt: boolean;
- Type: boolean
(Optional) Enable server side encryption of the state file.
endpoint
endpoint- Deprecated: Use endpoints.s3 instead
public readonly endpoint: string;
- Type: string
(Optional) Custom endpoint for the AWS S3 API.
This can also be sourced from the AWS_S3_ENDPOINT environment variable.
endpointsOptional
public readonly endpoints: S3BackendEndpointConfig;
- Type: S3BackendEndpointConfig
(Optional) The endpoint configuration block.
externalId
externalId- Deprecated: Use assume_role.external_id instead.
public readonly externalId: string;
- Type: string
(Optional) External identifier to use when assuming the role.
forbiddenAccountIdsOptional
public readonly forbiddenAccountIds: string[];
- Type: string[]
(Optional) List of forbidden AWS account IDs to prevent potential destruction of a live environment.
Conflicts with allowed_account_ids.
forcePathStyle
forcePathStyle- Deprecated: Use usePathStyle instead
public readonly forcePathStyle: boolean;
- Type: boolean
(Optional) Enable path-style S3 URLs (https://< HOST >/< BUCKET > instead of https://< BUCKET >.< HOST >).
httpProxyOptional
public readonly httpProxy: string;
- Type: string
(Optional) URL of a proxy to use for HTTP requests when accessing the AWS API.
Can also be set using the HTTP_PROXY or http_proxy environment variables.
httpsProxyOptional
public readonly httpsProxy: string;
- Type: string
(Optional) URL of a proxy to use for HTTPS requests when accessing the AWS API.
Can also be set using the HTTPS_PROXY or https_proxy environment variables.
iamEndpoint
iamEndpoint- Deprecated: Use endpoints.iam instead
public readonly iamEndpoint: string;
- Type: string
(Optional) Custom endpoint for the AWS Identity and Access Management (IAM) API.
This can also be sourced from the AWS_IAM_ENDPOINT environment variable.
insecureOptional
public readonly insecure: boolean;
- Type: boolean
Optional) Whether to explicitly allow the backend to perform "insecure" SSL requests.
If omitted, the default value is false.
kmsKeyIdOptional
public readonly kmsKeyId: string;
- Type: string
(Optional) Amazon Resource Name (ARN) of a Key Management Service (KMS) Key to use for encrypting the state.
Note that if this value is specified, Terraform will need kms:Encrypt, kms:Decrypt and kms:GenerateDataKey permissions on this KMS key.
maxRetriesOptional
public readonly maxRetries: number;
- Type: number
(Optional) The maximum number of times an AWS API request is retried on retryable failure.
Defaults to 5.
noProxyOptional
public readonly noProxy: string;
- Type: string
(Optional) Comma-separated list of hosts that should not use HTTP or HTTPS proxies.
Each value can be one of:
- A domain name
- An IP address
- A CIDR address
- An asterisk (*), to indicate that no proxying should be performed Domain name and IP address values can also include a port number. Can also be set using the NO_PROXY or no_proxy environment variables.
profileOptional
public readonly profile: string;
- Type: string
(Optional) Name of AWS profile in AWS shared credentials file (e.g. ~/.aws/credentials) or AWS shared configuration file (e.g. ~/.aws/config) to use for credentials and/or configuration. This can also be sourced from the AWS_PROFILE environment variable.
regionOptional
public readonly region: string;
- Type: string
AWS Region of the S3 Bucket and DynamoDB Table (if used).
This can also be sourced from the AWS_DEFAULT_REGION and AWS_REGION environment variables.
retryModeOptional
public readonly retryMode: string;
- Type: string
(Optional) Specifies how retries are attempted.
Valid values are standard and adaptive. Can also be configured using the AWS_RETRY_MODE environment variable or the shared config file parameter retry_mode.
roleArn
roleArn- Deprecated: Use assumeRole.roleArn instead.
public readonly roleArn: string;
- Type: string
(Optional) Amazon Resource Name (ARN) of the IAM Role to assume.
secretKeyOptional
public readonly secretKey: string;
- Type: string
(Optional) AWS secret access key.
If configured, must also configure access_key. This can also be sourced from the AWS_SECRET_ACCESS_KEY environment variable, AWS shared credentials file (e.g. ~/.aws/credentials), or AWS shared configuration file (e.g. ~/.aws/config)
sessionName
sessionName- Deprecated: Use assumeRole.sessionName instead.
public readonly sessionName: string;
- Type: string
(Optional) Session name to use when assuming the role.
sharedConfigFilesOptional
public readonly sharedConfigFiles: string[];
- Type: string[]
(Optional) List of paths to AWS shared configuration files.
Defaults to ~/.aws/config.
sharedCredentialsFileOptional
public readonly sharedCredentialsFile: string;
- Type: string
(Optional) Path to the AWS shared credentials file.
Defaults to ~/.aws/credentials.
sharedCredentialsFilesOptional
public readonly sharedCredentialsFiles: string[];
- Type: string[]
(Optional) List of paths to AWS shared credentials files.
Defaults to ~/.aws/credentials.
skipCredentialsValidationOptional
public readonly skipCredentialsValidation: boolean;
- Type: boolean
(Optional) Skip credentials validation via the STS API.
skipMetadataApiCheckOptional
public readonly skipMetadataApiCheck: boolean;
- Type: boolean
(Optional) Skip usage of EC2 Metadata API.
skipRegionValidationOptional
public readonly skipRegionValidation: boolean;
- Type: boolean
(Optional) Skip validation of provided region name.
skipRequestingAccountIdOptional
public readonly skipRequestingAccountId: boolean;
- Type: boolean
(Optional) Whether to skip requesting the account ID.
Useful for AWS API implementations that do not have the IAM, STS API, or metadata API.
skipS3ChecksumOptional
public readonly skipS3Checksum: boolean;
- Type: boolean
(Optional) Do not include checksum when uploading S3 Objects.
Useful for some S3-Compatible APIs.
sseCustomerKeyOptional
public readonly sseCustomerKey: string;
- Type: string
(Optional) The key to use for encrypting state with Server-Side Encryption with Customer-Provided Keys (SSE-C).
This is the base64-encoded value of the key, which must decode to 256 bits. This can also be sourced from the AWS_SSE_CUSTOMER_KEY environment variable, which is recommended due to the sensitivity of the value. Setting it inside a terraform file will cause it to be persisted to disk in terraform.tfstate.
stsEndpoint
stsEndpoint- Deprecated: Use endpoints.sts instead
public readonly stsEndpoint: string;
- Type: string
(Optional) Custom endpoint for the AWS Security Token Service (STS) API.
This can also be sourced from the AWS_STS_ENDPOINT environment variable.
stsRegionOptional
public readonly stsRegion: string;
- Type: string
(Optional) AWS region for STS.
If unset, AWS will use the same region for STS as other non-STS operations.
tokenOptional
public readonly token: string;
- Type: string
(Optional) Multi-Factor Authentication (MFA) token.
This can also be sourced from the AWS_SESSION_TOKEN environment variable.
useLegacyWorkflowOptional
public readonly useLegacyWorkflow: boolean;
- Type: boolean
(Optional) Use the legacy authentication workflow, preferring environment variables over backend configuration.
Defaults to true. This behavior does not align with the authentication flow of the AWS CLI or SDK's, and will be removed in the future.
usePathStyleOptional
public readonly usePathStyle: boolean;
- Type: boolean
(Optional) Enable path-style S3 URLs (https://< HOST >/< BUCKET > instead of https://< BUCKET >.< HOST >).
workspaceKeyPrefixOptional
public readonly workspaceKeyPrefix: string;
- Type: string
(Optional) Prefix applied to the state path inside the bucket.
This is only relevant when using a non-default workspace. Defaults to env:
DataTerraformRemoteStateSwiftConfig
Initializer
import { DataTerraformRemoteStateSwiftConfig } from 'cdktf'
const dataTerraformRemoteStateSwiftConfig: DataTerraformRemoteStateSwiftConfig = { ... }
Properties
| Name | Type | Description |
|---|---|---|
defaults | {[ key: string ]: any} | No description. |
workspace | string | No description. |
container | string | No description. |
applicationCredentialId | string | No description. |
applicationCredentialName | string | No description. |
applicationCredentialSecret | string | No description. |
archiveContainer | string | No description. |
authUrl | string | No description. |
cacertFile | string | No description. |
cert | string | No description. |
cloud | string | No description. |
defaultDomain | string | No description. |
domainId | string | No description. |
domainName | string | No description. |
expireAfter | string | No description. |
insecure | boolean | No description. |
key | string | No description. |
password | string | No description. |
projectDomainId | string | No description. |
projectDomainName | string | No description. |
regionName | string | No description. |
stateName | string | No description. |
tenantId | string | No description. |
tenantName | string | No description. |
token | string | No description. |
userDomainId | string | No description. |
userDomainName | string | No description. |
userId | string | No description. |
userName | string | No description. |
defaults
defaults- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public readonly defaults: {[ key: string ]: any};
- Type: {[ key: string ]: any}
workspace
workspace- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public readonly workspace: string;
- Type: string
container
container- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public readonly container: string;
- Type: string
applicationCredentialId
applicationCredentialId- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public readonly applicationCredentialId: string;
- Type: string
applicationCredentialName
applicationCredentialName- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public readonly applicationCredentialName: string;
- Type: string
applicationCredentialSecret
applicationCredentialSecret- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public readonly applicationCredentialSecret: string;
- Type: string
archiveContainer
archiveContainer- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public readonly archiveContainer: string;
- Type: string
authUrl
authUrl- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public readonly authUrl: string;
- Type: string
cacertFile
cacertFile- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public readonly cacertFile: string;
- Type: string
cert
cert- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public readonly cert: string;
- Type: string
cloud
cloud- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public readonly cloud: string;
- Type: string
defaultDomain
defaultDomain- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public readonly defaultDomain: string;
- Type: string
domainId
domainId- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public readonly domainId: string;
- Type: string
domainName
domainName- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public readonly domainName: string;
- Type: string
expireAfter
expireAfter- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public readonly expireAfter: string;
- Type: string
insecure
insecure- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public readonly insecure: boolean;
- Type: boolean
key
key- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public readonly key: string;
- Type: string
password
password- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public readonly password: string;
- Type: string
projectDomainId
projectDomainId- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public readonly projectDomainId: string;
- Type: string
projectDomainName
projectDomainName- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public readonly projectDomainName: string;
- Type: string
regionName
regionName- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public readonly regionName: string;
- Type: string
stateName
stateName- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public readonly stateName: string;
- Type: string
tenantId
tenantId- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public readonly tenantId: string;
- Type: string
tenantName
tenantName- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public readonly tenantName: string;
- Type: string
token
token- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public readonly token: string;
- Type: string
userDomainId
userDomainId- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public readonly userDomainId: string;
- Type: string
userDomainName
userDomainName- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public readonly userDomainName: string;
- Type: string
userId
userId- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public readonly userId: string;
- Type: string
userName
userName- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public readonly userName: string;
- Type: string
EncodingOptions
Properties to string encodings.
Initializer
import { EncodingOptions } from 'cdktf'
const encodingOptions: EncodingOptions = { ... }
Properties
| Name | Type | Description |
|---|---|---|
displayHint | string | A hint for the Token's purpose when stringifying it. |
displayHintOptional
public readonly displayHint: string;
- Type: string
- Default: no display hint
A hint for the Token's purpose when stringifying it.
FileProvisioner
The file provisioner copies files or directories from the machine running Terraform to the newly created resource.
The file provisioner supports both ssh and winrm type connections.
See {@link https://developer.hashicorp.com/terraform/language/resources/provisioners/file file}
Initializer
import { FileProvisioner } from 'cdktf'
const fileProvisioner: FileProvisioner = { ... }
Properties
| Name | Type | Description |
|---|---|---|
destination | string | The source file or directory. |
type | string | No description. |
connection | SSHProvisionerConnection | WinrmProvisionerConnection | Most provisioners require access to the remote resource via SSH or WinRM and expect a nested connection block with details about how to connect. |
content | string | The destination path to write to on the remote system. |
source | string | The direct content to copy on the destination. |
destinationRequired
public readonly destination: string;
- Type: string
The source file or directory.
Specify it either relative to the current working directory or as an absolute path. This argument cannot be combined with content.
typeRequired
public readonly type: string;
- Type: string
connectionOptional
public readonly connection: SSHProvisionerConnection | WinrmProvisionerConnection;
Most provisioners require access to the remote resource via SSH or WinRM and expect a nested connection block with details about how to connect.
contentOptional
public readonly content: string;
- Type: string
The destination path to write to on the remote system.
See Destination Paths below for more information.
sourceOptional
public readonly source: string;
- Type: string
The direct content to copy on the destination.
If destination is a file, the content will be written on that file. In case of a directory, a file named tf-file-content is created inside that directory. We recommend using a file as the destination when using content. This argument cannot be combined with source.
GcsBackendConfig
Stores the state as an object in a configurable prefix in a pre-existing bucket on Google Cloud Storage (GCS).
The bucket must exist prior to configuring the backend.
This backend supports state locking.
Warning! It is highly recommended that you enable Object Versioning on the GCS bucket to allow for state recovery in the case of accidental deletions and human error.
Read more about this backend in the Terraform docs: https://developer.hashicorp.com/terraform/language/settings/backends/gcs
Initializer
import { GcsBackendConfig } from 'cdktf'
const gcsBackendConfig: GcsBackendConfig = { ... }
Properties
| Name | Type | Description |
|---|---|---|
bucket | string | (Required) The name of the GCS bucket. |
accessToken | string | (Optional) A temporary [OAuth 2.0 access token] obtained from the Google Authorization server, i.e. the Authorization: Bearer token used to authenticate HTTP requests to GCP APIs. This is an alternative to credentials. If both are specified, access_token will be used over the credentials field. |
credentials | string | (Optional) Local path to Google Cloud Platform account credentials in JSON format. |
encryptionKey | string | (Optional) A 32 byte base64 encoded 'customer supplied encryption key' used to encrypt all state. |
impersonateServiceAccount | string | (Optional) The service account to impersonate for accessing the State Bucket. |
impersonateServiceAccountDelegates | string[] | (Optional) The delegation chain for an impersonating a service account. |
kmsEncryptionKey | string | (Optional) A Cloud KMS key ('customer-managed encryption key') used when reading and writing state files in the bucket. |
prefix | string | (Optional) GCS prefix inside the bucket. |
storeageCustomEndpoint | string | (Optional) A URL containing three parts: the protocol, the DNS name pointing to a Private Service Connect endpoint, and the path for the Cloud Storage API (/storage/v1/b). |
bucketRequired
public readonly bucket: string;
- Type: string
(Required) The name of the GCS bucket.
This name must be globally unique.
accessTokenOptional
public readonly accessToken: string;
- Type: string
(Optional) A temporary [OAuth 2.0 access token] obtained from the Google Authorization server, i.e. the Authorization: Bearer token used to authenticate HTTP requests to GCP APIs. This is an alternative to credentials. If both are specified, access_token will be used over the credentials field.
credentialsOptional
public readonly credentials: string;
- Type: string
(Optional) Local path to Google Cloud Platform account credentials in JSON format.
If unset, Google Application Default Credentials are used. The provided credentials must have Storage Object Admin role on the bucket.
Warning: if using the Google Cloud Platform provider as well, it will also pick up the GOOGLE_CREDENTIALS environment variable.
encryptionKeyOptional
public readonly encryptionKey: string;
- Type: string
(Optional) A 32 byte base64 encoded 'customer supplied encryption key' used to encrypt all state.
impersonateServiceAccountOptional
public readonly impersonateServiceAccount: string;
- Type: string
(Optional) The service account to impersonate for accessing the State Bucket.
You must have roles/iam.serviceAccountTokenCreator role on that account for the impersonation to succeed. If you are using a delegation chain, you can specify that using the impersonate_service_account_delegates field. Alternatively, this can be specified using the GOOGLE_IMPERSONATE_SERVICE_ACCOUNT environment variable.
impersonateServiceAccountDelegatesOptional
public readonly impersonateServiceAccountDelegates: string[];
- Type: string[]
(Optional) The delegation chain for an impersonating a service account.
kmsEncryptionKeyOptional
public readonly kmsEncryptionKey: string;
- Type: string
(Optional) A Cloud KMS key ('customer-managed encryption key') used when reading and writing state files in the bucket.
Format should be projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{name}}. For more information, including IAM requirements, see {@link https://cloud.google.com/storage/docs/encryption/customer-managed-keys Customer-managed Encryption Keys}.
prefixOptional
public readonly prefix: string;
- Type: string
(Optional) GCS prefix inside the bucket.
Named states for workspaces are stored in an object called < prefix >/< name >.tfstate.
storeageCustomEndpointOptional
public readonly storeageCustomEndpoint: string;
- Type: string
(Optional) A URL containing three parts: the protocol, the DNS name pointing to a Private Service Connect endpoint, and the path for the Cloud Storage API (/storage/v1/b).
{@link https://developer.hashicorp.com/terraform/language/settings/backends/gcs#storage_custom_endpoint See here for more details}
HttpBackendConfig
Stores the state using a simple REST client.
State will be fetched via GET, updated via POST, and purged with DELETE. The method used for updating is configurable.
This backend optionally supports state locking. When locking support is enabled it will use LOCK and UNLOCK requests providing the lock info in the body. The endpoint should return a 423: Locked or 409: Conflict with the holding lock info when it's already taken, 200: OK for success. Any other status will be considered an error. The ID of the holding lock info will be added as a query parameter to state updates requests.
Read more about this backend in the Terraform docs: https://developer.hashicorp.com/terraform/language/settings/backends/http
Initializer
import { HttpBackendConfig } from 'cdktf'
const httpBackendConfig: HttpBackendConfig = { ... }
Properties
| Name | Type | Description |
|---|---|---|
address | string | (Required) The address of the REST endpoint. |
clientCaCertificatePem | string | (Optional) A PEM-encoded CA certificate chain used by the client to verify server certificates during TLS authentication. |
clientCertificatePem | string | (Optional) A PEM-encoded certificate used by the server to verify the client during mutual TLS (mTLS) authentication. |
clientPrivateKeyPem | string | (Optional) A PEM-encoded private key, required if client_certificate_pem is specified. |
lockAddress | string | (Optional) The address of the lock REST endpoint. |
lockMethod | string | (Optional) The HTTP method to use when locking. |
password | string | (Optional) The password for HTTP basic authentication. |
retryMax | number | (Optional) The number of HTTP request retries. |
retryWaitMax | number | (Optional) The maximum time in seconds to wait between HTTP request attempts. |
retryWaitMin | number | (Optional) The minimum time in seconds to wait between HTTP request attempts. |
skipCertVerification | boolean | (Optional) Whether to skip TLS verification. |
unlockAddress | string | (Optional) The address of the unlock REST endpoint. |
unlockMethod | string | (Optional) The HTTP method to use when unlocking. |
updateMethod | string | (Optional) HTTP method to use when updating state. |
username | string | (Optional) The username for HTTP basic authentication. |
addressRequired
public readonly address: string;
- Type: string
(Required) The address of the REST endpoint.
clientCaCertificatePemOptional
public readonly clientCaCertificatePem: string;
- Type: string
(Optional) A PEM-encoded CA certificate chain used by the client to verify server certificates during TLS authentication.
clientCertificatePemOptional
public readonly clientCertificatePem: string;
- Type: string
(Optional) A PEM-encoded certificate used by the server to verify the client during mutual TLS (mTLS) authentication.
clientPrivateKeyPemOptional
public readonly clientPrivateKeyPem: string;
- Type: string
(Optional) A PEM-encoded private key, required if client_certificate_pem is specified.
lockAddressOptional
public readonly lockAddress: string;
- Type: string
(Optional) The address of the lock REST endpoint.
Defaults to disabled.
lockMethodOptional
public readonly lockMethod: string;
- Type: string
(Optional) The HTTP method to use when locking.
Defaults to LOCK.
passwordOptional
public readonly password: string;
- Type: string
(Optional) The password for HTTP basic authentication.
retryMaxOptional
public readonly retryMax: number;
- Type: number
(Optional) The number of HTTP request retries.
Defaults to 2.
retryWaitMaxOptional
public readonly retryWaitMax: number;
- Type: number
(Optional) The maximum time in seconds to wait between HTTP request attempts.
Defaults to 30.
retryWaitMinOptional
public readonly retryWaitMin: number;
- Type: number
(Optional) The minimum time in seconds to wait between HTTP request attempts.
Defaults to 1.
skipCertVerificationOptional
public readonly skipCertVerification: boolean;
- Type: boolean
(Optional) Whether to skip TLS verification.
Defaults to false.
unlockAddressOptional
public readonly unlockAddress: string;
- Type: string
(Optional) The address of the unlock REST endpoint.
Defaults to disabled.
unlockMethodOptional
public readonly unlockMethod: string;
- Type: string
(Optional) The HTTP method to use when unlocking.
Defaults to UNLOCK.
updateMethodOptional
public readonly updateMethod: string;
- Type: string
(Optional) HTTP method to use when updating state.
Defaults to POST.
usernameOptional
public readonly username: string;
- Type: string
(Optional) The username for HTTP basic authentication.
LazyAnyValueOptions
Options for creating lazy untyped tokens.
Initializer
import { LazyAnyValueOptions } from 'cdktf'
const lazyAnyValueOptions: LazyAnyValueOptions = { ... }
Properties
| Name | Type | Description |
|---|---|---|
displayHint | string | Use the given name as a display hint. |
omitEmptyArray | boolean | If the produced value is an array and it is empty, return 'undefined' instead. |
displayHintOptional
public readonly displayHint: string;
- Type: string
- Default: No hint
Use the given name as a display hint.
omitEmptyArrayOptional
public readonly omitEmptyArray: boolean;
- Type: boolean
- Default: false
If the produced value is an array and it is empty, return 'undefined' instead.
LazyListValueOptions
Options for creating a lazy list token.
Initializer
import { LazyListValueOptions } from 'cdktf'
const lazyListValueOptions: LazyListValueOptions = { ... }
Properties
| Name | Type | Description |
|---|---|---|
displayHint | string | Use the given name as a display hint. |
omitEmpty | boolean | If the produced list is empty, return 'undefined' instead. |
displayHintOptional
public readonly displayHint: string;
- Type: string
- Default: No hint
Use the given name as a display hint.
omitEmptyOptional
public readonly omitEmpty: boolean;
- Type: boolean
- Default: false
If the produced list is empty, return 'undefined' instead.
LazyStringValueOptions
Options for creating a lazy string token.
Initializer
import { LazyStringValueOptions } from 'cdktf'
const lazyStringValueOptions: LazyStringValueOptions = { ... }
Properties
| Name | Type | Description |
|---|---|---|
displayHint | string | Use the given name as a display hint. |
displayHintOptional
public readonly displayHint: string;
- Type: string
- Default: No hint
Use the given name as a display hint.
LocalBackendConfig
The local backend stores state on the local filesystem, locks that state using system APIs, and performs operations locally.
Read more about this backend in the Terraform docs: https://developer.hashicorp.com/terraform/language/settings/backends/local
Initializer
import { LocalBackendConfig } from 'cdktf'
const localBackendConfig: LocalBackendConfig = { ... }
Properties
| Name | Type | Description |
|---|---|---|
path | string | Path where the state file is stored. |
workspaceDir | string | (Optional) The path to non-default workspaces. |
pathOptional
public readonly path: string;
- Type: string
- Default: defaults to terraform.${stackId}.tfstate
Path where the state file is stored.
workspaceDirOptional
public readonly workspaceDir: string;
- Type: string
(Optional) The path to non-default workspaces.
LocalExecProvisioner
The local-exec provisioner invokes a local executable after a resource is created.
This invokes a process on the machine running Terraform, not on the resource.
See {@link https://developer.hashicorp.com/terraform/language/resources/provisioners/local-exec local-exec}
Initializer
import { LocalExecProvisioner } from 'cdktf'
const localExecProvisioner: LocalExecProvisioner = { ... }
Properties
| Name | Type | Description |
|---|---|---|
command | string | This is the command to execute. |
type | string | No description. |
environment | {[ key: string ]: string} | A record of key value pairs representing the environment of the executed command. |
interpreter | string[] | If provided, this is a list of interpreter arguments used to execute the command. |
when | string | If provided, specifies when Terraform will execute the command. |
workingDir | string | If provided, specifies the working directory where command will be executed. |
commandRequired
public readonly command: string;
- Type: string
This is the command to execute.
It can be provided as a relative path to the current working directory or as an absolute path. It is evaluated in a shell, and can use environment variables or Terraform variables.
typeRequired
public readonly type: string;
- Type: string
environmentOptional
public readonly environment: {[ key: string ]: string};
- Type: {[ key: string ]: string}
A record of key value pairs representing the environment of the executed command.
It inherits the current process environment.
interpreterOptional
public readonly interpreter: string[];
- Type: string[]
If provided, this is a list of interpreter arguments used to execute the command.
The first argument is the interpreter itself. It can be provided as a relative path to the current working directory or as an absolute path The remaining arguments are appended prior to the command. This allows building command lines of the form "/bin/bash", "-c", "echo foo". If interpreter is unspecified, sensible defaults will be chosen based on the system OS.
whenOptional
public readonly when: string;
- Type: string
If provided, specifies when Terraform will execute the command.
For example, when = destroy specifies that the provisioner will run when the associated resource is destroyed
workingDirOptional
public readonly workingDir: string;
- Type: string
If provided, specifies the working directory where command will be executed.
It can be provided as a relative path to the current working directory or as an absolute path. The directory must exist.
OssAssumeRole
Initializer
import { OssAssumeRole } from 'cdktf'
const ossAssumeRole: OssAssumeRole = { ... }
Properties
| Name | Type | Description |
|---|---|---|
roleArn | string | No description. |
policy | string | No description. |
sessionExpiration | number | No description. |
sessionName | string | No description. |
roleArnRequired
public readonly roleArn: string;
- Type: string
policyOptional
public readonly policy: string;
- Type: string
sessionExpirationOptional
public readonly sessionExpiration: number;
- Type: number
sessionNameOptional
public readonly sessionName: string;
- Type: string
OssBackendConfig
Initializer
import { OssBackendConfig } from 'cdktf'
const ossBackendConfig: OssBackendConfig = { ... }
Properties
| Name | Type | Description |
|---|---|---|
bucket | string | (Required) The name of the OSS bucket. |
accessKey | string | (Optional) Alibaba Cloud access key. |
acl | string | (Optional) Object ACL to be applied to the state file. |
assumeRole | OssAssumeRole | No description. |
assumeRolePolicy | string | (Optional, Available in 1.1.0+) A more restrictive policy to apply to the temporary credentials. This gives you a way to further restrict the permissions for the resulting temporary security credentials. You cannot use this policy to grant permissions that exceed those of the role that is being assumed. |
assumeRoleRoleArn | string | (Optional, Available in 1.1.0+) The ARN of the role to assume. If ARN is set to an empty string, it does not perform role switching. It supports the environment variable ALICLOUD_ASSUME_ROLE_ARN. Terraform executes configuration on account with provided credentials. |
assumeRoleSessionExpiration | number | (Optional, Available in 1.1.0+) The time after which the established session for assuming role expires. Valid value range: [900-3600] seconds. Default to 3600 (in this case Alibaba Cloud uses its own default value). It supports environment variable ALICLOUD_ASSUME_ROLE_SESSION_EXPIRATION. |
assumeRoleSessionName | string | (Optional, Available in 1.1.0+) The session name to use when assuming the role. If omitted, 'terraform' is passed to the AssumeRole call as session name. It supports environment variable ALICLOUD_ASSUME_ROLE_SESSION_NAME. |
ecsRoleName | string | (Optional, Available in 0.12.14+) The RAM Role Name attached on a ECS instance for API operations. You can retrieve this from the 'Access Control' section of the Alibaba Cloud console. |
encrypt | boolean | (Optional) Whether to enable server side encryption of the state file. |
endpoint | string | (Optional) A custom endpoint for the OSS API. |
key | string | (Optional) The name of the state file. |
prefix | string | (Optional) The path directory of the state file will be stored. |
profile | string | (Optional, Available in 0.12.8+) This is the Alibaba Cloud profile name as set in the shared credentials file. It can also be sourced from the ALICLOUD_PROFILE environment variable. |
region | string | (Optional) The region of the OSS bucket. |
secretKey | string | (Optional) Alibaba Cloud secret access key. |
securityToken | string | (Optional) STS access token. |
sharedCredentialsFile | string | (Optional, Available in 0.12.8+) This is the path to the shared credentials file. It can also be sourced from the ALICLOUD_SHARED_CREDENTIALS_FILE environment variable. If this is not set and a profile is specified, ~/.aliyun/config.json will be used. |
stsEndpoint | string | (Optional, Available in 1.0.11+) Custom endpoint for the AliCloud Security Token Service (STS) API. It supports environment variable ALICLOUD_STS_ENDPOINT. |
tablestoreEndpoint | string | (Optional) A custom endpoint for the TableStore API. |
tablestoreTable | string | (Optional) A TableStore table for state locking and consistency. |
bucketRequired
public readonly bucket: string;
- Type: string
(Required) The name of the OSS bucket.
accessKeyOptional
public readonly accessKey: string;
- Type: string
(Optional) Alibaba Cloud access key.
It supports environment variables ALICLOUD_ACCESS_KEY and ALICLOUD_ACCESS_KEY_ID.
aclOptional
public readonly acl: string;
- Type: string
(Optional) Object ACL to be applied to the state file.
assumeRole
assumeRole- Deprecated: Use flattened assume role options
public readonly assumeRole: OssAssumeRole;
- Type: OssAssumeRole
assumeRolePolicyOptional
public readonly assumeRolePolicy: string;
- Type: string
(Optional, Available in 1.1.0+) A more restrictive policy to apply to the temporary credentials. This gives you a way to further restrict the permissions for the resulting temporary security credentials. You cannot use this policy to grant permissions that exceed those of the role that is being assumed.
assumeRoleRoleArnOptional
public readonly assumeRoleRoleArn: string;
- Type: string
(Optional, Available in 1.1.0+) The ARN of the role to assume. If ARN is set to an empty string, it does not perform role switching. It supports the environment variable ALICLOUD_ASSUME_ROLE_ARN. Terraform executes configuration on account with provided credentials.
assumeRoleSessionExpirationOptional
public readonly assumeRoleSessionExpiration: number;
- Type: number
(Optional, Available in 1.1.0+) The time after which the established session for assuming role expires. Valid value range: [900-3600] seconds. Default to 3600 (in this case Alibaba Cloud uses its own default value). It supports environment variable ALICLOUD_ASSUME_ROLE_SESSION_EXPIRATION.
assumeRoleSessionNameOptional
public readonly assumeRoleSessionName: string;
- Type: string
(Optional, Available in 1.1.0+) The session name to use when assuming the role. If omitted, 'terraform' is passed to the AssumeRole call as session name. It supports environment variable ALICLOUD_ASSUME_ROLE_SESSION_NAME.
ecsRoleNameOptional
public readonly ecsRoleName: string;
- Type: string
(Optional, Available in 0.12.14+) The RAM Role Name attached on a ECS instance for API operations. You can retrieve this from the 'Access Control' section of the Alibaba Cloud console.
encryptOptional
public readonly encrypt: boolean;
- Type: boolean
(Optional) Whether to enable server side encryption of the state file.
If it is true, OSS will use 'AES256' encryption algorithm to encrypt state file.
endpointOptional
public readonly endpoint: string;
- Type: string
(Optional) A custom endpoint for the OSS API.
It supports environment variables ALICLOUD_OSS_ENDPOINT and OSS_ENDPOINT.
keyOptional
public readonly key: string;
- Type: string
(Optional) The name of the state file.
Defaults to terraform.tfstate.
prefixOptional
public readonly prefix: string;
- Type: string
(Optional) The path directory of the state file will be stored.
Default to "env:".
profileOptional
public readonly profile: string;
- Type: string
(Optional, Available in 0.12.8+) This is the Alibaba Cloud profile name as set in the shared credentials file. It can also be sourced from the ALICLOUD_PROFILE environment variable.
regionOptional
public readonly region: string;
- Type: string
(Optional) The region of the OSS bucket.
It supports environment variables ALICLOUD_REGION and ALICLOUD_DEFAULT_REGION.
secretKeyOptional
public readonly secretKey: string;
- Type: string
(Optional) Alibaba Cloud secret access key.
It supports environment variables ALICLOUD_SECRET_KEY and ALICLOUD_ACCESS_KEY_SECRET.
securityTokenOptional
public readonly securityToken: string;
- Type: string
(Optional) STS access token.
It supports environment variable ALICLOUD_SECURITY_TOKEN.
sharedCredentialsFileOptional
public readonly sharedCredentialsFile: string;
- Type: string
(Optional, Available in 0.12.8+) This is the path to the shared credentials file. It can also be sourced from the ALICLOUD_SHARED_CREDENTIALS_FILE environment variable. If this is not set and a profile is specified, ~/.aliyun/config.json will be used.
stsEndpointOptional
public readonly stsEndpoint: string;
- Type: string
(Optional, Available in 1.0.11+) Custom endpoint for the AliCloud Security Token Service (STS) API. It supports environment variable ALICLOUD_STS_ENDPOINT.
tablestoreEndpointOptional
public readonly tablestoreEndpoint: string;
- Type: string
(Optional) A custom endpoint for the TableStore API.
tablestoreTableOptional
public readonly tablestoreTable: string;
- Type: string
(Optional) A TableStore table for state locking and consistency.
The table must have a primary key named LockID of type String.
PgBackendConfig
Initializer
import { PgBackendConfig } from 'cdktf'
const pgBackendConfig: PgBackendConfig = { ... }
Properties
| Name | Type | Description |
|---|---|---|
connStr | string | Postgres connection string; |
schemaName | string | Name of the automatically-managed Postgres schema, default to terraform_remote_state. |
skipIndexCreation | boolean | If set to true, the Postgres index must already exist. |
skipSchemaCreation | boolean | If set to true, the Postgres schema must already exist. |
skipTableCreation | boolean | If set to true, the Postgres table must already exist. |
connStrRequired
public readonly connStr: string;
- Type: string
Postgres connection string;
a postgres:// URL. The PG_CONN_STR and standard libpq environment variables can also be used to indicate how to connect to the PostgreSQL database.
schemaNameOptional
public readonly schemaName: string;
- Type: string
Name of the automatically-managed Postgres schema, default to terraform_remote_state.
Can also be set using the PG_SCHEMA_NAME environment variable.
skipIndexCreationOptional
public readonly skipIndexCreation: boolean;
- Type: boolean
If set to true, the Postgres index must already exist.
Can also be set using the PG_SKIP_INDEX_CREATION environment variable. Terraform won't try to create the index, this is useful when it has already been created by a database administrator.
skipSchemaCreationOptional
public readonly skipSchemaCreation: boolean;
- Type: boolean
If set to true, the Postgres schema must already exist.
Can also be set using the PG_SKIP_SCHEMA_CREATION environment variable. Terraform won't try to create the schema, this is useful when it has already been created by a database administrator.
skipTableCreationOptional
public readonly skipTableCreation: boolean;
- Type: boolean
If set to true, the Postgres table must already exist.
Can also be set using the PG_SKIP_TABLE_CREATION environment variable. Terraform won't try to create the table, this is useful when it has already been created by a database administrator.
Postcondition
Terraform checks a postcondition after evaluating the object it is associated with.
Initializer
import { Postcondition } from 'cdktf'
const postcondition: Postcondition = { ... }
Properties
| Name | Type | Description |
|---|---|---|
condition | any | This is a boolean expression that should return true if the intended assumption or guarantee is fulfilled or false if it does not. |
errorMessage | string | This contains the text that Terraform will include as part of error messages when it detects an unmet condition. |
conditionRequired
public readonly condition: any;
- Type: any
This is a boolean expression that should return true if the intended assumption or guarantee is fulfilled or false if it does not.
errorMessageRequired
public readonly errorMessage: string;
- Type: string
This contains the text that Terraform will include as part of error messages when it detects an unmet condition.
Precondition
Terraform checks a precondition before evaluating the object it is associated with.
Initializer
import { Precondition } from 'cdktf'
const precondition: Precondition = { ... }
Properties
| Name | Type | Description |
|---|---|---|
condition | any | This is a boolean expression that should return true if the intended assumption or guarantee is fulfilled or false if it does not. |
errorMessage | string | This contains the text that Terraform will include as part of error messages when it detects an unmet condition. |
conditionRequired
public readonly condition: any;
- Type: any
This is a boolean expression that should return true if the intended assumption or guarantee is fulfilled or false if it does not.
errorMessageRequired
public readonly errorMessage: string;
- Type: string
This contains the text that Terraform will include as part of error messages when it detects an unmet condition.
RemoteBackendConfig
Initializer
import { RemoteBackendConfig } from 'cdktf'
const remoteBackendConfig: RemoteBackendConfig = { ... }
Properties
| Name | Type | Description |
|---|---|---|
organization | string | No description. |
workspaces | IRemoteWorkspace | No description. |
hostname | string | No description. |
token | string | No description. |
organizationRequired
public readonly organization: string;
- Type: string
workspacesRequired
public readonly workspaces: IRemoteWorkspace;
- Type: IRemoteWorkspace
hostnameOptional
public readonly hostname: string;
- Type: string
tokenOptional
public readonly token: string;
- Type: string
RemoteExecProvisioner
The remote-exec provisioner invokes a script on a remote resource after it is created.
This can be used to run a configuration management tool, bootstrap into a cluster, etc The remote-exec provisioner requires a connection and supports both ssh and winrm.
See {@link https://developer.hashicorp.com/terraform/language/resources/provisioners/remote-exec remote-exec}
Initializer
import { RemoteExecProvisioner } from 'cdktf'
const remoteExecProvisioner: RemoteExecProvisioner = { ... }
Properties
| Name | Type | Description |
|---|---|---|
type | string | No description. |
connection | SSHProvisionerConnection | WinrmProvisionerConnection | Most provisioners require access to the remote resource via SSH or WinRM and expect a nested connection block with details about how to connect. |
inline | string[] | This is a list of command strings. |
script | string | This is a path (relative or absolute) to a local script that will be copied to the remote resource and then executed. |
scripts | string[] | This is a list of paths (relative or absolute) to local scripts that will be copied to the remote resource and then executed. |
typeRequired
public readonly type: string;
- Type: string
connectionOptional
public readonly connection: SSHProvisionerConnection | WinrmProvisionerConnection;
Most provisioners require access to the remote resource via SSH or WinRM and expect a nested connection block with details about how to connect.
A connection must be provided here or in the parent resource.
inlineOptional
public readonly inline: string[];
- Type: string[]
This is a list of command strings.
They are executed in the order they are provided. This cannot be provided with script or scripts.
scriptOptional
public readonly script: string;
- Type: string
This is a path (relative or absolute) to a local script that will be copied to the remote resource and then executed.
This cannot be provided with inline or scripts.
scriptsOptional
public readonly scripts: string[];
- Type: string[]
This is a list of paths (relative or absolute) to local scripts that will be copied to the remote resource and then executed.
They are executed in the order they are provided. This cannot be provided with inline or script.
ResolveOptions
Options to the resolve() operation.
NOT the same as the ResolveContext; ResolveContext is exposed to Token implementors and resolution hooks, whereas this struct is just to bundle a number of things that would otherwise be arguments to resolve() in a readable way.
Initializer
import { ResolveOptions } from 'cdktf'
const resolveOptions: ResolveOptions = { ... }
Properties
| Name | Type | Description |
|---|---|---|
resolver | ITokenResolver | The resolver to apply to any resolvable tokens found. |
scope | constructs.IConstruct | The scope from which resolution is performed. |
preparing | boolean | Whether the resolution is being executed during the prepare phase or not. |
resolverRequired
public readonly resolver: ITokenResolver;
- Type: ITokenResolver
The resolver to apply to any resolvable tokens found.
scopeRequired
public readonly scope: IConstruct;
- Type: constructs.IConstruct
The scope from which resolution is performed.
preparingOptional
public readonly preparing: boolean;
- Type: boolean
- Default: false
Whether the resolution is being executed during the prepare phase or not.
S3BackendAssumeRoleConfig
Initializer
import { S3BackendAssumeRoleConfig } from 'cdktf'
const s3BackendAssumeRoleConfig: S3BackendAssumeRoleConfig = { ... }
Properties
| Name | Type | Description |
|---|---|---|
roleArn | string | (Required) Amazon Resource Name (ARN) of the IAM Role to assume. |
duration | string | (Optional) The duration individual credentials will be valid. |
externalId | string | (Optional) External identifier to use when assuming the role. |
policy | string | (Optional) IAM Policy JSON describing further restricting permissions for the IAM Role being assumed. |
policyArns | string[] | (Optional) Set of Amazon Resource Names (ARNs) of IAM Policies describing further restricting permissions for the IAM Role being assumed. |
sessionName | string | (Optional) Session name to use when assuming the role. |
sourceIdentity | string | (Optional) Source identity specified by the principal assuming the. |
tags | {[ key: string ]: string} | (Optional) Map of assume role session tags. |
transitiveTagKeys | string[] | (Optional) Set of assume role session tag keys to pass to any subsequent sessions. |
roleArnRequired
public readonly roleArn: string;
- Type: string
(Required) Amazon Resource Name (ARN) of the IAM Role to assume.
durationOptional
public readonly duration: string;
- Type: string
(Optional) The duration individual credentials will be valid.
Credentials are automatically renewed up to the maximum defined by the AWS account. Specified using the format < hours >h< minutes >m< seconds >s with any unit being optional. For example, an hour and a half can be specified as 1h30m or 90m. Must be between 15 minutes (15m) and 12 hours (12h).
externalIdOptional
public readonly externalId: string;
- Type: string
(Optional) External identifier to use when assuming the role.
policyOptional
public readonly policy: string;
- Type: string
(Optional) IAM Policy JSON describing further restricting permissions for the IAM Role being assumed.
policyArnsOptional
public readonly policyArns: string[];
- Type: string[]
(Optional) Set of Amazon Resource Names (ARNs) of IAM Policies describing further restricting permissions for the IAM Role being assumed.
sessionNameOptional
public readonly sessionName: string;
- Type: string
(Optional) Session name to use when assuming the role.
sourceIdentityOptional
public readonly sourceIdentity: string;
- Type: string
(Optional) Source identity specified by the principal assuming the.
tagsOptional
public readonly tags: {[ key: string ]: string};
- Type: {[ key: string ]: string}
(Optional) Map of assume role session tags.
transitiveTagKeysOptional
public readonly transitiveTagKeys: string[];
- Type: string[]
(Optional) Set of assume role session tag keys to pass to any subsequent sessions.
S3BackendAssumeRoleWithWebIdentityConfig
Initializer
import { S3BackendAssumeRoleWithWebIdentityConfig } from 'cdktf'
const s3BackendAssumeRoleWithWebIdentityConfig: S3BackendAssumeRoleWithWebIdentityConfig = { ... }
Properties
| Name | Type | Description |
|---|---|---|
duration | string | (Optional) The duration individual credentials will be valid. |
policy | string | (Optional) IAM Policy JSON describing further restricting permissions for the IAM Role being assumed. |
policyArns | string[] | (Optional) Set of Amazon Resource Names (ARNs) of IAM Policies describing further restricting permissions for the IAM Role being assumed. |
roleArn | string | (Required) Amazon Resource Name (ARN) of the IAM Role to assume. |
sessionName | string | (Optional) Session name to use when assuming the role. |
webIdentityToken | string | (Optional) The value of a web identity token from an OpenID Connect (OIDC) or OAuth provider. |
webIdentityTokenFile | string | (Optional) File containing a web identity token from an OpenID Connect (OIDC) or OAuth provider. |
durationOptional
public readonly duration: string;
- Type: string
(Optional) The duration individual credentials will be valid.
Credentials are automatically renewed up to the maximum defined by the AWS account. Specified using the format < hours >h< minutes >m< seconds >s with any unit being optional. For example, an hour and a half can be specified as 1h30m or 90m. Must be between 15 minutes (15m) and 12 hours (12h).
policyOptional
public readonly policy: string;
- Type: string
(Optional) IAM Policy JSON describing further restricting permissions for the IAM Role being assumed.
policyArnsOptional
public readonly policyArns: string[];
- Type: string[]
(Optional) Set of Amazon Resource Names (ARNs) of IAM Policies describing further restricting permissions for the IAM Role being assumed.
roleArnOptional
public readonly roleArn: string;
- Type: string
(Required) Amazon Resource Name (ARN) of the IAM Role to assume.
Can also be set with the AWS_ROLE_ARN environment variable.
sessionNameOptional
public readonly sessionName: string;
- Type: string
(Optional) Session name to use when assuming the role.
Can also be set with the AWS_ROLE_SESSION_NAME environment variable.
webIdentityTokenOptional
public readonly webIdentityToken: string;
- Type: string
(Optional) The value of a web identity token from an OpenID Connect (OIDC) or OAuth provider.
One of web_identity_token or web_identity_token_file is required.
webIdentityTokenFileOptional
public readonly webIdentityTokenFile: string;
- Type: string
(Optional) File containing a web identity token from an OpenID Connect (OIDC) or OAuth provider.
One of web_identity_token_file or web_identity_token is required. Can also be set with the AWS_WEB_IDENTITY_TOKEN_FILE environment variable.
S3BackendConfig
Stores the state as a given key in a given bucket on Amazon S3.
This backend also supports state locking and consistency checking via Dynamo DB, which can be enabled by setting the dynamodb_table field to an existing DynamoDB table name. A single DynamoDB table can be used to lock multiple remote state files. Terraform generates key names that include the values of the bucket and key variables.
Warning! It is highly recommended that you enable Bucket Versioning on the S3 bucket to allow for state recovery in the case of accidental deletions and human error.
Read more about this backend in the Terraform docs: https://developer.hashicorp.com/terraform/language/settings/backends/s3
Initializer
import { S3BackendConfig } from 'cdktf'
const s3BackendConfig: S3BackendConfig = { ... }
Properties
| Name | Type | Description |
|---|---|---|
bucket | string | Name of the S3 Bucket. |
key | string | Path to the state file inside the S3 Bucket. |
accessKey | string | (Optional) AWS access key. |
acl | string | (Optional) Canned ACL to be applied to the state file. |
allowedAccountIds | string[] | (Optional) List of allowed AWS account IDs to prevent potential destruction of a live environment. |
assumeRole | S3BackendAssumeRoleConfig | Assuming an IAM Role can be configured in two ways. |
assumeRolePolicy | string | (Optional) IAM Policy JSON describing further restricting permissions for the IAM Role being assumed. |
assumeRolePolicyArns | string[] | (Optional) Set of Amazon Resource Names (ARNs) of IAM Policies describing further restricting permissions for the IAM Role being assumed. |
assumeRoleTags | {[ key: string ]: string} | (Optional) Map of assume role session tags. |
assumeRoleTransitiveTagKeys | string[] | (Optional) Set of assume role session tag keys to pass to any subsequent sessions. |
assumeRoleWithWebIdentity | S3BackendAssumeRoleWithWebIdentityConfig | Assume Role With Web Identity Configuration. |
customCaBundle | string | (Optional) File containing custom root and intermediate certificates. |
dynamodbEndpoint | string | (Optional) Custom endpoint for the AWS DynamoDB API. |
dynamodbTable | string | (Optional) Name of DynamoDB Table to use for state locking and consistency. |
ec2MetadataServiceEndpoint | string | Optional) Custom endpoint URL for the EC2 Instance Metadata Service (IMDS) API. |
ec2MetadataServiceEndpointMode | string | (Optional) Mode to use in communicating with the metadata service. |
encrypt | boolean | (Optional) Enable server side encryption of the state file. |
endpoint | string | (Optional) Custom endpoint for the AWS S3 API. |
endpoints | S3BackendEndpointConfig | (Optional) The endpoint configuration block. |
externalId | string | (Optional) External identifier to use when assuming the role. |
forbiddenAccountIds | string[] | (Optional) List of forbidden AWS account IDs to prevent potential destruction of a live environment. |
forcePathStyle | boolean | (Optional) Enable path-style S3 URLs (https://< HOST >/< BUCKET > instead of https://< BUCKET >.< HOST >). |
httpProxy | string | (Optional) URL of a proxy to use for HTTP requests when accessing the AWS API. |
httpsProxy | string | (Optional) URL of a proxy to use for HTTPS requests when accessing the AWS API. |
iamEndpoint | string | (Optional) Custom endpoint for the AWS Identity and Access Management (IAM) API. |
insecure | boolean | Optional) Whether to explicitly allow the backend to perform "insecure" SSL requests. |
kmsKeyId | string | (Optional) Amazon Resource Name (ARN) of a Key Management Service (KMS) Key to use for encrypting the state. |
maxRetries | number | (Optional) The maximum number of times an AWS API request is retried on retryable failure. |
noProxy | string | (Optional) Comma-separated list of hosts that should not use HTTP or HTTPS proxies. |
profile | string | (Optional) Name of AWS profile in AWS shared credentials file (e.g. ~/.aws/credentials) or AWS shared configuration file (e.g. ~/.aws/config) to use for credentials and/or configuration. This can also be sourced from the AWS_PROFILE environment variable. |
region | string | AWS Region of the S3 Bucket and DynamoDB Table (if used). |
retryMode | string | (Optional) Specifies how retries are attempted. |
roleArn | string | (Optional) Amazon Resource Name (ARN) of the IAM Role to assume. |
secretKey | string | (Optional) AWS secret access key. |
sessionName | string | (Optional) Session name to use when assuming the role. |
sharedConfigFiles | string[] | (Optional) List of paths to AWS shared configuration files. |
sharedCredentialsFile | string | (Optional) Path to the AWS shared credentials file. |
sharedCredentialsFiles | string[] | (Optional) List of paths to AWS shared credentials files. |
skipCredentialsValidation | boolean | (Optional) Skip credentials validation via the STS API. |
skipMetadataApiCheck | boolean | (Optional) Skip usage of EC2 Metadata API. |
skipRegionValidation | boolean | (Optional) Skip validation of provided region name. |
skipRequestingAccountId | boolean | (Optional) Whether to skip requesting the account ID. |
skipS3Checksum | boolean | (Optional) Do not include checksum when uploading S3 Objects. |
sseCustomerKey | string | (Optional) The key to use for encrypting state with Server-Side Encryption with Customer-Provided Keys (SSE-C). |
stsEndpoint | string | (Optional) Custom endpoint for the AWS Security Token Service (STS) API. |
stsRegion | string | (Optional) AWS region for STS. |
token | string | (Optional) Multi-Factor Authentication (MFA) token. |
useLegacyWorkflow | boolean | (Optional) Use the legacy authentication workflow, preferring environment variables over backend configuration. |
usePathStyle | boolean | (Optional) Enable path-style S3 URLs (https://< HOST >/< BUCKET > instead of https://< BUCKET >.< HOST >). |
workspaceKeyPrefix | string | (Optional) Prefix applied to the state path inside the bucket. |
bucketRequired
public readonly bucket: string;
- Type: string
Name of the S3 Bucket.
keyRequired
public readonly key: string;
- Type: string
Path to the state file inside the S3 Bucket.
When using a non-default workspace, the state path will be /workspace_key_prefix/workspace_name/key
accessKeyOptional
public readonly accessKey: string;
- Type: string
(Optional) AWS access key.
If configured, must also configure secret_key. This can also be sourced from the AWS_ACCESS_KEY_ID environment variable, AWS shared credentials file (e.g. ~/.aws/credentials), or AWS shared configuration file (e.g. ~/.aws/config).
aclOptional
public readonly acl: string;
- Type: string
(Optional) Canned ACL to be applied to the state file.
allowedAccountIdsOptional
public readonly allowedAccountIds: string[];
- Type: string[]
(Optional) List of allowed AWS account IDs to prevent potential destruction of a live environment.
Conflicts with forbidden_account_ids.
assumeRoleOptional
public readonly assumeRole: S3BackendAssumeRoleConfig;
Assuming an IAM Role can be configured in two ways.
The preferred way is to use the argument assume_role, the other, which is deprecated, is with arguments at the top level.
assumeRolePolicy
assumeRolePolicy- Deprecated: Use assumeRole.policy instead.
public readonly assumeRolePolicy: string;
- Type: string
(Optional) IAM Policy JSON describing further restricting permissions for the IAM Role being assumed.
assumeRolePolicyArns
assumeRolePolicyArns- Deprecated: Use assumeRole.policyArns instead.
public readonly assumeRolePolicyArns: string[];
- Type: string[]
(Optional) Set of Amazon Resource Names (ARNs) of IAM Policies describing further restricting permissions for the IAM Role being assumed.
assumeRoleTags
assumeRoleTags- Deprecated: Use assumeRole.tags instead.
public readonly assumeRoleTags: {[ key: string ]: string};
- Type: {[ key: string ]: string}
(Optional) Map of assume role session tags.
assumeRoleTransitiveTagKeys
assumeRoleTransitiveTagKeys- Deprecated: Use assumeRole.transitiveTagKeys instead.
public readonly assumeRoleTransitiveTagKeys: string[];
- Type: string[]
(Optional) Set of assume role session tag keys to pass to any subsequent sessions.
assumeRoleWithWebIdentityOptional
public readonly assumeRoleWithWebIdentity: S3BackendAssumeRoleWithWebIdentityConfig;
Assume Role With Web Identity Configuration.
customCaBundleOptional
public readonly customCaBundle: string;
- Type: string
(Optional) File containing custom root and intermediate certificates.
Can also be set using the AWS_CA_BUNDLE environment variable. Setting ca_bundle in the shared config file is not supported.
dynamodbEndpoint
dynamodbEndpoint- Deprecated: Use endpoints.dynamodb instead
public readonly dynamodbEndpoint: string;
- Type: string
(Optional) Custom endpoint for the AWS DynamoDB API.
This can also be sourced from the AWS_DYNAMODB_ENDPOINT environment variable.
dynamodbTableOptional
public readonly dynamodbTable: string;
- Type: string
(Optional) Name of DynamoDB Table to use for state locking and consistency.
The table must have a partition key named LockID with type of String. If not configured, state locking will be disabled.
ec2MetadataServiceEndpointOptional
public readonly ec2MetadataServiceEndpoint: string;
- Type: string
Optional) Custom endpoint URL for the EC2 Instance Metadata Service (IMDS) API.
Can also be set with the AWS_EC2_METADATA_SERVICE_ENDPOINT environment variable.
ec2MetadataServiceEndpointModeOptional
public readonly ec2MetadataServiceEndpointMode: string;
- Type: string
(Optional) Mode to use in communicating with the metadata service.
Valid values are IPv4 and IPv6. Can also be set with the AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE environment variable.
encryptOptional
public readonly encrypt: boolean;
- Type: boolean
(Optional) Enable server side encryption of the state file.
endpoint
endpoint- Deprecated: Use endpoints.s3 instead
public readonly endpoint: string;
- Type: string
(Optional) Custom endpoint for the AWS S3 API.
This can also be sourced from the AWS_S3_ENDPOINT environment variable.
endpointsOptional
public readonly endpoints: S3BackendEndpointConfig;
- Type: S3BackendEndpointConfig
(Optional) The endpoint configuration block.
externalId
externalId- Deprecated: Use assume_role.external_id instead.
public readonly externalId: string;
- Type: string
(Optional) External identifier to use when assuming the role.
forbiddenAccountIdsOptional
public readonly forbiddenAccountIds: string[];
- Type: string[]
(Optional) List of forbidden AWS account IDs to prevent potential destruction of a live environment.
Conflicts with allowed_account_ids.
forcePathStyle
forcePathStyle- Deprecated: Use usePathStyle instead
public readonly forcePathStyle: boolean;
- Type: boolean
(Optional) Enable path-style S3 URLs (https://< HOST >/< BUCKET > instead of https://< BUCKET >.< HOST >).
httpProxyOptional
public readonly httpProxy: string;
- Type: string
(Optional) URL of a proxy to use for HTTP requests when accessing the AWS API.
Can also be set using the HTTP_PROXY or http_proxy environment variables.
httpsProxyOptional
public readonly httpsProxy: string;
- Type: string
(Optional) URL of a proxy to use for HTTPS requests when accessing the AWS API.
Can also be set using the HTTPS_PROXY or https_proxy environment variables.
iamEndpoint
iamEndpoint- Deprecated: Use endpoints.iam instead
public readonly iamEndpoint: string;
- Type: string
(Optional) Custom endpoint for the AWS Identity and Access Management (IAM) API.
This can also be sourced from the AWS_IAM_ENDPOINT environment variable.
insecureOptional
public readonly insecure: boolean;
- Type: boolean
Optional) Whether to explicitly allow the backend to perform "insecure" SSL requests.
If omitted, the default value is false.
kmsKeyIdOptional
public readonly kmsKeyId: string;
- Type: string
(Optional) Amazon Resource Name (ARN) of a Key Management Service (KMS) Key to use for encrypting the state.
Note that if this value is specified, Terraform will need kms:Encrypt, kms:Decrypt and kms:GenerateDataKey permissions on this KMS key.
maxRetriesOptional
public readonly maxRetries: number;
- Type: number
(Optional) The maximum number of times an AWS API request is retried on retryable failure.
Defaults to 5.
noProxyOptional
public readonly noProxy: string;
- Type: string
(Optional) Comma-separated list of hosts that should not use HTTP or HTTPS proxies.
Each value can be one of:
- A domain name
- An IP address
- A CIDR address
- An asterisk (*), to indicate that no proxying should be performed Domain name and IP address values can also include a port number. Can also be set using the NO_PROXY or no_proxy environment variables.
profileOptional
public readonly profile: string;
- Type: string
(Optional) Name of AWS profile in AWS shared credentials file (e.g. ~/.aws/credentials) or AWS shared configuration file (e.g. ~/.aws/config) to use for credentials and/or configuration. This can also be sourced from the AWS_PROFILE environment variable.
regionOptional
public readonly region: string;
- Type: string
AWS Region of the S3 Bucket and DynamoDB Table (if used).
This can also be sourced from the AWS_DEFAULT_REGION and AWS_REGION environment variables.
retryModeOptional
public readonly retryMode: string;
- Type: string
(Optional) Specifies how retries are attempted.
Valid values are standard and adaptive. Can also be configured using the AWS_RETRY_MODE environment variable or the shared config file parameter retry_mode.
roleArn
roleArn- Deprecated: Use assumeRole.roleArn instead.
public readonly roleArn: string;
- Type: string
(Optional) Amazon Resource Name (ARN) of the IAM Role to assume.
secretKeyOptional
public readonly secretKey: string;
- Type: string
(Optional) AWS secret access key.
If configured, must also configure access_key. This can also be sourced from the AWS_SECRET_ACCESS_KEY environment variable, AWS shared credentials file (e.g. ~/.aws/credentials), or AWS shared configuration file (e.g. ~/.aws/config)
sessionName
sessionName- Deprecated: Use assumeRole.sessionName instead.
public readonly sessionName: string;
- Type: string
(Optional) Session name to use when assuming the role.
sharedConfigFilesOptional
public readonly sharedConfigFiles: string[];
- Type: string[]
(Optional) List of paths to AWS shared configuration files.
Defaults to ~/.aws/config.
sharedCredentialsFileOptional
public readonly sharedCredentialsFile: string;
- Type: string
(Optional) Path to the AWS shared credentials file.
Defaults to ~/.aws/credentials.
sharedCredentialsFilesOptional
public readonly sharedCredentialsFiles: string[];
- Type: string[]
(Optional) List of paths to AWS shared credentials files.
Defaults to ~/.aws/credentials.
skipCredentialsValidationOptional
public readonly skipCredentialsValidation: boolean;
- Type: boolean
(Optional) Skip credentials validation via the STS API.
skipMetadataApiCheckOptional
public readonly skipMetadataApiCheck: boolean;
- Type: boolean
(Optional) Skip usage of EC2 Metadata API.
skipRegionValidationOptional
public readonly skipRegionValidation: boolean;
- Type: boolean
(Optional) Skip validation of provided region name.
skipRequestingAccountIdOptional
public readonly skipRequestingAccountId: boolean;
- Type: boolean
(Optional) Whether to skip requesting the account ID.
Useful for AWS API implementations that do not have the IAM, STS API, or metadata API.
skipS3ChecksumOptional
public readonly skipS3Checksum: boolean;
- Type: boolean
(Optional) Do not include checksum when uploading S3 Objects.
Useful for some S3-Compatible APIs.
sseCustomerKeyOptional
public readonly sseCustomerKey: string;
- Type: string
(Optional) The key to use for encrypting state with Server-Side Encryption with Customer-Provided Keys (SSE-C).
This is the base64-encoded value of the key, which must decode to 256 bits. This can also be sourced from the AWS_SSE_CUSTOMER_KEY environment variable, which is recommended due to the sensitivity of the value. Setting it inside a terraform file will cause it to be persisted to disk in terraform.tfstate.
stsEndpoint
stsEndpoint- Deprecated: Use endpoints.sts instead
public readonly stsEndpoint: string;
- Type: string
(Optional) Custom endpoint for the AWS Security Token Service (STS) API.
This can also be sourced from the AWS_STS_ENDPOINT environment variable.
stsRegionOptional
public readonly stsRegion: string;
- Type: string
(Optional) AWS region for STS.
If unset, AWS will use the same region for STS as other non-STS operations.
tokenOptional
public readonly token: string;
- Type: string
(Optional) Multi-Factor Authentication (MFA) token.
This can also be sourced from the AWS_SESSION_TOKEN environment variable.
useLegacyWorkflowOptional
public readonly useLegacyWorkflow: boolean;
- Type: boolean
(Optional) Use the legacy authentication workflow, preferring environment variables over backend configuration.
Defaults to true. This behavior does not align with the authentication flow of the AWS CLI or SDK's, and will be removed in the future.
usePathStyleOptional
public readonly usePathStyle: boolean;
- Type: boolean
(Optional) Enable path-style S3 URLs (https://< HOST >/< BUCKET > instead of https://< BUCKET >.< HOST >).
workspaceKeyPrefixOptional
public readonly workspaceKeyPrefix: string;
- Type: string
(Optional) Prefix applied to the state path inside the bucket.
This is only relevant when using a non-default workspace. Defaults to env:
S3BackendEndpointConfig
Initializer
import { S3BackendEndpointConfig } from 'cdktf'
const s3BackendEndpointConfig: S3BackendEndpointConfig = { ... }
Properties
| Name | Type | Description |
|---|---|---|
dynamodb | string | (Optional) Custom endpoint URL for the AWS DynamoDB API. |
iam | string | (Optional) Custom endpoint URL for the AWS IAM API. |
s3 | string | (Optional) Custom endpoint URL for the AWS S3 API. |
sso | string | (Optional) Custom endpoint URL for the AWS IAM Identity Center (formerly known as AWS SSO) API. |
sts | string | (Optional) Custom endpoint URL for the AWS STS API. |
dynamodbOptional
public readonly dynamodb: string;
- Type: string
(Optional) Custom endpoint URL for the AWS DynamoDB API.
This can also be sourced from the environment variable AWS_ENDPOINT_URL_DYNAMODB or the deprecated environment variable AWS_DYNAMODB_ENDPOINT.
iamOptional
public readonly iam: string;
- Type: string
(Optional) Custom endpoint URL for the AWS IAM API.
This can also be sourced from the environment variable AWS_ENDPOINT_URL_IAM or the deprecated environment variable AWS_IAM_ENDPOINT.
s3Optional
public readonly s3: string;
- Type: string
(Optional) Custom endpoint URL for the AWS S3 API.
This can also be sourced from the environment variable AWS_ENDPOINT_URL_S3 or the deprecated environment variable AWS_S3_ENDPOINT.
ssoOptional
public readonly sso: string;
- Type: string
(Optional) Custom endpoint URL for the AWS IAM Identity Center (formerly known as AWS SSO) API.
This can also be sourced from the environment variable AWS_ENDPOINT_URL_SSO.
stsOptional
public readonly sts: string;
- Type: string
(Optional) Custom endpoint URL for the AWS STS API.
This can also be sourced from the environment variable AWS_ENDPOINT_URL_STS or the deprecated environment variable AWS_STS_ENDPOINT.
SSHProvisionerConnection
Most provisioners require access to the remote resource via SSH or WinRM and expect a nested connection block with details about how to connect.
Refer to {@link https://developer.hashicorp.com/terraform/language/resources/provisioners/connection connection}
Initializer
import { SSHProvisionerConnection } from 'cdktf'
const sSHProvisionerConnection: SSHProvisionerConnection = { ... }
Properties
| Name | Type | Description |
|---|---|---|
host | string | The address of the resource to connect to. |
type | string | The connection type. |
agent | string | Set to false to disable using ssh-agent to authenticate. |
agentIdentity | string | The preferred identity from the ssh agent for authentication. |
bastionCertificate | string | The contents of a signed CA Certificate. |
bastionHost | string | Setting this enables the bastion Host connection. |
bastionHostKey | string | The public key from the remote host or the signing CA, used to verify the host connection. |
bastionPassword | string | The password to use for the bastion host. |
bastionPort | number | The port to use connect to the bastion host. |
bastionPrivateKey | string | The contents of an SSH key file to use for the bastion host. |
bastionUser | string | The user for the connection to the bastion host. |
certificate | string | The contents of a signed CA Certificate. |
hostKey | string | The public key from the remote host or the signing CA, used to verify the connection. |
password | string | The password to use for the connection. |
port | number | The port to connect to. |
privateKey | string | The contents of an SSH key to use for the connection. |
proxyHost | string | Setting this enables the SSH over HTTP connection. |
proxyPort | number | The port to use connect to the proxy host. |
proxyScheme | string | The ssh connection also supports the following fields to facilitate connections by SSH over HTTP proxy. |
proxyUserName | string | The username to use connect to the private proxy host. |
proxyUserPassword | string | The password to use connect to the private proxy host. |
scriptPath | string | The path used to copy scripts meant for remote execution. |
targetPlatform | string | The target platform to connect to. |
timeout | string | The timeout to wait for the connection to become available. |
user | string | The user to use for the connection. |
hostRequired
public readonly host: string;
- Type: string
The address of the resource to connect to.
typeRequired
public readonly type: string;
- Type: string
The connection type.
Valid values are "ssh" and "winrm". Provisioners typically assume that the remote system runs Microsoft Windows when using WinRM. Behaviors based on the SSH target_platform will force Windows-specific behavior for WinRM, unless otherwise specified.
agentOptional
public readonly agent: string;
- Type: string
Set to false to disable using ssh-agent to authenticate.
On Windows the only supported SSH authentication agent is Pageant.
agentIdentityOptional
public readonly agentIdentity: string;
- Type: string
The preferred identity from the ssh agent for authentication.
bastionCertificateOptional
public readonly bastionCertificate: string;
- Type: string
The contents of a signed CA Certificate.
The certificate argument must be used in conjunction with a bastion_private_key. These can be loaded from a file on disk using the the file function.
bastionHostOptional
public readonly bastionHost: string;
- Type: string
Setting this enables the bastion Host connection.
The provisioner will connect to bastion_host first, and then connect from there to host.
bastionHostKeyOptional
public readonly bastionHostKey: string;
- Type: string
The public key from the remote host or the signing CA, used to verify the host connection.
bastionPasswordOptional
public readonly bastionPassword: string;
- Type: string
The password to use for the bastion host.
bastionPortOptional
public readonly bastionPort: number;
- Type: number
The port to use connect to the bastion host.
bastionPrivateKeyOptional
public readonly bastionPrivateKey: string;
- Type: string
The contents of an SSH key file to use for the bastion host.
These can be loaded from a file on disk using the file function.
bastionUserOptional
public readonly bastionUser: string;
- Type: string
The user for the connection to the bastion host.
certificateOptional
public readonly certificate: string;
- Type: string
The contents of a signed CA Certificate.
The certificate argument must be used in conjunction with a private_key. These can be loaded from a file on disk using the the file function.
hostKeyOptional
public readonly hostKey: string;
- Type: string
The public key from the remote host or the signing CA, used to verify the connection.
passwordOptional
public readonly password: string;
- Type: string
The password to use for the connection.
portOptional
public readonly port: number;
- Type: number
- Default: 22
The port to connect to.
privateKeyOptional
public readonly privateKey: string;
- Type: string
The contents of an SSH key to use for the connection.
These can be loaded from a file on disk using the file function. This takes preference over password if provided.
proxyHostOptional
public readonly proxyHost: string;
- Type: string
Setting this enables the SSH over HTTP connection.
This host will be connected to first, and then the host or bastion_host connection will be made from there.
proxyPortOptional
public readonly proxyPort: number;
- Type: number
The port to use connect to the proxy host.
proxySchemeOptional
public readonly proxyScheme: string;
- Type: string
The ssh connection also supports the following fields to facilitate connections by SSH over HTTP proxy.
proxyUserNameOptional
public readonly proxyUserName: string;
- Type: string
The username to use connect to the private proxy host.
This argument should be specified only if authentication is required for the HTTP Proxy server.
proxyUserPasswordOptional
public readonly proxyUserPassword: string;
- Type: string
The password to use connect to the private proxy host.
This argument should be specified only if authentication is required for the HTTP Proxy server.
scriptPathOptional
public readonly scriptPath: string;
- Type: string
The path used to copy scripts meant for remote execution.
Refer to {@link https://developer.hashicorp.com/terraform/language/resources/provisioners/connection#how-provisioners-execute-remote-scripts How Provisioners Execute Remote Scripts below for more details}
targetPlatformOptional
public readonly targetPlatform: string;
- Type: string
- Default: unix
The target platform to connect to.
Valid values are "windows" and "unix". If the platform is set to windows, the default scriptpath is c:\windows\temp\terraform%RAND%.cmd, assuming the SSH default shell is cmd.exe. If the SSH default shell is PowerShell, set scriptpath to "c:/windows/temp/terraform%RAND%.ps1"
timeoutOptional
public readonly timeout: string;
- Type: string
- Default: 5m
The timeout to wait for the connection to become available.
Should be provided as a string (e.g., "30s" or "5m".)
userOptional
public readonly user: string;
- Type: string
- Default: root
The user to use for the connection.
StackAnnotation
Initializer
import { StackAnnotation } from 'cdktf'
const stackAnnotation: StackAnnotation = { ... }
Properties
| Name | Type | Description |
|---|---|---|
constructPath | string | No description. |
level | AnnotationMetadataEntryType | No description. |
message | string | No description. |
stacktrace | string[] | No description. |
constructPathRequired
public readonly constructPath: string;
- Type: string
levelRequired
public readonly level: AnnotationMetadataEntryType;
messageRequired
public readonly message: string;
- Type: string
stacktraceOptional
public readonly stacktrace: string[];
- Type: string[]
StackManifest
Initializer
import { StackManifest } from 'cdktf'
const stackManifest: StackManifest = { ... }
Properties
| Name | Type | Description |
|---|---|---|
annotations | StackAnnotation[] | No description. |
constructPath | string | No description. |
dependencies | string[] | No description. |
name | string | No description. |
stackMetadataPath | string | No description. |
synthesizedStackPath | string | No description. |
workingDirectory | string | No description. |
annotationsRequired
public readonly annotations: StackAnnotation[];
- Type: StackAnnotation[]
constructPathRequired
public readonly constructPath: string;
- Type: string
dependenciesRequired
public readonly dependencies: string[];
- Type: string[]
nameRequired
public readonly name: string;
- Type: string
stackMetadataPathRequired
public readonly stackMetadataPath: string;
- Type: string
synthesizedStackPathRequired
public readonly synthesizedStackPath: string;
- Type: string
workingDirectoryRequired
public readonly workingDirectory: string;
- Type: string
SwiftBackendConfig
Initializer
import { SwiftBackendConfig } from 'cdktf'
const swiftBackendConfig: SwiftBackendConfig = { ... }
Properties
| Name | Type | Description |
|---|---|---|
container | string | No description. |
applicationCredentialId | string | No description. |
applicationCredentialName | string | No description. |
applicationCredentialSecret | string | No description. |
archiveContainer | string | No description. |
authUrl | string | No description. |
cacertFile | string | No description. |
cert | string | No description. |
cloud | string | No description. |
defaultDomain | string | No description. |
domainId | string | No description. |
domainName | string | No description. |
expireAfter | string | No description. |
insecure | boolean | No description. |
key | string | No description. |
password | string | No description. |
projectDomainId | string | No description. |
projectDomainName | string | No description. |
regionName | string | No description. |
stateName | string | No description. |
tenantId | string | No description. |
tenantName | string | No description. |
token | string | No description. |
userDomainId | string | No description. |
userDomainName | string | No description. |
userId | string | No description. |
userName | string | No description. |
container
container- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public readonly container: string;
- Type: string
applicationCredentialId
applicationCredentialId- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public readonly applicationCredentialId: string;
- Type: string
applicationCredentialName
applicationCredentialName- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public readonly applicationCredentialName: string;
- Type: string
applicationCredentialSecret
applicationCredentialSecret- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public readonly applicationCredentialSecret: string;
- Type: string
archiveContainer
archiveContainer- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public readonly archiveContainer: string;
- Type: string
authUrl
authUrl- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public readonly authUrl: string;
- Type: string
cacertFile
cacertFile- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public readonly cacertFile: string;
- Type: string
cert
cert- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public readonly cert: string;
- Type: string
cloud
cloud- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public readonly cloud: string;
- Type: string
defaultDomain
defaultDomain- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public readonly defaultDomain: string;
- Type: string
domainId
domainId- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public readonly domainId: string;
- Type: string
domainName
domainName- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public readonly domainName: string;
- Type: string
expireAfter
expireAfter- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public readonly expireAfter: string;
- Type: string
insecure
insecure- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public readonly insecure: boolean;
- Type: boolean
key
key- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public readonly key: string;
- Type: string
password
password- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public readonly password: string;
- Type: string
projectDomainId
projectDomainId- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public readonly projectDomainId: string;
- Type: string
projectDomainName
projectDomainName- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public readonly projectDomainName: string;
- Type: string
regionName
regionName- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public readonly regionName: string;
- Type: string
stateName
stateName- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public readonly stateName: string;
- Type: string
tenantId
tenantId- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public readonly tenantId: string;
- Type: string
tenantName
tenantName- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public readonly tenantName: string;
- Type: string
token
token- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public readonly token: string;
- Type: string
userDomainId
userDomainId- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public readonly userDomainId: string;
- Type: string
userDomainName
userDomainName- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public readonly userDomainName: string;
- Type: string
userId
userId- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public readonly userId: string;
- Type: string
userName
userName- Deprecated: CDK for Terraform no longer supports the swift backend. Terraform deprecated swift in v1.2.3 and removed it in v1.3.
public readonly userName: string;
- Type: string
TerraformAssetConfig
Initializer
import { TerraformAssetConfig } from 'cdktf'
const terraformAssetConfig: TerraformAssetConfig = { ... }
Properties
| Name | Type | Description |
|---|---|---|
path | string | No description. |
assetHash | string | No description. |
type | AssetType | No description. |
pathRequired
public readonly path: string;
- Type: string
assetHashOptional
public readonly assetHash: string;
- Type: string
typeOptional
public readonly type: AssetType;
- Type: AssetType
TerraformCondition
Initializer
import { TerraformCondition } from 'cdktf'
const terraformCondition: TerraformCondition = { ... }
Properties
| Name | Type | Description |
|---|---|---|
condition | any | This is a boolean expression that should return true if the intended assumption or guarantee is fulfilled or false if it does not. |
errorMessage | string | This contains the text that Terraform will include as part of error messages when it detects an unmet condition. |
conditionRequired
public readonly condition: any;
- Type: any
This is a boolean expression that should return true if the intended assumption or guarantee is fulfilled or false if it does not.
errorMessageRequired
public readonly errorMessage: string;
- Type: string
This contains the text that Terraform will include as part of error messages when it detects an unmet condition.
TerraformConstructor
Initializer
import { testingMatchers } from 'cdktf'
const terraformConstructor: testingMatchers.TerraformConstructor = { ... }
Properties
| Name | Type | Description |
|---|---|---|
tfResourceType | string | No description. |
tfResourceTypeRequired
public readonly tfResourceType: string;
- Type: string
TerraformElementMetadata
Initializer
import { TerraformElementMetadata } from 'cdktf'
const terraformElementMetadata: TerraformElementMetadata = { ... }
Properties
| Name | Type | Description |
|---|---|---|
path | string | No description. |
stackTrace | string[] | No description. |
uniqueId | string | No description. |
pathRequired
public readonly path: string;
- Type: string
stackTraceRequired
public readonly stackTrace: string[];
- Type: string[]
uniqueIdRequired
public readonly uniqueId: string;
- Type: string
TerraformHclModuleConfig
Initializer
import { TerraformHclModuleConfig } from 'cdktf'
const terraformHclModuleConfig: TerraformHclModuleConfig = { ... }
Properties
| Name | Type | Description |
|---|---|---|
dependsOn | ITerraformDependable[] | No description. |
forEach | ITerraformIterator | No description. |
providers | TerraformProvider | TerraformModuleProvider[] | No description. |
skipAssetCreationFromLocalModules | boolean | No description. |
source | string | No description. |
version | string | No description. |
variables | {[ key: string ]: any} | No description. |
dependsOnOptional
public readonly dependsOn: ITerraformDependable[];
- Type: ITerraformDependable[]
forEachOptional
public readonly forEach: ITerraformIterator;
- Type: ITerraformIterator
providersOptional
public readonly providers: TerraformProvider | TerraformModuleProvider[];
- Type: TerraformProvider | TerraformModuleProvider[]
skipAssetCreationFromLocalModulesOptional
public readonly skipAssetCreationFromLocalModules: boolean;
- Type: boolean
sourceRequired
public readonly source: string;
- Type: string
versionOptional
public readonly version: string;
- Type: string
variablesOptional
public readonly variables: {[ key: string ]: any};
- Type: {[ key: string ]: any}
TerraformMetaArguments
Initializer
import { TerraformMetaArguments } from 'cdktf'
const terraformMetaArguments: TerraformMetaArguments = { ... }
Properties
| Name | Type | Description |
|---|---|---|
connection | SSHProvisionerConnection | WinrmProvisionerConnection | No description. |
count | number | TerraformCount | No description. |
dependsOn | ITerraformDependable[] | No description. |
forEach | ITerraformIterator | No description. |
lifecycle | TerraformResourceLifecycle | No description. |
provider | TerraformProvider | No description. |
provisioners | FileProvisioner | LocalExecProvisioner | RemoteExecProvisioner[] | No description. |
connectionOptional
public readonly connection: SSHProvisionerConnection | WinrmProvisionerConnection;
countOptional
public readonly count: number | TerraformCount;
- Type: number | TerraformCount
dependsOnOptional
public readonly dependsOn: ITerraformDependable[];
- Type: ITerraformDependable[]
forEachOptional
public readonly forEach: ITerraformIterator;
- Type: ITerraformIterator
lifecycleOptional
public readonly lifecycle: TerraformResourceLifecycle;
providerOptional
public readonly provider: TerraformProvider;
- Type: TerraformProvider
provisionersOptional
public readonly provisioners: FileProvisioner | LocalExecProvisioner | RemoteExecProvisioner[];
- Type: FileProvisioner | LocalExecProvisioner | RemoteExecProvisioner[]
TerraformModuleConfig
Initializer
import { TerraformModuleConfig } from 'cdktf'
const terraformModuleConfig: TerraformModuleConfig = { ... }
Properties
| Name | Type | Description |
|---|---|---|
dependsOn | ITerraformDependable[] | No description. |
forEach | ITerraformIterator | No description. |
providers | TerraformProvider | TerraformModuleProvider[] | No description. |
skipAssetCreationFromLocalModules | boolean | No description. |
source | string | No description. |
version | string | No description. |
dependsOnOptional
public readonly dependsOn: ITerraformDependable[];
- Type: ITerraformDependable[]
forEachOptional
public readonly forEach: ITerraformIterator;
- Type: ITerraformIterator
providersOptional
public readonly providers: TerraformProvider | TerraformModuleProvider[];
- Type: TerraformProvider | TerraformModuleProvider[]
skipAssetCreationFromLocalModulesOptional
public readonly skipAssetCreationFromLocalModules: boolean;
- Type: boolean
sourceRequired
public readonly source: string;
- Type: string
versionOptional
public readonly version: string;
- Type: string
TerraformModuleProvider
Initializer
import { TerraformModuleProvider } from 'cdktf'
const terraformModuleProvider: TerraformModuleProvider = { ... }
Properties
| Name | Type | Description |
|---|---|---|
moduleAlias | string | No description. |
provider | TerraformProvider | No description. |
moduleAliasRequired
public readonly moduleAlias: string;
- Type: string
providerRequired
public readonly provider: TerraformProvider;
- Type: TerraformProvider
TerraformModuleUserConfig
Initializer
import { TerraformModuleUserConfig } from 'cdktf'
const terraformModuleUserConfig: TerraformModuleUserConfig = { ... }
Properties
| Name | Type | Description |
|---|---|---|
dependsOn | ITerraformDependable[] | No description. |
forEach | ITerraformIterator | No description. |
providers | TerraformProvider | TerraformModuleProvider[] | No description. |
skipAssetCreationFromLocalModules | boolean | No description. |
dependsOnOptional
public readonly dependsOn: ITerraformDependable[];
- Type: ITerraformDependable[]
forEachOptional
public readonly forEach: ITerraformIterator;
- Type: ITerraformIterator
providersOptional
public readonly providers: TerraformProvider | TerraformModuleProvider[];
- Type: TerraformProvider | TerraformModuleProvider[]
skipAssetCreationFromLocalModulesOptional
public readonly skipAssetCreationFromLocalModules: boolean;
- Type: boolean
TerraformOutputConfig
Initializer
import { TerraformOutputConfig } from 'cdktf'
const terraformOutputConfig: TerraformOutputConfig = { ... }
Properties
| Name | Type | Description |
|---|---|---|
value | any | No description. |
dependsOn | ITerraformDependable[] | No description. |
description | string | No description. |
precondition | Precondition | No description. |
sensitive | boolean | No description. |
staticId | boolean | If set to true the synthesized Terraform Output will be named after the id passed to the constructor instead of the default (TerraformOutput.friendlyUniqueId). |
valueRequired
public readonly value: any;
- Type: any
dependsOnOptional
public readonly dependsOn: ITerraformDependable[];
- Type: ITerraformDependable[]
descriptionOptional
public readonly description: string;
- Type: string
preconditionOptional
public readonly precondition: Precondition;
- Type: Precondition
sensitiveOptional
public readonly sensitive: boolean;
- Type: boolean
staticIdOptional
public readonly staticId: boolean;
- Type: boolean
- Default: false
If set to true the synthesized Terraform Output will be named after the id passed to the constructor instead of the default (TerraformOutput.friendlyUniqueId).
TerraformProviderConfig
Initializer
import { TerraformProviderConfig } from 'cdktf'
const terraformProviderConfig: TerraformProviderConfig = { ... }
Properties
| Name | Type | Description |
|---|---|---|
terraformResourceType | string | No description. |
terraformGeneratorMetadata | TerraformProviderGeneratorMetadata | No description. |
terraformProviderSource | string | No description. |
terraformResourceTypeRequired
public readonly terraformResourceType: string;
- Type: string
terraformGeneratorMetadataOptional
public readonly terraformGeneratorMetadata: TerraformProviderGeneratorMetadata;
terraformProviderSourceOptional
public readonly terraformProviderSource: string;
- Type: string
TerraformProviderGeneratorMetadata
Initializer
import { TerraformProviderGeneratorMetadata } from 'cdktf'
const terraformProviderGeneratorMetadata: TerraformProviderGeneratorMetadata = { ... }
Properties
| Name | Type | Description |
|---|---|---|
providerName | string | No description. |
providerVersion | string | No description. |
providerVersionConstraint | string | No description. |
providerNameRequired
public readonly providerName: string;
- Type: string
providerVersionOptional
public readonly providerVersion: string;
- Type: string
providerVersionConstraintOptional
public readonly providerVersionConstraint: string;
- Type: string
TerraformResourceConfig
Initializer
import { TerraformResourceConfig } from 'cdktf'
const terraformResourceConfig: TerraformResourceConfig = { ... }
Properties
| Name | Type | Description |
|---|---|---|
connection | SSHProvisionerConnection | WinrmProvisionerConnection | No description. |
count | number | TerraformCount | No description. |
dependsOn | ITerraformDependable[] | No description. |
forEach | ITerraformIterator | No description. |
lifecycle | TerraformResourceLifecycle | No description. |
provider | TerraformProvider | No description. |
provisioners | FileProvisioner | LocalExecProvisioner | RemoteExecProvisioner[] | No description. |
terraformResourceType | string | No description. |
terraformGeneratorMetadata | TerraformProviderGeneratorMetadata | No description. |
connectionOptional
public readonly connection: SSHProvisionerConnection | WinrmProvisionerConnection;
countOptional
public readonly count: number | TerraformCount;
- Type: number | TerraformCount
dependsOnOptional
public readonly dependsOn: ITerraformDependable[];
- Type: ITerraformDependable[]
forEachOptional
public readonly forEach: ITerraformIterator;
- Type: ITerraformIterator
lifecycleOptional
public readonly lifecycle: TerraformResourceLifecycle;
providerOptional
public readonly provider: TerraformProvider;
- Type: TerraformProvider
provisionersOptional
public readonly provisioners: FileProvisioner | LocalExecProvisioner | RemoteExecProvisioner[];
- Type: FileProvisioner | LocalExecProvisioner | RemoteExecProvisioner[]
terraformResourceTypeRequired
public readonly terraformResourceType: string;
- Type: string
terraformGeneratorMetadataOptional
public readonly terraformGeneratorMetadata: TerraformProviderGeneratorMetadata;
TerraformResourceImport
Initializer
import { TerraformResourceImport } from 'cdktf'
const terraformResourceImport: TerraformResourceImport = { ... }
Properties
| Name | Type | Description |
|---|---|---|
id | string | No description. |
provider | TerraformProvider | No description. |
idRequired
public readonly id: string;
- Type: string
providerOptional
public readonly provider: TerraformProvider;
- Type: TerraformProvider
TerraformResourceLifecycle
Initializer
import { TerraformResourceLifecycle } from 'cdktf'
const terraformResourceLifecycle: TerraformResourceLifecycle = { ... }
Properties
| Name | Type | Description |
|---|---|---|
createBeforeDestroy | boolean | No description. |
ignoreChanges | string[] | string | No description. |
postcondition | Postcondition[] | No description. |
precondition | Precondition[] | No description. |
preventDestroy | boolean | No description. |
replaceTriggeredBy | string | ITerraformDependable[] | No description. |
createBeforeDestroyOptional
public readonly createBeforeDestroy: boolean;
- Type: boolean
ignoreChangesOptional
public readonly ignoreChanges: string[] | string;
- Type: string[] | string
postconditionOptional
public readonly postcondition: Postcondition[];
- Type: Postcondition[]
preconditionOptional
public readonly precondition: Precondition[];
- Type: Precondition[]
preventDestroyOptional
public readonly preventDestroy: boolean;
- Type: boolean
replaceTriggeredByOptional
public readonly replaceTriggeredBy: string | ITerraformDependable[];
- Type: string | ITerraformDependable[]
TerraformResourceMoveById
Initializer
import { TerraformResourceMoveById } from 'cdktf'
const terraformResourceMoveById: TerraformResourceMoveById = { ... }
Properties
fromRequired
public readonly from: string;
- Type: string
toRequired
public readonly to: string;
- Type: string
TerraformResourceMoveByTarget
Initializer
import { TerraformResourceMoveByTarget } from 'cdktf'
const terraformResourceMoveByTarget: TerraformResourceMoveByTarget = { ... }
Properties
| Name | Type | Description |
|---|---|---|
moveTarget | string | No description. |
index | string | number | No description. |
moveTargetRequired
public readonly moveTarget: string;
- Type: string
indexOptional
public readonly index: string | number;
- Type: string | number
TerraformStackMetadata
Initializer
import { TerraformStackMetadata } from 'cdktf'
const terraformStackMetadata: TerraformStackMetadata = { ... }
Properties
| Name | Type | Description |
|---|---|---|
backend | string | No description. |
stackName | string | No description. |
version | string | No description. |
cloud | string | No description. |
backendRequired
public readonly backend: string;
- Type: string
stackNameRequired
public readonly stackName: string;
- Type: string
versionRequired
public readonly version: string;
- Type: string
cloudOptional
public readonly cloud: string;
- Type: string
TerraformVariableConfig
Initializer
import { TerraformVariableConfig } from 'cdktf'
const terraformVariableConfig: TerraformVariableConfig = { ... }
Properties
| Name | Type | Description |
|---|---|---|
default | any | No description. |
description | string | No description. |
nullable | boolean | No description. |
sensitive | boolean | No description. |
type | string | The type argument in a variable block allows you to restrict the type of value that will be accepted as the value for a variable. |
validation | TerraformVariableValidationConfig[] | Specify arbitrary custom validation rules for a particular variable using a validation block nested within the corresponding variable block. |
defaultOptional
public readonly default: any;
- Type: any
descriptionOptional
public readonly description: string;
- Type: string
nullableOptional
public readonly nullable: boolean;
- Type: boolean
sensitiveOptional
public readonly sensitive: boolean;
- Type: boolean
typeOptional
public readonly type: string;
- Type: string
The type argument in a variable block allows you to restrict the type of value that will be accepted as the value for a variable.
If no type constraint is set then a value of any type is accepted.
While type constraints are optional, we recommend specifying them; they serve as easy reminders for users of the module, and allow Terraform to return a helpful error message if the wrong type is used.
Type constraints are created from a mixture of type keywords and type constructors. The supported type keywords are:
- string
- number
- bool
The type constructors allow you to specify complex types such as collections:
- list(\< TYPE\ >)
- set(\< TYPE\ >)
- map(\< TYPE\ >)
- object({\< ATTR NAME\ > = \< TYPE\ >, ... })
- tuple([\< TYPE\ >, ...])
The keyword any may be used to indicate that any type is acceptable. For more information on the meaning and behavior of these different types, as well as detailed information about automatic conversion of complex types, refer to {@link https://developer.hashicorp.com/terraform/language/expressions/type-constraints Type Constraints}.
If both the type and default arguments are specified, the given default value must be convertible to the specified type.
validationOptional
public readonly validation: TerraformVariableValidationConfig[];
Specify arbitrary custom validation rules for a particular variable using a validation block nested within the corresponding variable block.
TerraformVariableValidationConfig
Add one or more validation blocks within the variable block to specify custom conditions.
Initializer
import { TerraformVariableValidationConfig } from 'cdktf'
const terraformVariableValidationConfig: TerraformVariableValidationConfig = { ... }
Properties
| Name | Type | Description |
|---|---|---|
condition | any | This is a boolean expression that should return true if the intended assumption or guarantee is fulfilled or false if it does not. |
errorMessage | string | This contains the text that Terraform will include as part of error messages when it detects an unmet condition. |
conditionRequired
public readonly condition: any;
- Type: any
This is a boolean expression that should return true if the intended assumption or guarantee is fulfilled or false if it does not.
errorMessageRequired
public readonly errorMessage: string;
- Type: string
This contains the text that Terraform will include as part of error messages when it detects an unmet condition.
TestingAppConfig
Initializer
import { TestingAppConfig } from 'cdktf'
const testingAppConfig: TestingAppConfig = { ... }
Properties
| Name | Type | Description |
|---|---|---|
context | {[ key: string ]: any} | No description. |
enableFutureFlags | boolean | No description. |
fakeCdktfJsonPath | boolean | No description. |
outdir | string | No description. |
stackTraces | boolean | No description. |
stubVersion | boolean | No description. |
contextOptional
public readonly context: {[ key: string ]: any};
- Type: {[ key: string ]: any}
enableFutureFlagsOptional
public readonly enableFutureFlags: boolean;
- Type: boolean
fakeCdktfJsonPathOptional
public readonly fakeCdktfJsonPath: boolean;
- Type: boolean
outdirOptional
public readonly outdir: string;
- Type: string
stackTracesOptional
public readonly stackTraces: boolean;
- Type: boolean
stubVersionOptional
public readonly stubVersion: boolean;
- Type: boolean
WinrmProvisionerConnection
Most provisioners require access to the remote resource via SSH or WinRM and expect a nested connection block with details about how to connect.
See {@link https://developer.hashicorp.com/terraform/language/resources/provisioners/connection connection}
Initializer
import { WinrmProvisionerConnection } from 'cdktf'
const winrmProvisionerConnection: WinrmProvisionerConnection = { ... }
Properties
| Name | Type | Description |
|---|---|---|
host | string | The address of the resource to connect to. |
type | string | The connection type. |
cacert | string | The CA certificate to validate against. |
https | boolean | Set to true to connect using HTTPS instead of HTTP. |
insecure | boolean | Set to true to skip validating the HTTPS certificate chain. |
password | string | The password to use for the connection. |
port | number | The port to connect to. |
scriptPath | string | The path used to copy scripts meant for remote execution. |
timeout | string | The timeout to wait for the connection to become available. |
useNtlm | boolean | Set to true to use NTLM authentication rather than default (basic authentication), removing the requirement for basic authentication to be enabled within the target guest. |
user | string | The user to use for the connection. |
hostRequired
public readonly host: string;
- Type: string
The address of the resource to connect to.
typeRequired
public readonly type: string;
- Type: string
The connection type.
Valid values are "ssh" and "winrm". Provisioners typically assume that the remote system runs Microsoft Windows when using WinRM. Behaviors based on the SSH target_platform will force Windows-specific behavior for WinRM, unless otherwise specified.
cacertOptional
public readonly cacert: string;
- Type: string
The CA certificate to validate against.
httpsOptional
public readonly https: boolean;
- Type: boolean
Set to true to connect using HTTPS instead of HTTP.
insecureOptional
public readonly insecure: boolean;
- Type: boolean
Set to true to skip validating the HTTPS certificate chain.
passwordOptional
public readonly password: string;
- Type: string
The password to use for the connection.
portOptional
public readonly port: number;
- Type: number
- Default: 22
The port to connect to.
scriptPathOptional
public readonly scriptPath: string;
- Type: string
The path used to copy scripts meant for remote execution.
Refer to {@link https://developer.hashicorp.com/terraform/language/resources/provisioners/connection#how-provisioners-execute-remote-scripts How Provisioners Execute Remote Scripts below for more details}
timeoutOptional
public readonly timeout: string;
- Type: string
- Default: 5m
The timeout to wait for the connection to become available.
Should be provided as a string (e.g., "30s" or "5m".)
useNtlmOptional
public readonly useNtlm: boolean;
- Type: boolean
Set to true to use NTLM authentication rather than default (basic authentication), removing the requirement for basic authentication to be enabled within the target guest.
Refer to Authentication for Remote Connections in the Windows App Development documentation for more details.
userOptional
public readonly user: string;
- Type: string
- Default: root
The user to use for the connection.