To access the state of your Terraform configurations from a backend, configure the required permissions for each backend type as listed below.
Terraform Cloud
To access the state stored in a backend for Terraform Cloud, you must set up an organization with appropriate workspace permissions as follows:
- Sign in to Terraform Cloud.
- Create a Terraform Cloud account, and an organization that has appropriate permissions to a workspace.
For more information, see Users, Teams, and Organizations in the Terraform Cloud documentation.
- Generate an API token.
For more information, see API Tokens in the Terraform Cloud documentation.
- Copy the API token and save it.
The API token is required to connect to the backend when you add the account to Commander.
Terraform OSS - AWS S3
To access the state stored in a backend for an AWS S3 bucket:
- Sign in to the AWS console.
- Create a bucket.
For more information, see Creating a bucket in the Amazon Simple Storage Service user guide.
- Create an IAM role with a policy that provides access to the S3 bucket with permissions
s3:ListBucketands3:GetObject.For more information, see Writing IAM Policies: How to Grant Access to an Amazon S3 Bucket in the AWS security blog.
Terraform OSS - Azure Blob Storage
To access the state stored in a backend for an Azure Blob Storage account:
- Sign in to the Microsoft Azure portal.
- Create a storage account.
For more information, see Create a storage account in the Azure Blob Storage documentation.
- Create a blob container.
For more information, see Create a container in the Azure Blob Storage documentation.
- Create an Azure role that provides access to the blob container with the Azure Resource Manager Reader role and a data access role, such as Storage Blob Data Contributor.
For more information, see Assign an Azure role for access to blob data in the Azure Blob Storage documentation.