Package com.hashicorp.cdktf

Class S3BackendConfig.Builder

java.lang.Object
com.hashicorp.cdktf.S3BackendConfig.Builder
All Implemented Interfaces:
software.amazon.jsii.Builder<S3BackendConfig>
Enclosing interface:
S3BackendConfig
@Stability(Experimental) public static final class S3BackendConfig.Builder extends Object implements software.amazon.jsii.Builder<S3BackendConfig>
A builder for S3BackendConfig

  • Constructor Details

    • Builder

      public Builder()

  • Method Details

    • bucket

      @Stability(Experimental) public S3BackendConfig.Builder bucket(String bucket)
      Sets the value of S3BackendConfig.getBucket()
      Parameters:
      bucket - Name of the S3 Bucket. This parameter is required.
      Returns:
      this

    • key

      @Stability(Experimental) public S3BackendConfig.Builder key(String key)
      Sets the value of S3BackendConfig.getKey()
      Parameters:
      key - Path to the state file inside the S3 Bucket. This parameter is required. When using a non-default workspace, the state path will be /workspace_key_prefix/workspace_name/key
      Returns:
      this

    • accessKey

      @Stability(Experimental) public S3BackendConfig.Builder accessKey(String accessKey)
      Sets the value of S3BackendConfig.getAccessKey()
      Parameters:
      accessKey - (Optional) AWS access key. If configured, must also configure secret_key. This can also be sourced from the AWS_ACCESS_KEY_ID environment variable, AWS shared credentials file (e.g. ~/.aws/credentials), or AWS shared configuration file (e.g. ~/.aws/config).
      Returns:
      this

    • acl

      @Stability(Experimental) public S3BackendConfig.Builder acl(String acl)
      Sets the value of S3BackendConfig.getAcl()
      Parameters:
      acl - (Optional) Canned ACL to be applied to the state file.
      Returns:
      this

    • allowedAccountIds

      @Stability(Experimental) public S3BackendConfig.Builder allowedAccountIds(List<String> allowedAccountIds)
      Sets the value of S3BackendConfig.getAllowedAccountIds()
      Parameters:
      allowedAccountIds - (Optional) List of allowed AWS account IDs to prevent potential destruction of a live environment. Conflicts with forbidden_account_ids.
      Returns:
      this

    • assumeRole

      @Stability(Experimental) public S3BackendConfig.Builder assumeRole(S3BackendAssumeRoleConfig assumeRole)
      Sets the value of S3BackendConfig.getAssumeRole()
      Parameters:
      assumeRole - Assuming an IAM Role can be configured in two ways. The preferred way is to use the argument assume_role, the other, which is deprecated, is with arguments at the top level.
      Returns:
      this

    • assumeRolePolicy

      @Stability(Deprecated) @Deprecated public S3BackendConfig.Builder assumeRolePolicy(String assumeRolePolicy)
      Deprecated.
      Use assumeRole.policy instead.
      Sets the value of S3BackendConfig.getAssumeRolePolicy()
      Parameters:
      assumeRolePolicy - (Optional) IAM Policy JSON describing further restricting permissions for the IAM Role being assumed.
      Returns:
      this

    • assumeRolePolicyArns

      @Stability(Deprecated) @Deprecated public S3BackendConfig.Builder assumeRolePolicyArns(List<String> assumeRolePolicyArns)
      Deprecated.
      Use assumeRole.policyArns instead.
      Sets the value of S3BackendConfig.getAssumeRolePolicyArns()
      Parameters:
      assumeRolePolicyArns - (Optional) Set of Amazon Resource Names (ARNs) of IAM Policies describing further restricting permissions for the IAM Role being assumed.
      Returns:
      this

    • assumeRoleTags

      @Stability(Deprecated) @Deprecated public S3BackendConfig.Builder assumeRoleTags(Map<String,String> assumeRoleTags)
      Deprecated.
      Use assumeRole.tags instead.
      Sets the value of S3BackendConfig.getAssumeRoleTags()
      Parameters:
      assumeRoleTags - (Optional) Map of assume role session tags.
      Returns:
      this

    • assumeRoleTransitiveTagKeys

      @Stability(Deprecated) @Deprecated public S3BackendConfig.Builder assumeRoleTransitiveTagKeys(List<String> assumeRoleTransitiveTagKeys)
      Deprecated.
      Use assumeRole.transitiveTagKeys instead.
      Sets the value of S3BackendConfig.getAssumeRoleTransitiveTagKeys()
      Parameters:
      assumeRoleTransitiveTagKeys - (Optional) Set of assume role session tag keys to pass to any subsequent sessions.
      Returns:
      this

    • assumeRoleWithWebIdentity

      @Stability(Experimental) public S3BackendConfig.Builder assumeRoleWithWebIdentity(S3BackendAssumeRoleWithWebIdentityConfig assumeRoleWithWebIdentity)
      Sets the value of S3BackendConfig.getAssumeRoleWithWebIdentity()
      Parameters:
      assumeRoleWithWebIdentity - Assume Role With Web Identity Configuration.
      Returns:
      this

    • customCaBundle

      @Stability(Experimental) public S3BackendConfig.Builder customCaBundle(String customCaBundle)
      Sets the value of S3BackendConfig.getCustomCaBundle()
      Parameters:
      customCaBundle - (Optional) File containing custom root and intermediate certificates. Can also be set using the AWS_CA_BUNDLE environment variable. Setting ca_bundle in the shared config file is not supported.
      Returns:
      this

    • dynamodbEndpoint

      @Stability(Deprecated) @Deprecated public S3BackendConfig.Builder dynamodbEndpoint(String dynamodbEndpoint)
      Deprecated.
      Use endpoints.dynamodb instead
      Sets the value of S3BackendConfig.getDynamodbEndpoint()
      Parameters:
      dynamodbEndpoint - (Optional) Custom endpoint for the AWS DynamoDB API. This can also be sourced from the AWS_DYNAMODB_ENDPOINT environment variable.
      Returns:
      this

    • dynamodbTable

      @Stability(Experimental) public S3BackendConfig.Builder dynamodbTable(String dynamodbTable)
      Sets the value of S3BackendConfig.getDynamodbTable()
      Parameters:
      dynamodbTable - (Optional) Name of DynamoDB Table to use for state locking and consistency. The table must have a partition key named LockID with type of String. If not configured, state locking will be disabled.
      Returns:
      this

    • ec2MetadataServiceEndpoint

      @Stability(Experimental) public S3BackendConfig.Builder ec2MetadataServiceEndpoint(String ec2MetadataServiceEndpoint)
      Sets the value of S3BackendConfig.getEc2MetadataServiceEndpoint()
      Parameters:
      ec2MetadataServiceEndpoint - Optional) Custom endpoint URL for the EC2 Instance Metadata Service (IMDS) API. Can also be set with the AWS_EC2_METADATA_SERVICE_ENDPOINT environment variable.
      Returns:
      this

    • ec2MetadataServiceEndpointMode

      @Stability(Experimental) public S3BackendConfig.Builder ec2MetadataServiceEndpointMode(String ec2MetadataServiceEndpointMode)
      Sets the value of S3BackendConfig.getEc2MetadataServiceEndpointMode()
      Parameters:
      ec2MetadataServiceEndpointMode - (Optional) Mode to use in communicating with the metadata service. Valid values are IPv4 and IPv6. Can also be set with the AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE environment variable.
      Returns:
      this

    • encrypt

      @Stability(Experimental) public S3BackendConfig.Builder encrypt(Boolean encrypt)
      Sets the value of S3BackendConfig.getEncrypt()
      Parameters:
      encrypt - (Optional) Enable server side encryption of the state file.
      Returns:
      this

    • endpoint

      @Stability(Deprecated) @Deprecated public S3BackendConfig.Builder endpoint(String endpoint)
      Deprecated.
      Use endpoints.s3 instead
      Sets the value of S3BackendConfig.getEndpoint()
      Parameters:
      endpoint - (Optional) Custom endpoint for the AWS S3 API. This can also be sourced from the AWS_S3_ENDPOINT environment variable.
      Returns:
      this

    • endpoints

      @Stability(Experimental) public S3BackendConfig.Builder endpoints(S3BackendEndpointConfig endpoints)
      Sets the value of S3BackendConfig.getEndpoints()
      Parameters:
      endpoints - (Optional) The endpoint configuration block.
      Returns:
      this

    • externalId

      @Stability(Deprecated) @Deprecated public S3BackendConfig.Builder externalId(String externalId)
      Deprecated.
      Use assume_role.external_id instead.
      Sets the value of S3BackendConfig.getExternalId()
      Parameters:
      externalId - (Optional) External identifier to use when assuming the role.
      Returns:
      this

    • forbiddenAccountIds

      @Stability(Experimental) public S3BackendConfig.Builder forbiddenAccountIds(List<String> forbiddenAccountIds)
      Sets the value of S3BackendConfig.getForbiddenAccountIds()
      Parameters:
      forbiddenAccountIds - (Optional) List of forbidden AWS account IDs to prevent potential destruction of a live environment. Conflicts with allowed_account_ids.
      Returns:
      this

    • forcePathStyle

      @Stability(Deprecated) @Deprecated public S3BackendConfig.Builder forcePathStyle(Boolean forcePathStyle)
      Deprecated.
      Use usePathStyle instead
      Sets the value of S3BackendConfig.getForcePathStyle()
      Parameters:
      forcePathStyle - (Optional) Enable path-style S3 URLs (https:/// instead of https://.).
      Returns:
      this

    • httpProxy

      @Stability(Experimental) public S3BackendConfig.Builder httpProxy(String httpProxy)
      Sets the value of S3BackendConfig.getHttpProxy()
      Parameters:
      httpProxy - (Optional) URL of a proxy to use for HTTP requests when accessing the AWS API. Can also be set using the HTTP_PROXY or http_proxy environment variables.
      Returns:
      this

    • httpsProxy

      @Stability(Experimental) public S3BackendConfig.Builder httpsProxy(String httpsProxy)
      Sets the value of S3BackendConfig.getHttpsProxy()
      Parameters:
      httpsProxy - (Optional) URL of a proxy to use for HTTPS requests when accessing the AWS API. Can also be set using the HTTPS_PROXY or https_proxy environment variables.
      Returns:
      this

    • iamEndpoint

      @Stability(Deprecated) @Deprecated public S3BackendConfig.Builder iamEndpoint(String iamEndpoint)
      Deprecated.
      Use endpoints.iam instead
      Sets the value of S3BackendConfig.getIamEndpoint()
      Parameters:
      iamEndpoint - (Optional) Custom endpoint for the AWS Identity and Access Management (IAM) API. This can also be sourced from the AWS_IAM_ENDPOINT environment variable.
      Returns:
      this

    • insecure

      @Stability(Experimental) public S3BackendConfig.Builder insecure(Boolean insecure)
      Sets the value of S3BackendConfig.getInsecure()
      Parameters:
      insecure - Optional) Whether to explicitly allow the backend to perform "insecure" SSL requests. If omitted, the default value is false.
      Returns:
      this

    • kmsKeyId

      @Stability(Experimental) public S3BackendConfig.Builder kmsKeyId(String kmsKeyId)
      Sets the value of S3BackendConfig.getKmsKeyId()
      Parameters:
      kmsKeyId - (Optional) Amazon Resource Name (ARN) of a Key Management Service (KMS) Key to use for encrypting the state. Note that if this value is specified, Terraform will need kms:Encrypt, kms:Decrypt and kms:GenerateDataKey permissions on this KMS key.
      Returns:
      this

    • maxRetries

      @Stability(Experimental) public S3BackendConfig.Builder maxRetries(Number maxRetries)
      Sets the value of S3BackendConfig.getMaxRetries()
      Parameters:
      maxRetries - (Optional) The maximum number of times an AWS API request is retried on retryable failure. Defaults to 5.
      Returns:
      this

    • noProxy

      @Stability(Experimental) public S3BackendConfig.Builder noProxy(String noProxy)
      Sets the value of S3BackendConfig.getNoProxy()
      Parameters:
      noProxy - (Optional) Comma-separated list of hosts that should not use HTTP or HTTPS proxies. Each value can be one of:

      • A domain name
      • An IP address
      • A CIDR address
      • An asterisk (*), to indicate that no proxying should be performed Domain name and IP address values can also include a port number. Can also be set using the NO_PROXY or no_proxy environment variables.
      Returns:
      this

    • profile

      @Stability(Experimental) public S3BackendConfig.Builder profile(String profile)
      Sets the value of S3BackendConfig.getProfile()
      Parameters:
      profile - (Optional) Name of AWS profile in AWS shared credentials file (e.g. ~/.aws/credentials) or AWS shared configuration file (e.g. ~/.aws/config) to use for credentials and/or configuration. This can also be sourced from the AWS_PROFILE environment variable.
      Returns:
      this

    • region

      @Stability(Experimental) public S3BackendConfig.Builder region(String region)
      Sets the value of S3BackendConfig.getRegion()
      Parameters:
      region - AWS Region of the S3 Bucket and DynamoDB Table (if used). This can also be sourced from the AWS_DEFAULT_REGION and AWS_REGION environment variables.
      Returns:
      this

    • retryMode

      @Stability(Experimental) public S3BackendConfig.Builder retryMode(String retryMode)
      Sets the value of S3BackendConfig.getRetryMode()
      Parameters:
      retryMode - (Optional) Specifies how retries are attempted. Valid values are standard and adaptive. Can also be configured using the AWS_RETRY_MODE environment variable or the shared config file parameter retry_mode.
      Returns:
      this

    • roleArn

      @Stability(Deprecated) @Deprecated public S3BackendConfig.Builder roleArn(String roleArn)
      Deprecated.
      Use assumeRole.roleArn instead.
      Sets the value of S3BackendConfig.getRoleArn()
      Parameters:
      roleArn - (Optional) Amazon Resource Name (ARN) of the IAM Role to assume.
      Returns:
      this

    • secretKey

      @Stability(Experimental) public S3BackendConfig.Builder secretKey(String secretKey)
      Sets the value of S3BackendConfig.getSecretKey()
      Parameters:
      secretKey - (Optional) AWS secret access key. If configured, must also configure access_key. This can also be sourced from the AWS_SECRET_ACCESS_KEY environment variable, AWS shared credentials file (e.g. ~/.aws/credentials), or AWS shared configuration file (e.g. ~/.aws/config)
      Returns:
      this

    • sessionName

      @Stability(Deprecated) @Deprecated public S3BackendConfig.Builder sessionName(String sessionName)
      Deprecated.
      Use assumeRole.sessionName instead.
      Sets the value of S3BackendConfig.getSessionName()
      Parameters:
      sessionName - (Optional) Session name to use when assuming the role.
      Returns:
      this

    • sharedConfigFiles

      @Stability(Experimental) public S3BackendConfig.Builder sharedConfigFiles(List<String> sharedConfigFiles)
      Sets the value of S3BackendConfig.getSharedConfigFiles()
      Parameters:
      sharedConfigFiles - (Optional) List of paths to AWS shared configuration files. Defaults to ~/.aws/config.
      Returns:
      this

    • sharedCredentialsFile

      @Stability(Experimental) public S3BackendConfig.Builder sharedCredentialsFile(String sharedCredentialsFile)
      Sets the value of S3BackendConfig.getSharedCredentialsFile()
      Parameters:
      sharedCredentialsFile - (Optional) Path to the AWS shared credentials file. Defaults to ~/.aws/credentials.
      Returns:
      this

    • sharedCredentialsFiles

      @Stability(Experimental) public S3BackendConfig.Builder sharedCredentialsFiles(List<String> sharedCredentialsFiles)
      Sets the value of S3BackendConfig.getSharedCredentialsFiles()
      Parameters:
      sharedCredentialsFiles - (Optional) List of paths to AWS shared credentials files. Defaults to ~/.aws/credentials.
      Returns:
      this

    • skipCredentialsValidation

      @Stability(Experimental) public S3BackendConfig.Builder skipCredentialsValidation(Boolean skipCredentialsValidation)
      Sets the value of S3BackendConfig.getSkipCredentialsValidation()
      Parameters:
      skipCredentialsValidation - (Optional) Skip credentials validation via the STS API.
      Returns:
      this

    • skipMetadataApiCheck

      @Stability(Experimental) public S3BackendConfig.Builder skipMetadataApiCheck(Boolean skipMetadataApiCheck)
      Sets the value of S3BackendConfig.getSkipMetadataApiCheck()
      Parameters:
      skipMetadataApiCheck - (Optional) Skip usage of EC2 Metadata API.
      Returns:
      this

    • skipRegionValidation

      @Stability(Experimental) public S3BackendConfig.Builder skipRegionValidation(Boolean skipRegionValidation)
      Sets the value of S3BackendConfig.getSkipRegionValidation()
      Parameters:
      skipRegionValidation - (Optional) Skip validation of provided region name.
      Returns:
      this

    • skipRequestingAccountId

      @Stability(Experimental) public S3BackendConfig.Builder skipRequestingAccountId(Boolean skipRequestingAccountId)
      Sets the value of S3BackendConfig.getSkipRequestingAccountId()
      Parameters:
      skipRequestingAccountId - (Optional) Whether to skip requesting the account ID. Useful for AWS API implementations that do not have the IAM, STS API, or metadata API.
      Returns:
      this

    • skipS3Checksum

      @Stability(Experimental) public S3BackendConfig.Builder skipS3Checksum(Boolean skipS3Checksum)
      Sets the value of S3BackendConfig.getSkipS3Checksum()
      Parameters:
      skipS3Checksum - (Optional) Do not include checksum when uploading S3 Objects. Useful for some S3-Compatible APIs.
      Returns:
      this

    • sseCustomerKey

      @Stability(Experimental) public S3BackendConfig.Builder sseCustomerKey(String sseCustomerKey)
      Sets the value of S3BackendConfig.getSseCustomerKey()
      Parameters:
      sseCustomerKey - (Optional) The key to use for encrypting state with Server-Side Encryption with Customer-Provided Keys (SSE-C). This is the base64-encoded value of the key, which must decode to 256 bits. This can also be sourced from the AWS_SSE_CUSTOMER_KEY environment variable, which is recommended due to the sensitivity of the value. Setting it inside a terraform file will cause it to be persisted to disk in terraform.tfstate.
      Returns:
      this

    • stsEndpoint

      @Stability(Deprecated) @Deprecated public S3BackendConfig.Builder stsEndpoint(String stsEndpoint)
      Deprecated.
      Use endpoints.sts instead
      Sets the value of S3BackendConfig.getStsEndpoint()
      Parameters:
      stsEndpoint - (Optional) Custom endpoint for the AWS Security Token Service (STS) API. This can also be sourced from the AWS_STS_ENDPOINT environment variable.
      Returns:
      this

    • stsRegion

      @Stability(Experimental) public S3BackendConfig.Builder stsRegion(String stsRegion)
      Sets the value of S3BackendConfig.getStsRegion()
      Parameters:
      stsRegion - (Optional) AWS region for STS. If unset, AWS will use the same region for STS as other non-STS operations.
      Returns:
      this

    • token

      @Stability(Experimental) public S3BackendConfig.Builder token(String token)
      Sets the value of S3BackendConfig.getToken()
      Parameters:
      token - (Optional) Multi-Factor Authentication (MFA) token. This can also be sourced from the AWS_SESSION_TOKEN environment variable.
      Returns:
      this

    • useLegacyWorkflow

      @Stability(Experimental) public S3BackendConfig.Builder useLegacyWorkflow(Boolean useLegacyWorkflow)
      Sets the value of S3BackendConfig.getUseLegacyWorkflow()
      Parameters:
      useLegacyWorkflow - (Optional) Use the legacy authentication workflow, preferring environment variables over backend configuration. Defaults to true. This behavior does not align with the authentication flow of the AWS CLI or SDK's, and will be removed in the future.
      Returns:
      this

    • usePathStyle

      @Stability(Experimental) public S3BackendConfig.Builder usePathStyle(Boolean usePathStyle)
      Sets the value of S3BackendConfig.getUsePathStyle()
      Parameters:
      usePathStyle - (Optional) Enable path-style S3 URLs (https:/// instead of https://.).
      Returns:
      this

    • workspaceKeyPrefix

      @Stability(Experimental) public S3BackendConfig.Builder workspaceKeyPrefix(String workspaceKeyPrefix)
      Sets the value of S3BackendConfig.getWorkspaceKeyPrefix()
      Parameters:
      workspaceKeyPrefix - (Optional) Prefix applied to the state path inside the bucket. This is only relevant when using a non-default workspace. Defaults to env:
      Returns:
      this

    • build

      @Stability(Experimental) public S3BackendConfig build()
      Builds the configured instance.
      Specified by:
      build in interface software.amazon.jsii.Builder<S3BackendConfig>
      Returns:
      a new instance of S3BackendConfig
      Throws:
      NullPointerException - if any required attribute was not provided