We create aws terraform states (s3 bucket and dynamoDB) using a terraform module so we achieve a standard setup/behavior trhough all projects (special s3 security restriction for blast radius separation, etc.).
I know terraspace has options for existing system:
But I think it would be great a mix: move to terraspace backend creation retaining security and standardization using “custom module” for automated resources creation.
It is something possible ? Can it be done using Boot Hooks ?
While it’s possible because with boot hooks, probably wouldn’t approach it that way.
The built-in Terraspace bucket creation logic is pretty flexible and has a variety of options over how the bucket should be created:
If those options are not enough, will consider PR improvements to the plugin code. No sweat either way of course.So recommend taking a closer look at the current options already.
If you would still like to create the s3 bucket for state with a terraform module instead, consider doing that outside of the terraspace command first. So call terraform apply to create the bucket first. Then when you run terraspace up later, if the backend.tf has been configured to use the same bucket, Terraspace will use the existing bucket. The terraspace plugin code only creates a bucket if it doesn’t already exist. Again, you can probably call out to this script with a boot hook but it feels complicated.
We already use separate code to create backends (organization level code to manage organization single accounts skel configuration), auto_create_backend = false and a naming standards to automate as much as possible the process.
We’ll review this process and eventually we’ll try to further improve it as you wrote.