DEV Community

Cover image for Using OCI Bucket for Terraform/OpenTofu remote state backend
Faris Durrani
Faris Durrani

Posted on

Using OCI Bucket for Terraform/OpenTofu remote state backend

Store Terraform state files in Oracle Cloud Infrastructure (OCI) Object Storage by configuring an S3-compatible backend.

A Terraform backend defines where Terraform stores its state data files. Without a backend, the state file lives locally on a single machine, making it hard for others to work based on the same cloud state, as well as having to store sensitive information locally.

This page describes how to configure an S3-compatible backend on OCI Object Storage Bucket by adding the backend block to your configuration.

A simple example

Assumptions

  • A Terraform/OpenTofu version >= 1.7

1. Install Terraform/OpenTofu

Follow the official installation page to install the Terraform or OpenTofu CLI on your machine:

All instructions in this doc will use the terraform CLI and otherwise refer to Terraform. Simply swap terraform with tofu if you prefer to use OpenTofu as all instructions and file contents are otherwise similar.

2. Configure the OCI Provider profile

To deploy OCI resources, you need access to manage the resources from your machine. This can be achieved using an API Key. To complete this step, see Setting up the OCI Configuration File using API Keys.

3. Create your AWS Customer Secret Key

Create a Customer Secret Key on your OCI console. This key enables Terraform to write to the bucket.

Head to Profile picture > My profile > Customer secret keys > Generate secret key

Give any display name you desire.

Screenshot: Getting customer secret key from OCI

4. Add your AWS Customer Secret Key

i) Create or go to the file ~/.aws/credentials
ii) Add the secret Generated key and Access key in the file under a profile name.

In this example, we use default as the profile name.



[default]
aws_access_key_id=68ce92f58a480b5cc17205467816a53b662f167a
aws_secret_access_key=1swn+e6GIyRz4tcEO42b95im7EBVO8rM5WM9apTs+fQ=


Enter fullscreen mode Exit fullscreen mode

Screenshot: aws credentials file

5. Create your Terraform files

We'll create a folder with these files to create one VCN in a specified compartment:



📦terraform-test
 ┣ 📜main.tf
 ┣ 📜provider.tf
 ┗ 📜terraform.tf


Enter fullscreen mode Exit fullscreen mode

The terraform.tf file will:

  • tell Terraform to use the oci provider
  • ensure the Terraform version is >= 1.7
  • use the S3-compatible OCI bucket backend to store the state

Important
Make sure to update:

  • the bucket attribute to reflect the name of your bucket
  • the endpoints attribute to use your region and object storage namespace (found in Profile > Tenancy Details)
  • the profile attribute. We use "default" as set in the previous step. Optionally for better configuration, use Partial Configuration


# terraform.tf
terraform {
  required_providers {
    oci = {
      source  = "oracle/oci"
      version = ">= 6.0.0"
    }
  }
  required_version = ">=1.7"

  backend "s3" {
    bucket    = "bucket01"
    key       = "terraform.tfstate"
    region    = "us-ashburn-1"
    endpoints = { s3 = "https://idjqfqrpn5uq.compat.objectstorage.us-ashburn-1.oci.customer-oci.com" }

    profile                     = "default"
    skip_region_validation      = true
    skip_credentials_validation = true
    skip_requesting_account_id  = true
    skip_metadata_api_check     = true
    skip_s3_checksum            = true
    use_path_style              = true
  }
}


Enter fullscreen mode Exit fullscreen mode

The provider.tf file sets the OCI profile you are using. DEFAULT is the default profile



# provider.tf
provider "oci" {
  config_file_profile = "DEFAULT"
}


Enter fullscreen mode Exit fullscreen mode

The main.tf file creates one simple VCN in the compartment you specify. Make sure to edit the compartment_id.



# main.tf
resource "oci_core_vcn" "test_vcn" {
  #Required
  compartment_id = "ocid1.compartment.oc1..aaaaaaaaivk7ay7yourcompartmentocidpdx3rb37g55uguzga"

  #Optional
  cidr_blocks  = ["10.5.0.0/16"]
  display_name = "vcn-test-01"
}


Enter fullscreen mode Exit fullscreen mode

6. Deploy

Let us initialize and apply the plan:



terraform init
terraform apply


Enter fullscreen mode Exit fullscreen mode

If all goes well, we see a success message:

Terraform successful application

And of course, the created VCN:

Deployed VCN

The Terraform tfstate file in the bucket:

tfstate file in bucket

References

Safe harbor statement

The information provided on this channel/article/story is solely intended for informational purposes and cannot be used as a part of any contractual agreement. The content does not guarantee the delivery of any material, code, or functionality, and should not be the sole basis for making purchasing decisions. The postings on this site are my own and do not necessarily reflect the views or work of Oracle or Mythics, LLC.

This work is licensed under a Creative Commons Attribution 4.0 International License.

Top comments (0)