gcs

Kind: Standard (with locking)

Stores the state as an object in a configurable prefix and bucket on Google Cloud Storage (GCS).

Example Configuration

terraform {
  backend "gcs" {
    bucket  = "tf-state-prod"
    prefix  = "terraform/state"
  }
}

Example Referencing

data "terraform_remote_state" "foo" {
  backend = "gcs"
  config {
    bucket  = "terraform-state"
    prefix  = "prod"
  }
}

resource "template_file" "bar" {
  template = "${greeting}"

  vars {
    greeting = "${data.terraform_remote_state.foo.greeting}"
  }
}

Configuration variables

The following configuration options are supported:

• bucket - (Required) The name of the GCS bucket. This name must be globally unique. For more information, see Bucket Naming Guidelines.
• credentials / GOOGLE_CREDENTIALS - (Optional) Local path to Google Cloud Platform account credentials in JSON format. If unset, Google Application Default Credentials are used. The provided credentials need to have the devstorage.read_write scope and WRITER permissions on the bucket.
• prefix - (Optional) GCS prefix inside the bucket. Named states for workspaces are stored in an object called <prefix>/<name>.tfstate.
• path - (Deprecated) GCS path to the state file of the default state. For backwards compatibility only, use prefix instead.
• project / GOOGLE_PROJECT - (Optional) The project ID to which the bucket belongs. This is only used when creating a new bucket during initialization. Since buckets have globally unique names, the project ID is not required to access the bucket during normal operation.
• region / GOOGLE_REGION - (Optional) The region in which a new bucket is created. For more information, see Bucket Locations.
• encryption_key / GOOGLE_ENCRYPTION_KEY - (Optional) A 32 byte base64 encoded 'customer supplied encryption key' used to encrypt all state. For more information see Customer Supplied Encryption Keys.