Terraform supports various backends which are usually responsible for remote state storage and locking. On AWS a S3 bucket and DynamoDB table can be used as a backend. Idealy these resources should be managed through terraform as well, resulting in a chicken or the egg problem. This situation can be resolved by using terraforms local backend and ability to copy existing state to a new backend.

Using this github gist a remote backend on AWS can be created as follows.

  1. Initialize a new terraform working directory. As no remote backend should be configured terraforms local backend is used.

    terraform init
    
  2. Create the resources used by the remote backend. The gist uses the same input variables as used by the backend configuration.

    cat << EOF > backend.hcl
    bucket         = "terraform-state"
    dynamodb_table = "terraform-state-lock"
    encrypt        = true
    region         = "eu-central-1"
    EOF
    terraform apply -var-file backend.hcl
    
  3. Copy the existing local state of the newly created remote backend. This step makes use of partitial configuration, which requires at minium an empty backend configuration.

    cat << EOF > terraform.tf
    terraform {
      backend "s3" {
        key = "backend.tfstate"
      }
    }
    EOF
    terraform init -backend-config backend.hcl -force-copy -reconfigure
    
  4. (Optional) Usage of the remote backend for other resources should be done by using a different state in the same remote backend. On AWS this means choosing a different backend key.