Backend in different AWS account

Cool. Think that’s good default behavior and a nice approach. Some thoughts:

Would need to parse backend.tf so that the data structure is available in Ruby to grab the role_arn. Then can use it to create the s3 client specifically for the backend creation.

There’s already a parser that terraspace uses: GitHub - boltops-tools/hcl_parser: HCL Parser It really just uses GitHub - winebarrel/rhcl: Pure Ruby HCL parser parser and rewrites the HCL as a pre-processing step before parsing the HCL. It’s hacky, but tried a few different terraform parsers at the time and each seemed to have some issues. Probably because Terraform HCL syntax itself has evolved and changed and it takes time and effort for authors to update their parsers. Currently, the boltops-tools/hcl_parser hacky preprocessing works for simple HCL cases like backend.tf and variables.tf. At some point hope to revisit the parser with something like parslet - About and improve the HCL parser. It’s been quite a while though since messed around with parsing.

1 Like