S3 remote backend without DynamoDB

[stevehipwell]

Terraform Version

n/a

Use Cases

I'd like to be able to use a S3 remote backend without requiring DynamoDB to handle the state locking. This should now be possible given the announcement that S3 now supports conditional writes.

Attempted Solutions

n/a

Proposal

Terraform should support locking the remote state directly on S3 if DynamoDB isn't configured via the if-none-match header.

References

• Deprecate s3 remote backend lock table with new strong consistency #27070

[crw]

Thanks for this feature request! If you are viewing this issue and would like to indicate your interest, please use the 👍 reaction on the issue description to upvote this issue. We also welcome additional use case descriptions. Thanks again!

[bschaatsbergen]

This looks promising. However, we'll need some time to investigate the behavior further.

According to the documentation:

Conditional writes evaluate against existing objects in a bucket. If there is no existing object with the same key name in the bucket, then the write operation succeeds, resulting in a 200 response. If there is an existing object, then the write operation fails, resulting in a 412 Precondition Failed response. For buckets with versioning enabled, S3 checks for the presence of a current object version with the same name as part of the conditional evaluation. If there is no current object version with the same name, or if the current object version is a delete marker, then the write operation succeeds. Otherwise, it results in a failed write operation with a 412 Precondition Failed response.
If multiple conditional writes occur for the same object name, the first write operation to finish will succeed. Amazon S3 will then fail subsequent writes with a 412 Precondition Failed response.

I’ll be looking into the details of conditional writes to ensure they align with the current S3 backend user experience.

[bschaatsbergen]

Prototyping of S3-native state locking: #35661