Complete the code to define a DynamoDB table for Terraform state locking.
resource "aws_dynamodb_table" "terraform_locks" { name = "terraform-locks" billing_mode = "[1]" hash_key = "LockID" attribute { name = "LockID" type = "S" } }
The billing_mode must be set to PAY_PER_REQUEST for on-demand capacity, which is recommended for Terraform state locking tables.
Complete the backend configuration to enable DynamoDB state locking in Terraform.
terraform {
backend "s3" {
bucket = "my-terraform-state"
key = "global/s3/terraform.tfstate"
region = "us-west-2"
dynamodb_table = "[1]"
}
}
The dynamodb_table must match the name of the DynamoDB table created for state locking, which is terraform-locks in this example.
Fix the error in the DynamoDB table resource by completing the missing attribute type.
resource "aws_dynamodb_table" "terraform_locks" { name = "terraform-locks" billing_mode = "PAY_PER_REQUEST" hash_key = "LockID" attribute { name = "LockID" type = "[1]" } }
The attribute type for the hash key LockID must be S for string, as required by Terraform state locking.
Fill both blanks to configure the S3 backend with encryption and DynamoDB state locking.
terraform {
backend "s3" {
bucket = "my-terraform-state"
key = "global/s3/terraform.tfstate"
region = "us-east-1"
encrypt = [1]
dynamodb_table = "[2]"
}
}
Encryption should be enabled by setting encrypt = true. The DynamoDB table name must match the locking table, here terraform-locks.
Fill all three blanks to define a DynamoDB table with a TTL attribute for automatic lock expiration.
resource "aws_dynamodb_table" "terraform_locks" { name = "terraform-locks" billing_mode = "PAY_PER_REQUEST" hash_key = "LockID" attribute { name = "LockID" type = "[1]" } ttl { attribute_name = "[2]" enabled = [3] } }
The hash key type is S for string. The TTL attribute is named ExpirationTime and TTL must be enabled by setting true.