S3

IAM Policy

Grant the agent read-only access to the S3 bucket containing your Terraform state file:

s3:GetObject
s3:GetObjectVersion
s3:ListBucket

Alternatively, attach the AWS canned policy AmazonS3ReadOnlyAccess.

Example Policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": ["s3:GetObject", "s3:GetObjectVersion", "s3:ListBucket"],
            "Resource": "<arn_of_s3_bucket_with_state_files>"
        }
    ]
}

Configure S3 state backend in .resourcely.yaml

The following block will configure an S3 state backend:

# Required
version: "2"

# Array of Terraform config roots that Resourcely should care about
terraform_config_roots:
  -
    name: basic
    default_file: main.tf
    path: .
    skip: false
    campaign_config:
      state_file_config:
        s3:
          path: s3://campaigns-terraform-state/terraform.tfstate

PreviousState File Support NextHCP Terraform

Last updated 14 days ago