rebeccacrompton/terraform_backend.txt

## terraform_backend.txt
// Create s3 bucket for state storage

aws s3api create-bucket \
    --bucket demo-terraform-state-eu-west-1 \
    --create-bucket-configuration LocationConstraint=eu-west-1

// Configure s3 bucket settings for acls disabled, bucket versioning and encryption

aws s3api put-public-access-block \
    --bucket demo-terraform-state-eu-west-1 \
    --public-access-block-configuration "BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true"

aws s3api put-bucket-versioning \
    --bucket demo-terraform-state-eu-west-1 \
    --versioning-configuration Status=Enabled

aws s3api put-bucket-encryption \
    --bucket demo-terraform-state-eu-west-1 \
    --server-side-encryption-configuration '{"Rules": [{"ApplyServerSideEncryptionByDefault": {"SSEAlgorithm": "AES256"}}]}'

// Create DynamoDB table for state locking

aws dynamodb create-table \
    --region eu-west-1 \
    --table-name demo-terraform-state-lock \
    --attribute-definitions AttributeName=LockID,AttributeType=S \
    --key-schema AttributeName=LockID,KeyType=HASH \
    --provisioned-throughput ReadCapacityUnits=1,WriteCapacityUnits=1

// Configure terraform backend in your project's relevant .tf file

terraform {
  backend "s3" {
    bucket  = "demo-terraform-state-eu-west-1"
    key     = "serverless-backend/terraform.tfstate" # Where "serverless-backend" is my project name
    region  = "eu-west-1"
    encrypt = true

    dynamodb_table = "demo-terraform-state-lock"
  }
}
	// Create s3 bucket for state storage

	aws s3api create-bucket \
	--bucket demo-terraform-state-eu-west-1 \
	--create-bucket-configuration LocationConstraint=eu-west-1

	// Configure s3 bucket settings for acls disabled, bucket versioning and encryption

	aws s3api put-public-access-block \
	--bucket demo-terraform-state-eu-west-1 \
	--public-access-block-configuration "BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true"

	aws s3api put-bucket-versioning \
	--bucket demo-terraform-state-eu-west-1 \
	--versioning-configuration Status=Enabled

	aws s3api put-bucket-encryption \
	--bucket demo-terraform-state-eu-west-1 \
	--server-side-encryption-configuration '{"Rules": [{"ApplyServerSideEncryptionByDefault": {"SSEAlgorithm": "AES256"}}]}'

	// Create DynamoDB table for state locking

	aws dynamodb create-table \
	--region eu-west-1 \
	--table-name demo-terraform-state-lock \
	--attribute-definitions AttributeName=LockID,AttributeType=S \
	--key-schema AttributeName=LockID,KeyType=HASH \
	--provisioned-throughput ReadCapacityUnits=1,WriteCapacityUnits=1

	// Configure terraform backend in your project's relevant .tf file

	terraform {
	backend "s3" {
	bucket = "demo-terraform-state-eu-west-1"
	key = "serverless-backend/terraform.tfstate" # Where "serverless-backend" is my project name
	region = "eu-west-1"
	encrypt = true

	dynamodb_table = "demo-terraform-state-lock"
	}
	}