If Terraform Cloud is not a suitable solution for your first-level bootstrapping configuration (which would ideally only contain the infrastructure needed to support other separate Terraform configurations), there is a multi-step bootstrapping process you can follow to store the state of your first-level configuration inside the infrastructure it manages:
- Write the configuration with no
backend block at all, but including the infrastructure required for whatever backend you eventually intend to use. For example, if you intend to use the
s3 backend then you’ll have at least an
aws_s3_bucket resource and probably also an
aws_dynamodb_table resource, and also probably some IAM policy resources.
terraform apply to create the described infrastructure and write its state into the local file
- Now add the
backend block for your chosen backend to the configuration and re-run
terraform init. Terraform will offer to migrate the existing state snapshot into the new backend. Tell it to do so, and then the state will be stored in the remote backend.
- After this, use Terraform normally.
This bootstrapping workflow assumes that the infrastructure you use for the chosen backend will be managed in a separate configuration containing only that, and that you intend to provision it once and leave it provisioned forever. If you do end up needing to reprovision the storage container where the state snapshots are kept, you’ll need to do a similar multi-step process to ensure that Terraform is able to access the state at all steps.
Once your backend infrastructure is provisioned, you can then write other Terraform configurations as normal and immediately configure them to use that backend infrastructure, so the extra manual steps only apply to the special configuration that manages the backend infrastructure itself.