amazon web services - How to use multiple AWS account to isolate terraform state between environment

Question

How can I do to use s3 backend that points to a different AWS account?

In other words, I would like to have something like that:

Dev environment state on an S3 bucket in AWS account A

Stage environment state on another S3 bucket on AWS account B

Anyone can help me, please?

Answer 1

There are a few solutions to it:

1. provide aws profile name at the command line while running terraform init and injec terraform backend variables during runtime:

        AWS_PROFILE=aws-dev terraform init -backend-config="bucket=825df6bc4eef-state" 
                -backend-config="dynamodb_table=825df6bc4eef-state-lock" 
                -backend-config="key=terraform-multi-account/terraform.tfstate"
   

or wrap this command in a Makefile as it is pretty long and forgettable.

2. Keep separate directories and provide the roles or your credentials or profile name even using shared-credentials

    provider "aws" {
    region                  = "us-west-2"
    shared_credentials_file = "/Users/tf_user/.aws/creds"
    profile                 = "customprofile"
    }
   

3. Terraform Workspaces

4. terragrunt