From 356615a298f01c6faa4ff76af272eb0dd9b01114 Mon Sep 17 00:00:00 2001
From: Gary Crye <garygsc@gmail.com>
Date: Wed, 19 Jul 2023 14:56:48 -0600
Subject: [PATCH] Make `terraform init` prompt for bucket name instead of
 defaulting to local backend

This makes it harder to do the wrong thing. With this change, we avoid
a potential footgun when developers use `terraform init` instead of
`terraform init -backend-config=dev.s3.tfbackend`.

This isn't a functional change because we were already using encryption
on everything in our state buckets.
---
 terraform-iac/app/main.tf    | 3 ++-
 terraform-iac/setup/setup.tf | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/terraform-iac/app/main.tf b/terraform-iac/app/main.tf
index ca6e8b0f..6e65dfa9 100644
--- a/terraform-iac/app/main.tf
+++ b/terraform-iac/app/main.tf
@@ -3,7 +3,8 @@ terraform {
   backend "s3" {
     # The rest of the backend config is passed in
     # https://developer.hashicorp.com/terraform/language/settings/backends/configuration#partial-configuration
-    region = "us-west-2"
+    encrypt = true
+    region  = "us-west-2"
   }
   required_providers {
     aws = {
diff --git a/terraform-iac/setup/setup.tf b/terraform-iac/setup/setup.tf
index 125b9136..75b18fd4 100644
--- a/terraform-iac/setup/setup.tf
+++ b/terraform-iac/setup/setup.tf
@@ -3,7 +3,8 @@ terraform {
   backend "s3" {
     # The rest of the backend config is passed in
     # https://developer.hashicorp.com/terraform/language/settings/backends/configuration#partial-configuration
-    region = "us-west-2"
+    encrypt = true
+    region  = "us-west-2"
   }
   required_providers {
     aws = {