state

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-terraform repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-terraform repo.

class pulumi_terraform.state.Any(*args, **kwargs)

Special type indicating an unconstrained type.

Any is compatible with every type.
Any assumed to have all methods.
All values assumed to be instances of Any.

Note that all the above statements are true from the point of view of static type checkers. At runtime, Any should not be used with instance checks.

The configuration options for a Terraform Remote State stored in the Artifactory backend.

Constructs an ArtifactoryBackendArgs.

Parameters:

repo – The username with which to authenticate to Artifactory. Sourced from ARTIFACTORY_USERNAME in the environment, if unset
subpath – Path within the repository.
url – The Artifactory URL. Note that this is the base URL to artifactory, not the full repo and subpath.

However, it must include the path to the artifactory installation - likely this will end in /artifactory. Sourced from ARTIFACTORY_URL in the environment, if unset. :param username: The username with which to authenticate to Artifactory. Sourced from ARTIFACTORY_USERNAME in the environment, if unset. :param password: The password with which to authenticate to Artifactory. Sourced from ARTIFACTORY_PASSWORD in the environment, if unset. :param workspace: The Terraform workspace from which to read state.

The configuration options for a Terraform Remote State stored in the AzureRM backend.

Constructs an AzureRMBackendArgs
param storage_account_name:
The name of the storage account.
param container_name:
The name of the storage container within the storage account.
param key:
The name of the blob in representing the Terraform State file inside the storage container.
param environment:
The Azure environment which should be used. Possible values are public (default), china,

german, stack and usgovernment. Sourced from ARM_ENVIRONMENT, if unset.

param endpoint:: The custom endpoint for Azure Resource Manager. Sourced from ARM_ENDPOINT, if unset.
param use_msi:: Whether to authenticate using Managed Service Identity (MSI). Sourced from ARM_USE_MSI if

unset. Defaults to false if no value is specified. :param subscription_id: The Subscription ID in which the Storage Account exists. Used when authenticating using the Managed Service Identity (MSI) or a service principal. Sourced from ARM_SUBSCRIPTION_ID, if unset. :param tenant_id: The Tenant ID in which the Subscription exists. Used when authenticating using the Managed Service Identity (MSI) or a service principal. Sourced from ARM_TENANT_ID, if unset. :param msi_endpoint: The path to a custom Managed Service Identity endpoint. Used when authenticating using the Managed Service Identity (MSI). Sourced from ARM_MSI_ENDPOINT in the environment, if unset. Automatically determined, if no value is provided. :param sas_token: The SAS Token used to access the Blob Storage Account. Used when authenticating using a SAS Token. Sourced from ARM_SAS_TOKEN in the environment, if unset. :param access_key: The Access Key used to access the blob storage account. Used when authenticating using an access key. Sourced from ARM_ACCESS_KEY in the environment, if unset. :param resource_group_name: The name of the resource group in which the storage account exists. Used when authenticating using a service principal. :param client_id: The client ID of the service principal. Used when authenticating using a service principal. Sourced from ARM_CLIENT_ID in the environment, if unset. :param client_secret: The client secret of the service principal. Used when authenticating using a service principal. Sourced from ARM_CLIENT_SECRET in the environment, if unset. :param workspace: The Terraform workspace from which to read state.

The configuration options for a Terraform Remote State stored in the Consul backend.

Constructs a ConsulBackendArgs.

Parameters:

path – Path in the Consul KV store.
access_token – Consul Access Token. Sourced from CONSUL_HTTP_TOKEN in the environment, if unset.
address – DNS name and port of the Consul HTTP endpoint specified in the format dnsname:port. Defaults

to the local agent HTTP listener. :param scheme: Specifies which protocol to use when talking to the given address - either http or https. TLS support can also be enabled by setting the environment variable CONSUL_HTTP_SSL to true. :param datacenter: The datacenter to use. Defaults to that of the agent. :param http_auth: HTTP Basic Authentication credentials to be used when communicating with Consul, in the format of either user or user:pass. Sourced from CONSUL_HTTP_AUTH, if unset. :param gzip: Whether to compress the state data using gzip. Set to true to compress the state data using gzip, or false (default) to leave it uncompressed. :param ca_file: A path to a PEM-encoded certificate authority used to verify the remote agent’s certificate. Sourced from CONSUL_CAFILE in the environment, if unset. :param cert_file: A path to a PEM-encoded certificate provided to the remote agent; requires use of key_file. Sourced from CONSUL_CLIENT_CERT in the environment, if unset. :param key_file: A path to a PEM-encoded private key, required if cert_file is specified. Sourced from CONSUL_CLIENT_KEY in the environment, if unset. :param workspace: The Terraform workspace from which to read state.

The configuration options for a Terraform Remote State stored in the etcd v2 backend. Note that there is a separate configuration class for state stored in the ectd v3 backend.

Constructs an EtcdV2BackendArgs.

Parameters:

path – The path at which to store the state.
endpoints – A space-separated list of the etcd endpoints.
username – The username with which to authenticate to etcd.
password – The username with which to authenticate to etcd.
workspace – The Terraform workspace from which to read state.

The configuration options for a Terraform Remote State stored in the etcd v3 backend. Note that there is a separate configuration class for state stored in the ectd v2 backend.

Constructs an EtcdV3BackendArgs.

Parameters:

endpoints – A list of the etcd endpoints.
username – The username with which to authenticate to etcd. Sourced from ETCDV3_USERNAME in the

environment, if unset. :param password: The username with which to authenticate to etcd. Sourced from ETCDV3_PASSWORD in the environment, if unset. :param prefix: An optional prefix to be added to keys when storing state in etcd. :param cacert_path: Path to a PEM-encoded certificate authority bundle with which to verify certificates of TLS-enabled etcd servers. :param cert_path: Path to a PEM-encoded certificate to provide to etcd for client authentication. :param key_path: Path to a PEM-encoded key to use for client authentication. :param workspace: The Terraform workspace from which to read state.

The configuration options for a Terraform Remote State stored in the Google Cloud Storage backend.

Constructs a GcsBackendArgs.

Parameters:

bucket – The name of the Google Cloud Storage bucket.
credentials – Local path to Google Cloud Platform account credentials in JSON format. Sourced from

GOOGLE_CREDENTIALS in the environment if unset. If no value is provided Google Application Default Credentials are used. :param prefix: Prefix used inside the Google Cloud Storage bucket. Named states for workspaces are stored in an object named <prefix>/<name>.tfstate. :param encryption_key: A 32 byte, base64-encoded customer supplied encryption key used to encrypt the state. Sourced from GOOGLE_ENCRYPTION_KEY in the environment, if unset. :param workspace: The Terraform workspace from which to read state.

The configuration options for a Terraform Remote State stored in the HTTP backend.

Constructs an HttpBackendArgs.

Parameters:

address – The address of the HTTP endpoint.
update_method – HTTP method to use when updating state. Defaults to POST.
lock_address – The address of the lock REST endpoint. Not setting a value disables locking.
lock_method – The HTTP method to use when locking. Defaults to LOCK.
unlock_address – The address of the unlock REST endpoint. Not setting a value disables locking.
unlock_method – The HTTP method to use when unlocking. Defaults to UNLOCK.
username – The username used for HTTP basic authentication.
password – The password used for HTTP basic authentication.
skip_cert_validation – Whether to skip TLS verification. Defaults to false.
workspace – The Terraform workspace from which to read state.

class pulumi_terraform.state.LocalBackendArgs(path: str | Awaitable[str] | Output[T])

The configuration options for a Terraform Remote State stored in the local enhanced backend.

Constructs a LocalBackendArgs.

Parameters:: path – The path to the Terraform state file.

The configuration options for a Terraform Remote State stored in the Manta backend.

Constructs a MantaBackendArgs.

Parameters:: account – The name of the Manta account. Sourced from SDC_ACCOUNT or _ACCOUNT in the environment, if

unset. :param user: The username of the Manta account with which to authenticate. :param url: The Manta API Endpoint. Sourced from MANTA_URL in the environment, if unset. Defaults to https://us-east.manta.joyent.com. :param key_material: The private key material corresponding with the SSH key whose fingerprint is specified in keyId. Sourced from SDC_KEY_MATERIAL or TRITON_KEY_MATERIAL in the environment, if unset. If no value is specified, the local SSH agent is used for signing requests. :param key_id: The fingerprint of the public key matching the key material specified in keyMaterial, or in the local SSH agent. :param path: The path relative to your private storage directory (/$MANTA_USER/stor) where the state file will be stored. :param insecure_skip_tls_verify: Skip verifying the TLS certificate presented by the Manta endpoint. This can be

useful for installations which do not have a certificate signed by a trusted root CA. Defaults to false.

Parameters:: workspace – The Terraform workspace from which to read state.

The configuration options for a Terraform Remote State stored in the OSS backend.

Constructs an OssBackendArgs.

Parameters:

bucket – The name of the OSS bucket.
access_key – Alibaba Cloud access key. It supports environment variables ALICLOUD_ACCESS_KEY and

ALICLOUD_ACCESS_KEY_ID :param secret_key: Alibaba Cloud secret access key. It supports environment variables ALICLOUD_SECRET_KEY and ALICLOUD_ACCESS_KEY_SECRET. :param security_token: STS access token. It supports environment variable ALICLOUD_SECURITY_TOKEN. :param ecs_role_name: The RAM Role Name attached on a ECS instance for API operations. You can retrieve this from the ‘Access Control’ section of the Alibaba Cloud console. :param region: The region of the OSS bucket. It supports environment variables ALICLOUD_REGION and ALICLOUD_DEFAULT_REGION. :param endpoint: A custom endpoint for the OSS API. It supports environment variables ALICLOUD_OSS_ENDPOINT and OSS_ENDPOINT. :param prefix: The path directory of the state file will be stored. Default to env:. :param key: The name of the state file. Defaults to terraform.tfstate. :param profile: This is the Alibaba Cloud profile name as set in the shared credentials file. It can also be sourced from the ALICLOUD_PROFILE environment variable. :param shared_credentials_file: This is the path to the shared credentials file. It can also be sourced from the ALICLOUD_SHARED_CREDENTIALS_FILE environment variable. If this is not set and a profile is specified, ~/.aliyun/config.json will be used. :param role_arn: The ARN of the role to assume. If ARN is set to an empty string, it does not perform role switching. It supports environment variable ALICLOUD_ASSUME_ROLE_ARN. :param policy: A more restrictive policy to apply to the temporary credentials. This gives you a way to further restrict the permissions for the resulting temporary security credentials. You cannot use this policy to grant permissions which exceed those of the role that is being assumed. :param session_name: The session name to use when assuming the role. It supports environment variable ALICLOUD_ASSUME_ROLE_SESSION_NAME. :param session_expiration: The time after which the established session for assuming role expires. Valid value range: [900-3600] seconds. Default to 3600. It supports environment variable ALICLOUD_ASSUME_ROLE_SESSION_EXPIRATION.

The configuration options for a Terraform Remote State stored in the Postgres backend.

Constructs a PostgresBackendArgs.

Parameters:

conn_str – Postgres connection string; a postgres:// URL.
schema_name – Name of the automatically-managed Postgres schema. Defaults to terraform_remote_state.
workspace – The Terraform workspace from which to read state.

Configuration options for a workspace for use with the remote enhanced backend.

Constructs a RemoteBackendArgs.

Parameters:

organization – The name of the organization containing the targeted workspace(s).
token – The token used to authenticate with the remote backend.
hostname – The remote backend hostname to which to connect. Defaults to app.terraform.io.
workspace_name – The full name of one remote workspace. When configured, only the default workspace can

be used. This option conflicts with workspace_prefix. :param workspace_prefix: A prefix used in the names of one or more remote workspaces, all of which can be used with this configuration. If unset, only the default workspace can be used. This option conflicts with workspace_name.

Manages a reference to a Terraform Remote State. The root outputs of the remote state are available via the outputs property or the getOutput method.

Create a RemoteStateReference resource with the given unique name, props, and options.

Parameters:

resource_name (str) – The name of the resource.
opts (pulumi.ResourceOptions) – Options for the resource.
backend_type (str) – The name of the Remote State Backend
args (BackendArgs) – The arguments for the Remote State backend, which must match the given backend_type.

outputs: Output[Mapping[str, Any]]: The root outputs of the referenced Terraform state.

get_output(name: str | Awaitable[str] | Output[T])

Fetches the value of a root output from the Terraform Remote State.

Parameters:: name – The name of the output to fetch. The name is formatted exactly as per the “output” block in the

Terraform configuration. :return: A pulumi.Output representing the value.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

If the props passed to __init__ is an input type (decorated with @input_type), the type/name metadata of the resource will be used to translate names instead of calling this method.

Parameters:: prop (str) – A property name.
Returns:: A potentially transformed property name.
Return type:: str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

If the props passed to __init__ is an input type (decorated with @input_type), the type/name metadata of props will be used to translate names instead of calling this method.

Parameters:: prop (str) – A property name.
Returns:: A potentially transformed property name.
Return type:: str

The configuration options for a Terraform Remote State stored in the S3 backend.

Constructs an S3BackendArgs.

Parameters:

bucket – The name of the S3 bucket.
key – The path to the state file inside the bucket. When using a non-default workspace, the state path

will be /workspace_key_prefix/workspace_name/key. :param region: The region of the S3 bucket. Also sourced from AWS_DEFAULT_REGION in the environment, if unset. :param endpoint: A custom endpoint for the S3 API. Also sourced from AWS_S3_ENDPOINT in the environment, if unset. :param access_key: AWS Access Key. Sourced from the standard credentials pipeline, if unset. :param secret_key: AWS Secret Access Key. Sourced from the standard credentials pipeline, if unset. :param profile: The AWS profile name as set in the shared credentials file. :param shared_credentials_file: The path to the shared credentials file. If this is not set and a profile is specified, ~/.aws/credentials will be used by default. :param token: An MFA token. Sourced from AWS_SESSION_TOKEN in the environment if needed and unset. :param role_arn: The ARN of an IAM Role to be assumed in order to read the state from S3. :param external_id: The external ID to use when assuming the IAM role. :param session_name: The session name to use when assuming the IAM role. :param workspace_key_prefix: The prefix applied to the state path inside the bucket. This is only relevant when using a non-default workspace, and defaults to env:. :param iam_endpoint: A custom endpoint for the IAM API. Sourced from AWS_IAM_ENDPOINT, if unset. :param sts_endpoint: A custom endpoint for the STS API. Sourced from AWS_STS_ENDPOINT, if unset. :param skip_credentials_validation: Skip the credentials validation via STS API. :param skip_region_validation: Skip static validation of region name. :param skip_metadata_api_check: Skip the AWS Metadata API check. :param force_path_style: Force s3 to use path style api. :param workspace: The Terraform workspace from which to read state.

The configuration options for a Terraform Remote State stored in the Swift backend.

Constructs a SwiftBackendArgs.

Parameters:

auth_url – The Identity authentication URL. Sourced from OS_AUTH_URL in the environment, if unset.
container – The name of the container in which the Terraform state file is stored.
username – The username with which to log in. Sourced from OS_USERNAME in the environment, if unset.
user_id – The user ID with which to log in. Sourced from OS_USER_ID in the environment, if unset.
password – The password with which to log in. Sourced from OS_PASSWORD in the environment, if unset.
token – Access token with which to log in in stead of a username and password. Sourced from

OS_AUTH_TOKEN in the environment, if unset. :param region_name: The region in which the state file is stored. Sourced from OS_REGION_NAME, if unset. :param tenant_id: The ID of the tenant (for identity v2) or project (identity v3) which which to log in. Sourced from OS_TENANT_ID or OS_PROJECT_ID in the environment, if unset. :param tenant_name: The name of the tenant (for identity v2) or project (identity v3) which which to log in. Sourced from OS_TENANT_NAME or OS_PROJECT_NAME in the environment, if unset. :param domain_id: The ID of the domain to scope the log in to (identity v3). Sourced from OS_USER_DOMAIN_ID, OS_PROJECT_DOMAIN_ID or OS_DOMAIN_ID in the environment, if unset. :param domain_name: The name of the domain to scope the log in to (identity v3). Sourced from OS_USER_DOMAIN_NAME, OS_PROJECT_DOMAIN_NAME or OS_DOMAIN_NAME in the environment, if unset. :param insecure: Whether to disable verification of the server TLS certificate. Sourced from OS_INSECURE in the environment, if unset. :param cacert_file: A path to a CA root certificate for verifying the server TLS certificate. Sourced from OS_CACERT in the environment, if unset. :param cert: A path to a client certificate for TLS client authentication. Sourced from OS_CERT in the environment, if unset. :param key: A path to the private key corresponding to the client certificate for TLS client authentication. Sourced from OS_KEY in the environment, if unset.

On this page

On this page

state

On this page

On this page