Package com.hashicorp.cdktf

Class S3Backend.Builder

java.lang.Object
com.hashicorp.cdktf.S3Backend.Builder
All Implemented Interfaces:
software.amazon.jsii.Builder<S3Backend>
Enclosing class:
S3Backend
@Stability(Experimental) public static final class S3Backend.Builder extends Object implements software.amazon.jsii.Builder<S3Backend>
(experimental) A fluent builder for S3Backend.

  • Method Details

    • create

      @Stability(Experimental) public static S3Backend.Builder create(software.constructs.Construct scope)
      Parameters:
      scope - This parameter is required.
      Returns:
      a new instance of S3Backend.Builder.

    • bucket

      @Stability(Experimental) public S3Backend.Builder bucket(String bucket)
      (experimental) Name of the S3 Bucket.

      Parameters:
      bucket - Name of the S3 Bucket. This parameter is required.
      Returns:
      this

    • key

      @Stability(Experimental) public S3Backend.Builder key(String key)
      (experimental) Path to the state file inside the S3 Bucket.

      When using a non-default workspace, the state path will be /workspace_key_prefix/workspace_name/key

      Parameters:
      key - Path to the state file inside the S3 Bucket. This parameter is required.
      Returns:
      this

    • accessKey

      @Stability(Experimental) public S3Backend.Builder accessKey(String accessKey)
      (experimental) (Optional) AWS access key.

      If configured, must also configure secret_key. This can also be sourced from the AWS_ACCESS_KEY_ID environment variable, AWS shared credentials file (e.g. ~/.aws/credentials), or AWS shared configuration file (e.g. ~/.aws/config).

      Parameters:
      accessKey - (Optional) AWS access key. This parameter is required.
      Returns:
      this

    • acl

      @Stability(Experimental) public S3Backend.Builder acl(String acl)
      (experimental) (Optional) Canned ACL to be applied to the state file.

      Parameters:
      acl - (Optional) Canned ACL to be applied to the state file. This parameter is required.
      Returns:
      this

    • allowedAccountIds

      @Stability(Experimental) public S3Backend.Builder allowedAccountIds(String allowedAccountIds)
      (experimental) (Optional) List of allowed AWS account IDs to prevent potential destruction of a live environment.

      Conflicts with forbidden_account_ids.

      Parameters:
      allowedAccountIds - (Optional) List of allowed AWS account IDs to prevent potential destruction of a live environment. This parameter is required.
      Returns:
      this

    • assumeRole

      @Stability(Experimental) public S3Backend.Builder assumeRole(S3BackendAssumeRoleConfig assumeRole)
      (experimental) Assuming an IAM Role can be configured in two ways.

      The preferred way is to use the argument assume_role, the other, which is deprecated, is with arguments at the top level.

      Parameters:
      assumeRole - Assuming an IAM Role can be configured in two ways. This parameter is required.
      Returns:
      this

    • assumeRolePolicy

      @Stability(Deprecated) @Deprecated public S3Backend.Builder assumeRolePolicy(String assumeRolePolicy)
      Deprecated.
      Use assumeRole.policy instead.
      (deprecated) (Optional) IAM Policy JSON describing further restricting permissions for the IAM Role being assumed.

      Parameters:
      assumeRolePolicy - (Optional) IAM Policy JSON describing further restricting permissions for the IAM Role being assumed. This parameter is required.
      Returns:
      this

    • assumeRolePolicyArns

      @Stability(Deprecated) @Deprecated public S3Backend.Builder assumeRolePolicyArns(List<String> assumeRolePolicyArns)
      Deprecated.
      Use assumeRole.policyArns instead.
      (deprecated) (Optional) Set of Amazon Resource Names (ARNs) of IAM Policies describing further restricting permissions for the IAM Role being assumed.

      Parameters:
      assumeRolePolicyArns - (Optional) Set of Amazon Resource Names (ARNs) of IAM Policies describing further restricting permissions for the IAM Role being assumed. This parameter is required.
      Returns:
      this

    • assumeRoleTags

      @Stability(Deprecated) @Deprecated public S3Backend.Builder assumeRoleTags(Map<String,String> assumeRoleTags)
      Deprecated.
      Use assumeRole.tags instead.
      (deprecated) (Optional) Map of assume role session tags.

      Parameters:
      assumeRoleTags - (Optional) Map of assume role session tags. This parameter is required.
      Returns:
      this

    • assumeRoleTransitiveTagKeys

      @Stability(Deprecated) @Deprecated public S3Backend.Builder assumeRoleTransitiveTagKeys(List<String> assumeRoleTransitiveTagKeys)
      Deprecated.
      Use assumeRole.transitiveTagKeys instead.
      (deprecated) (Optional) Set of assume role session tag keys to pass to any subsequent sessions.

      Parameters:
      assumeRoleTransitiveTagKeys - (Optional) Set of assume role session tag keys to pass to any subsequent sessions. This parameter is required.
      Returns:
      this

    • assumeRoleWithWebIdentity

      @Stability(Experimental) public S3Backend.Builder assumeRoleWithWebIdentity(S3BackendAssumeRoleWithWebIdentityConfig assumeRoleWithWebIdentity)
      (experimental) Assume Role With Web Identity Configuration.

      Parameters:
      assumeRoleWithWebIdentity - Assume Role With Web Identity Configuration. This parameter is required.
      Returns:
      this

    • customCaBundle

      @Stability(Experimental) public S3Backend.Builder customCaBundle(String customCaBundle)
      (experimental) (Optional) File containing custom root and intermediate certificates.

      Can also be set using the AWS_CA_BUNDLE environment variable. Setting ca_bundle in the shared config file is not supported.

      Parameters:
      customCaBundle - (Optional) File containing custom root and intermediate certificates. This parameter is required.
      Returns:
      this

    • dynamodbEndpoint

      @Stability(Deprecated) @Deprecated public S3Backend.Builder dynamodbEndpoint(String dynamodbEndpoint)
      Deprecated.
      Use endpoints.dynamodb instead
      (deprecated) (Optional) Custom endpoint for the AWS DynamoDB API.

      This can also be sourced from the AWS_DYNAMODB_ENDPOINT environment variable.

      Parameters:
      dynamodbEndpoint - (Optional) Custom endpoint for the AWS DynamoDB API. This parameter is required.
      Returns:
      this

    • dynamodbTable

      @Stability(Experimental) public S3Backend.Builder dynamodbTable(String dynamodbTable)
      (experimental) (Optional) Name of DynamoDB Table to use for state locking and consistency.

      The table must have a partition key named LockID with type of String. If not configured, state locking will be disabled.

      Parameters:
      dynamodbTable - (Optional) Name of DynamoDB Table to use for state locking and consistency. This parameter is required.
      Returns:
      this

    • ec2MetadataServiceEndpoint

      @Stability(Experimental) public S3Backend.Builder ec2MetadataServiceEndpoint(String ec2MetadataServiceEndpoint)
      (experimental) Optional) Custom endpoint URL for the EC2 Instance Metadata Service (IMDS) API.

      Can also be set with the AWS_EC2_METADATA_SERVICE_ENDPOINT environment variable.

      Parameters:
      ec2MetadataServiceEndpoint - Optional) Custom endpoint URL for the EC2 Instance Metadata Service (IMDS) API. This parameter is required.
      Returns:
      this

    • ec2MetadataServiceEndpointMode

      @Stability(Experimental) public S3Backend.Builder ec2MetadataServiceEndpointMode(String ec2MetadataServiceEndpointMode)
      (experimental) (Optional) Mode to use in communicating with the metadata service.

      Valid values are IPv4 and IPv6. Can also be set with the AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE environment variable.

      Parameters:
      ec2MetadataServiceEndpointMode - (Optional) Mode to use in communicating with the metadata service. This parameter is required.
      Returns:
      this

    • encrypt

      @Stability(Experimental) public S3Backend.Builder encrypt(Boolean encrypt)
      (experimental) (Optional) Enable server side encryption of the state file.

      Parameters:
      encrypt - (Optional) Enable server side encryption of the state file. This parameter is required.
      Returns:
      this

    • endpoint

      @Stability(Deprecated) @Deprecated public S3Backend.Builder endpoint(String endpoint)
      Deprecated.
      Use endpoints.s3 instead
      (deprecated) (Optional) Custom endpoint for the AWS S3 API.

      This can also be sourced from the AWS_S3_ENDPOINT environment variable.

      Parameters:
      endpoint - (Optional) Custom endpoint for the AWS S3 API. This parameter is required.
      Returns:
      this

    • endpoints

      @Stability(Experimental) public S3Backend.Builder endpoints(S3BackendEndpointConfig endpoints)
      (experimental) (Optional) The endpoint configuration block.

      Parameters:
      endpoints - (Optional) The endpoint configuration block. This parameter is required.
      Returns:
      this

    • externalId

      @Stability(Deprecated) @Deprecated public S3Backend.Builder externalId(String externalId)
      Deprecated.
      Use assume_role.external_id instead.
      (deprecated) (Optional) External identifier to use when assuming the role.

      Parameters:
      externalId - (Optional) External identifier to use when assuming the role. This parameter is required.
      Returns:
      this

    • forbiddenAccountIds

      @Stability(Experimental) public S3Backend.Builder forbiddenAccountIds(String forbiddenAccountIds)
      (experimental) (Optional) List of forbidden AWS account IDs to prevent potential destruction of a live environment.

      Conflicts with allowed_account_ids.

      Parameters:
      forbiddenAccountIds - (Optional) List of forbidden AWS account IDs to prevent potential destruction of a live environment. This parameter is required.
      Returns:
      this

    • forcePathStyle

      @Stability(Deprecated) @Deprecated public S3Backend.Builder forcePathStyle(Boolean forcePathStyle)
      Deprecated.
      Use usePathStyle instead
      (deprecated) (Optional) Enable path-style S3 URLs (https:/// instead of https://.).

      Parameters:
      forcePathStyle - (Optional) Enable path-style S3 URLs (https:/// instead of https://.). This parameter is required.
      Returns:
      this

    • httpProxy

      @Stability(Experimental) public S3Backend.Builder httpProxy(String httpProxy)
      (experimental) (Optional) URL of a proxy to use for HTTP requests when accessing the AWS API.

      Can also be set using the HTTP_PROXY or http_proxy environment variables.

      Parameters:
      httpProxy - (Optional) URL of a proxy to use for HTTP requests when accessing the AWS API. This parameter is required.
      Returns:
      this

    • httpsProxy

      @Stability(Experimental) public S3Backend.Builder httpsProxy(String httpsProxy)
      (experimental) (Optional) URL of a proxy to use for HTTPS requests when accessing the AWS API.

      Can also be set using the HTTPS_PROXY or https_proxy environment variables.

      Parameters:
      httpsProxy - (Optional) URL of a proxy to use for HTTPS requests when accessing the AWS API. This parameter is required.
      Returns:
      this

    • iamEndpoint

      @Stability(Deprecated) @Deprecated public S3Backend.Builder iamEndpoint(String iamEndpoint)
      Deprecated.
      Use endpoints.iam instead
      (deprecated) (Optional) Custom endpoint for the AWS Identity and Access Management (IAM) API.

      This can also be sourced from the AWS_IAM_ENDPOINT environment variable.

      Parameters:
      iamEndpoint - (Optional) Custom endpoint for the AWS Identity and Access Management (IAM) API. This parameter is required.
      Returns:
      this

    • insecure

      @Stability(Experimental) public S3Backend.Builder insecure(Boolean insecure)
      (experimental) Optional) Whether to explicitly allow the backend to perform "insecure" SSL requests.

      If omitted, the default value is false.

      Parameters:
      insecure - Optional) Whether to explicitly allow the backend to perform "insecure" SSL requests. This parameter is required.
      Returns:
      this

    • kmsKeyId

      @Stability(Experimental) public S3Backend.Builder kmsKeyId(String kmsKeyId)
      (experimental) (Optional) Amazon Resource Name (ARN) of a Key Management Service (KMS) Key to use for encrypting the state.

      Note that if this value is specified, Terraform will need kms:Encrypt, kms:Decrypt and kms:GenerateDataKey permissions on this KMS key.

      Parameters:
      kmsKeyId - (Optional) Amazon Resource Name (ARN) of a Key Management Service (KMS) Key to use for encrypting the state. This parameter is required.
      Returns:
      this

    • maxRetries

      @Stability(Experimental) public S3Backend.Builder maxRetries(Number maxRetries)
      (experimental) (Optional) The maximum number of times an AWS API request is retried on retryable failure.

      Defaults to 5.

      Parameters:
      maxRetries - (Optional) The maximum number of times an AWS API request is retried on retryable failure. This parameter is required.
      Returns:
      this

    • noProxy

      @Stability(Experimental) public S3Backend.Builder noProxy(String noProxy)
      (experimental) (Optional) Comma-separated list of hosts that should not use HTTP or HTTPS proxies.

      Each value can be one of:

      • A domain name
      • An IP address
      • A CIDR address
      • An asterisk (*), to indicate that no proxying should be performed Domain name and IP address values can also include a port number. Can also be set using the NO_PROXY or no_proxy environment variables.

      Parameters:
      noProxy - (Optional) Comma-separated list of hosts that should not use HTTP or HTTPS proxies. This parameter is required.
      Returns:
      this

    • profile

      @Stability(Experimental) public S3Backend.Builder profile(String profile)
      (experimental) (Optional) Name of AWS profile in AWS shared credentials file (e.g. ~/.aws/credentials) or AWS shared configuration file (e.g. ~/.aws/config) to use for credentials and/or configuration. This can also be sourced from the AWS_PROFILE environment variable.

      Parameters:
      profile - (Optional) Name of AWS profile in AWS shared credentials file (e.g. ~/.aws/credentials) or AWS shared configuration file (e.g. ~/.aws/config) to use for credentials and/or configuration. This can also be sourced from the AWS_PROFILE environment variable. This parameter is required.
      Returns:
      this

    • region

      @Stability(Experimental) public S3Backend.Builder region(String region)
      (experimental) AWS Region of the S3 Bucket and DynamoDB Table (if used).

      This can also be sourced from the AWS_DEFAULT_REGION and AWS_REGION environment variables.

      Parameters:
      region - AWS Region of the S3 Bucket and DynamoDB Table (if used). This parameter is required.
      Returns:
      this

    • retryMode

      @Stability(Experimental) public S3Backend.Builder retryMode(String retryMode)
      (experimental) (Optional) Specifies how retries are attempted.

      Valid values are standard and adaptive. Can also be configured using the AWS_RETRY_MODE environment variable or the shared config file parameter retry_mode.

      Parameters:
      retryMode - (Optional) Specifies how retries are attempted. This parameter is required.
      Returns:
      this

    • roleArn

      @Stability(Deprecated) @Deprecated public S3Backend.Builder roleArn(String roleArn)
      Deprecated.
      Use assumeRole.roleArn instead.
      (deprecated) (Optional) Amazon Resource Name (ARN) of the IAM Role to assume.

      Parameters:
      roleArn - (Optional) Amazon Resource Name (ARN) of the IAM Role to assume. This parameter is required.
      Returns:
      this

    • secretKey

      @Stability(Experimental) public S3Backend.Builder secretKey(String secretKey)
      (experimental) (Optional) AWS secret access key.

      If configured, must also configure access_key. This can also be sourced from the AWS_SECRET_ACCESS_KEY environment variable, AWS shared credentials file (e.g. ~/.aws/credentials), or AWS shared configuration file (e.g. ~/.aws/config)

      Parameters:
      secretKey - (Optional) AWS secret access key. This parameter is required.
      Returns:
      this

    • sessionName

      @Stability(Deprecated) @Deprecated public S3Backend.Builder sessionName(String sessionName)
      Deprecated.
      Use assumeRole.sessionName instead.
      (deprecated) (Optional) Session name to use when assuming the role.

      Parameters:
      sessionName - (Optional) Session name to use when assuming the role. This parameter is required.
      Returns:
      this

    • sharedConfigFiles

      @Stability(Experimental) public S3Backend.Builder sharedConfigFiles(List<String> sharedConfigFiles)
      (experimental) (Optional) List of paths to AWS shared configuration files.

      Defaults to ~/.aws/config.

      Parameters:
      sharedConfigFiles - (Optional) List of paths to AWS shared configuration files. This parameter is required.
      Returns:
      this

    • sharedCredentialsFile

      @Stability(Experimental) public S3Backend.Builder sharedCredentialsFile(String sharedCredentialsFile)
      (experimental) (Optional) Path to the AWS shared credentials file.

      Defaults to ~/.aws/credentials.

      Parameters:
      sharedCredentialsFile - (Optional) Path to the AWS shared credentials file. This parameter is required.
      Returns:
      this

    • sharedCredentialsFiles

      @Stability(Experimental) public S3Backend.Builder sharedCredentialsFiles(List<String> sharedCredentialsFiles)
      (experimental) (Optional) List of paths to AWS shared credentials files.

      Defaults to ~/.aws/credentials.

      Parameters:
      sharedCredentialsFiles - (Optional) List of paths to AWS shared credentials files. This parameter is required.
      Returns:
      this

    • skipCredentialsValidation

      @Stability(Experimental) public S3Backend.Builder skipCredentialsValidation(Boolean skipCredentialsValidation)
      (experimental) (Optional) Skip credentials validation via the STS API.

      Parameters:
      skipCredentialsValidation - (Optional) Skip credentials validation via the STS API. This parameter is required.
      Returns:
      this

    • skipMetadataApiCheck

      @Stability(Experimental) public S3Backend.Builder skipMetadataApiCheck(Boolean skipMetadataApiCheck)
      (experimental) (Optional) Skip usage of EC2 Metadata API.

      Parameters:
      skipMetadataApiCheck - (Optional) Skip usage of EC2 Metadata API. This parameter is required.
      Returns:
      this

    • skipRegionValidation

      @Stability(Experimental) public S3Backend.Builder skipRegionValidation(Boolean skipRegionValidation)
      (experimental) (Optional) Skip validation of provided region name.

      Parameters:
      skipRegionValidation - (Optional) Skip validation of provided region name. This parameter is required.
      Returns:
      this

    • skipRequestingAccountId

      @Stability(Experimental) public S3Backend.Builder skipRequestingAccountId(Boolean skipRequestingAccountId)
      (experimental) (Optional) Whether to skip requesting the account ID.

      Useful for AWS API implementations that do not have the IAM, STS API, or metadata API.

      Parameters:
      skipRequestingAccountId - (Optional) Whether to skip requesting the account ID. This parameter is required.
      Returns:
      this

    • skipS3Checksum

      @Stability(Experimental) public S3Backend.Builder skipS3Checksum(Boolean skipS3Checksum)
      (experimental) (Optional) Do not include checksum when uploading S3 Objects.

      Useful for some S3-Compatible APIs.

      Parameters:
      skipS3Checksum - (Optional) Do not include checksum when uploading S3 Objects. This parameter is required.
      Returns:
      this

    • sseCustomerKey

      @Stability(Experimental) public S3Backend.Builder sseCustomerKey(String sseCustomerKey)
      (experimental) (Optional) The key to use for encrypting state with Server-Side Encryption with Customer-Provided Keys (SSE-C).

      This is the base64-encoded value of the key, which must decode to 256 bits. This can also be sourced from the AWS_SSE_CUSTOMER_KEY environment variable, which is recommended due to the sensitivity of the value. Setting it inside a terraform file will cause it to be persisted to disk in terraform.tfstate.

      Parameters:
      sseCustomerKey - (Optional) The key to use for encrypting state with Server-Side Encryption with Customer-Provided Keys (SSE-C). This parameter is required.
      Returns:
      this

    • stsEndpoint

      @Stability(Deprecated) @Deprecated public S3Backend.Builder stsEndpoint(String stsEndpoint)
      Deprecated.
      Use endpoints.sts instead
      (deprecated) (Optional) Custom endpoint for the AWS Security Token Service (STS) API.

      This can also be sourced from the AWS_STS_ENDPOINT environment variable.

      Parameters:
      stsEndpoint - (Optional) Custom endpoint for the AWS Security Token Service (STS) API. This parameter is required.
      Returns:
      this

    • stsRegion

      @Stability(Experimental) public S3Backend.Builder stsRegion(String stsRegion)
      (experimental) (Optional) AWS region for STS.

      If unset, AWS will use the same region for STS as other non-STS operations.

      Parameters:
      stsRegion - (Optional) AWS region for STS. This parameter is required.
      Returns:
      this

    • token

      @Stability(Experimental) public S3Backend.Builder token(String token)
      (experimental) (Optional) Multi-Factor Authentication (MFA) token.

      This can also be sourced from the AWS_SESSION_TOKEN environment variable.

      Parameters:
      token - (Optional) Multi-Factor Authentication (MFA) token. This parameter is required.
      Returns:
      this

    • useLegacyWorkflow

      @Stability(Experimental) public S3Backend.Builder useLegacyWorkflow(Boolean useLegacyWorkflow)
      (experimental) (Optional) Use the legacy authentication workflow, preferring environment variables over backend configuration.

      Defaults to true. This behavior does not align with the authentication flow of the AWS CLI or SDK's, and will be removed in the future.

      Parameters:
      useLegacyWorkflow - (Optional) Use the legacy authentication workflow, preferring environment variables over backend configuration. This parameter is required.
      Returns:
      this

    • usePathStyle

      @Stability(Experimental) public S3Backend.Builder usePathStyle(Boolean usePathStyle)
      (experimental) (Optional) Enable path-style S3 URLs (https:/// instead of https://.).

      Parameters:
      usePathStyle - (Optional) Enable path-style S3 URLs (https:/// instead of https://.). This parameter is required.
      Returns:
      this

    • workspaceKeyPrefix

      @Stability(Experimental) public S3Backend.Builder workspaceKeyPrefix(String workspaceKeyPrefix)
      (experimental) (Optional) Prefix applied to the state path inside the bucket.

      This is only relevant when using a non-default workspace. Defaults to env:

      Parameters:
      workspaceKeyPrefix - (Optional) Prefix applied to the state path inside the bucket. This parameter is required.
      Returns:
      this

    • build

      @Stability(Experimental) public S3Backend build()
      Specified by:
      build in interface software.amazon.jsii.Builder<S3Backend>
      Returns:
      a newly built instance of S3Backend.