The AWS provider implements support for Amazon Web Services cloud provider.


The AWS provider is implemented as a plugin. To use it add the plugin to your init file. It uses the format @plugin: gyro:gyro-aws-provider:<version>.

@repository: ''
@plugin: 'gyro:gyro-aws-provider:1.4.0'

This lets Gyro load the AWS provider plugin and lets you start managing AWS resources using Gyro.


This provider expects credentials to be provided using the same mechanism that the AWS CLI uses.

First, define your credentials in $HOME/.aws/credentials under a profile name of your choosing:

aws_secret_access_key = <access_key>
aws_access_key_id = <access_key_id>

Then define these credentials in .gyro/init.gyro in your Gyro project along with the region you want to use these credentials in.

@credentials 'aws::credentials'
    profile-name: 'my-project'
    region: 'us-east-1'

To use more than one region, provide a name for your credentials. When a name is not provided then the credentials because the default.

@credentials 'aws::credentials' us-east-2
    profile-name: 'my-project'
    region: 'us-east-2'

To use a non-default set of credentials you must explicitly use them in your resource definitions:

aws::instance web-server
    instance-type: 't2.micro'

    @uses-credentials: 'us-east-2'

State Locking

This provider uses DynamoDb for state locking. In order to use DynamoDb for locking, you must create a table with a primary key titled LockKey. Then define the lock backend in .gyro/init.gyro with its table-name in your Gyro project:

@lock-backend 'aws::dynamo-db'
    table-name: 'gyro-lock-table'

If you want to use this same DynamoDb table for multiple Gyro projects, specify the optional lock-key field. This field must have a unique value per project as it is the ID that is used to ensure only one lock per project exists at a time.

@lock-backend 'aws::dynamo-db'
    table-name: 'gyro-lock-table'
    lock-key: 'GyroProject1Key'

You may also specify a credentials field if you would like to use named credentials other than the default credentials:

@lock-backend 'aws::dynamo-db'
    table-name: 'gyro-lock-table'
    credentials: 'us-east-2'

Remote State Storage

This provider uses S3 for remote state storage. In order to use S3 for remote state storage, either use an existing bucket or create a new one. Next, add the state backend to your .gyro/init.gyro with its table-name, and optional prefix (we recommend using .gyro/state as your prefix):

@state-backend 'aws::s3'
    bucket: 'gyro-state-bucket'
    prefix: '.gyro/state'