How To Bootstrap Terraform S3 And DynamoDB

Whenever I start using Terraform in a new AWS setup, I use this module by trussworks to bootstrap an S3 bucket for state and a DynamoDB table for locks.

It’s a pretty easy module to configure. I usually make a repository for the bootstrapped resources. My initial setup looks like this:

# main.tf
module "bootstrap" {
  source = "trussworks/bootstrap/aws"
  version = "5.2.0"

  region        = "us-east-2"
  account_alias = "<account alias>"
  bucket_key_enabled = true
}

provider "aws" {
  region  = "us-east-2"
}

Once that’s in place, run terraform init and terraform apply, and you have your resources ready for an S3 backend.

The terraform state for the bootstrapping will be created in the directory you ran terraform apply. After the initial run, I upload the state to the S3 backend we created.

# main.tf
module "bootstrap" {
  source = "trussworks/bootstrap/aws"
  version = "5.2.0"

  region        = "us-east-2"
  account_alias = "<account alias>"
  bucket_key_enabled = true
}

provider "aws" {
  region  = "us-east-2"
}

terraform {

  required_providers {
    aws = {
      source = "hashicorp/aws"
      version = "~> 4.0"
    }
  }

  backend "s3" {
    bucket = "<name of bucket>"
    key    = "bootstrap"
    region = "us-east-2"
    dynamodb_table = "terraform-state-lock"
  }
}

Run terraform init again, and you’ll be prompted to upload your local state to the s3 bucket.

It’s important to consider which AWS Account you put the backend in, especially if you’re running multiple AWS accounts, which you should by default. You’ll want to put it in a shared or central account. This way, you have one place for all your AWS accounts’ terraform state.