Add ESC terraform-state provider docs (#16419)

nyobe · web-flow · commit ee2e1ab4ec6d · 2025-10-31T17:54:53.000Z
* create terraform integrations folder
* add esc terraform-state provider docs
diff --git a/content/docs/esc/integrations/infrastructure/terraform/_index.md b/content/docs/esc/integrations/infrastructure/terraform/_index.md
@@ -5,6 +5,7 @@ h1: "Pulumi ESC: Integrate with Terraform"
 meta_desc: This page provides an overview on how to use Pulumi ESC with Terraform.
 menu:
   esc:
+    identifier: esc-terraform-integrations
     parent: esc-inf-tools-integrations
     weight: 3
 aliases:
diff --git a/content/docs/esc/integrations/infrastructure/terraform/terraform-state.md b/content/docs/esc/integrations/infrastructure/terraform/terraform-state.md
@@ -0,0 +1,93 @@
+---
+title_tag: terraform-state Pulumi ESC Provider
+meta_desc: The terraform-state provider enables you to read outputs from Terraform state files stored in S3 or Terraform Cloud.
+title: terraform-state
+h1: terraform-state
+menu:
+  esc:
+    identifier: terraform-state
+    parent: esc-terraform-integrations
+    weight: 1
+aliases:
+  - /docs/pulumi-cloud/esc/providers/terraform-state/
+  - /docs/esc/providers/terraform-state/
+---
+
+The `terraform-state` provider enables you to read outputs from Terraform state files stored in S3 or Terraform Cloud.
+
+## Example
+
+### S3 backend
+
+```yaml
+values:
+  terraform:
+    fn::open::terraform-state:
+      backend:
+        s3:
+          login:
+            fn::open::aws-login:
+              oidc:
+                roleArn: arn:aws:iam::123456789012:role/esc-oidc
+                sessionName: pulumi-environments-session
+          bucket: my-terraform-state-bucket
+          key: path/to/terraform.tfstate
+          region: us-west-2
+  pulumiConfig:
+    vpcId: ${terraform.outputs.vpc_id}
+    subnetIds: ${terraform.outputs.subnet_ids}
+```
+
+### Terraform Cloud backend
+
+```yaml
+values:
+  terraform:
+    fn::open::terraform-state:
+      backend:
+        remote:
+          organization: my-terraform-org
+          workspace: my-workspace
+          token:
+            fn::secret: tfc-token-value
+  pulumiConfig:
+    vpcId: ${terraform.outputs.vpc_id}
+    subnetIds: ${terraform.outputs.subnet_ids}
+```
+
+## Inputs
+
+| Property  | Type                | Description                                                   |
+|-----------|---------------------|---------------------------------------------------------------|
+| `backend` | [Backend](#backend) | Configuration for the Terraform state backend (S3 or remote). |
+
+### Backend
+
+The `backend` property must contain exactly one of the following:
+
+- An [S3 backend configuration](#s3), or
+- a [remote](#remote) backend configuration.
+
+#### S3
+
+| Property | Type                                                                     | Description                                      |
+|----------|--------------------------------------------------------------------------|--------------------------------------------------|
+| `login`  | [aws-login](/docs/esc/integrations/dynamic-login-credentials/aws-login/) | The credentials to use to access the state file. |
+| `bucket` | string                                                                   | The S3 bucket name containing the state file.    |
+| `key`    | string                                                                   | The S3 object key for the state file.            |
+| `region` | string                                                                   | The AWS region where the bucket is located.      |
+
+#### Remote
+
+| Property       | Type   | Description                                                                             |
+|----------------|--------|-----------------------------------------------------------------------------------------|
+| `hostname`     | string | [Optional] - The remote backend hostname to connect to. Defaults to `app.terraform.io`. |
+| `organization` | string | The name of the organization containing the targeted workspace.                         |
+| `workspace`    | string | The name of the remote workspace.                                                       |
+| `token`        | string | The token used to authenticate with the remote backend.                                 |
+
+## Outputs
+
+| Property  | Type   | Description                                                                                                          |
+|-----------|--------|----------------------------------------------------------------------------------------------------------------------|
+| `outputs` | object | A map of all outputs from the Terraform state. Any output marked as sensitive in the terraform state will be secret. |
diff --git a/static/programs/aws-import-iac-iam-role-go/go.mod b/static/programs/aws-import-iac-iam-role-go/go.mod
@@ -1,10 +1,10 @@
 module aws-import-iac-iam-role-go
 
-go 1.21
+go 1.23.0
 
-toolchain go1.21.0
+toolchain go1.24.1
 
 require (
 	github.com/pulumi/pulumi-aws/sdk/v7 v7.0.0
-	github.com/pulumi/pulumi/sdk/v3 v3.0.0
+	github.com/pulumi/pulumi/sdk/v3 v3.175.0
 )
diff --git a/static/programs/awsx-apigateway-custom-domain-go/go.mod b/static/programs/awsx-apigateway-custom-domain-go/go.mod
@@ -1,9 +1,11 @@
 module awsx-apigateway-auth-cognito-go
 
-go 1.21.12
+go 1.23.0
+
+toolchain go1.24.1
 
 require (
 	github.com/pulumi/pulumi-aws-apigateway/sdk/v3 v3.0.0
 	github.com/pulumi/pulumi-aws/sdk/v7 v7.0.0
-	github.com/pulumi/pulumi/sdk/v3 v3.0.0
+	github.com/pulumi/pulumi/sdk/v3 v3.175.0
 )
diff --git a/static/programs/awsx-apigateway-http-proxy-go/go.mod b/static/programs/awsx-apigateway-http-proxy-go/go.mod
@@ -1,8 +1,10 @@
 module awsx-apigateway-http-proxy-go
 
-go 1.21.12
+go 1.23.0
+
+toolchain go1.24.1
 
 require (
 	github.com/pulumi/pulumi-aws-apigateway/sdk/v3 v3.0.0
-	github.com/pulumi/pulumi/sdk/v3 v3.126.0
+	github.com/pulumi/pulumi/sdk/v3 v3.175.0
 )
diff --git a/static/programs/awsx-apigateway-openapi-full-go/go.mod b/static/programs/awsx-apigateway-openapi-full-go/go.mod
@@ -1,8 +1,10 @@
 module awsx-apigateway-openapi-full-go
 
-go 1.21.12
+go 1.23.0
+
+toolchain go1.24.1
 
 require (
 	github.com/pulumi/pulumi-aws-apigateway/sdk/v3 v3.0.0
-	github.com/pulumi/pulumi/sdk/v3 v3.126.0
+	github.com/pulumi/pulumi/sdk/v3 v3.175.0
 )
diff --git a/static/programs/awsx-apigateway-openapi-route-go/go.mod b/static/programs/awsx-apigateway-openapi-route-go/go.mod
@@ -1,8 +1,10 @@
 module awsx-apigateway-openapi-route-go
 
-go 1.21.12
+go 1.23.0
+
+toolchain go1.24.1
 
 require (
 	github.com/pulumi/pulumi-aws-apigateway/sdk/v3 v3.0.0
-	github.com/pulumi/pulumi/sdk/v3 v3.126.0
+	github.com/pulumi/pulumi/sdk/v3 v3.175.0
 )
diff --git a/static/programs/awsx-apigateway-s3-go/go.mod b/static/programs/awsx-apigateway-s3-go/go.mod
@@ -1,8 +1,10 @@
 module awsx-apigateway-s3-go
 
-go 1.21.12
+go 1.23.0
+
+toolchain go1.24.1
 
 require (
 	github.com/pulumi/pulumi-aws-apigateway/sdk/v3 v3.0.0
-	github.com/pulumi/pulumi/sdk/v3 v3.126.0
+	github.com/pulumi/pulumi/sdk/v3 v3.175.0
 )
diff --git a/static/programs/awsx-apigateway-validation-types-go/go.mod b/static/programs/awsx-apigateway-validation-types-go/go.mod
@@ -1,8 +1,10 @@
 module awsx-apigateway-validation-types-go
 
-go 1.21.12
+go 1.23.0
+
+toolchain go1.24.1
 
 require (
 	github.com/pulumi/pulumi-aws-apigateway/sdk/v3 v3.0.0
-	github.com/pulumi/pulumi/sdk/v3 v3.126.0
+	github.com/pulumi/pulumi/sdk/v3 v3.175.0
 )
