init, working s3 backend
This commit is contained in:
parent
9e3bb97f3e
commit
949356cf4c
|
@ -0,0 +1,57 @@
|
|||
# Thanks to https://blog.gruntwork.io/how-to-manage-terraform-state-28f5697e68fa
|
||||
|
||||
resource "aws_s3_bucket" "terraform_state" {
|
||||
bucket = "omnicognate-terraform-state"
|
||||
|
||||
# Prevent accidental deletion of this S3 bucket
|
||||
lifecycle {
|
||||
prevent_destroy = true
|
||||
}
|
||||
tags = merge(
|
||||
{ Name = "${var.resource_name_prefix}-aws_s3_bucket" },
|
||||
var.common_tags,
|
||||
)
|
||||
}
|
||||
|
||||
resource "aws_s3_bucket_versioning" "enabled" {
|
||||
bucket = aws_s3_bucket.terraform_state.id
|
||||
versioning_configuration {
|
||||
status = "Enabled"
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
resource "aws_s3_bucket_server_side_encryption_configuration" "default" {
|
||||
bucket = aws_s3_bucket.terraform_state.id
|
||||
|
||||
rule {
|
||||
apply_server_side_encryption_by_default {
|
||||
sse_algorithm = "AES256"
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
resource "aws_s3_bucket_public_access_block" "public_access" {
|
||||
bucket = aws_s3_bucket.terraform_state.id
|
||||
block_public_acls = true
|
||||
block_public_policy = true
|
||||
ignore_public_acls = true
|
||||
restrict_public_buckets = true
|
||||
|
||||
}
|
||||
|
||||
resource "aws_dynamodb_table" "terraform_locks" {
|
||||
name = "omnicognate-terraform-locks"
|
||||
billing_mode = "PAY_PER_REQUEST"
|
||||
hash_key = "LockID"
|
||||
|
||||
attribute {
|
||||
name = "LockID"
|
||||
type = "S"
|
||||
}
|
||||
tags = merge(
|
||||
{ Name = "${var.resource_name_prefix}-aws_dynamodb_table" },
|
||||
var.common_tags,
|
||||
)
|
||||
}
|
|
@ -0,0 +1,9 @@
|
|||
output "s3_bucket_arn" {
|
||||
value = aws_s3_bucket.terraform_state.arn
|
||||
description = "The ARN of the S3 bucket"
|
||||
}
|
||||
|
||||
output "dynamodb_table_name" {
|
||||
value = aws_dynamodb_table.terraform_locks.name
|
||||
description = "The name of the DynamoDB table"
|
||||
}
|
|
@ -0,0 +1,24 @@
|
|||
terraform {
|
||||
backend "s3" {
|
||||
bucket = "omnicognate-terraform-state"
|
||||
key = "global/s3/terraform.tfstate"
|
||||
region = "eu-north-1"
|
||||
dynamodb_table = "omnicognate-terraform-locks"
|
||||
encrypt = true
|
||||
}
|
||||
required_version = ">= 1.0.0"
|
||||
required_providers {
|
||||
aws = {
|
||||
source = "hashicorp/aws"
|
||||
version = ">= 4.0.0"
|
||||
}
|
||||
}
|
||||
}
|
||||
provider "aws" {
|
||||
region = var.aws_region
|
||||
# using aws-vault to assume a role
|
||||
assume_role {
|
||||
duration = "1h"
|
||||
role_arn = var.role_arn
|
||||
}
|
||||
}
|
|
@ -0,0 +1,5 @@
|
|||
# === user vars ===
|
||||
role_arn = ""
|
||||
|
||||
# === required core vars ===
|
||||
aws_region = "eu-north-1"
|
|
@ -0,0 +1,26 @@
|
|||
# === General ===
|
||||
|
||||
variable "resource_name_prefix" {
|
||||
type = string
|
||||
description = "Resource name prefix used for tagging and naming AWS resources"
|
||||
default = "tf-state"
|
||||
}
|
||||
|
||||
variable "aws_region" {
|
||||
type = string
|
||||
description = "AWS region where Vault will be deployed"
|
||||
default = "eu-north-1"
|
||||
}
|
||||
|
||||
variable "role_arn" {
|
||||
type = string
|
||||
description = "The assumed role to use for this project."
|
||||
}
|
||||
|
||||
variable "common_tags" {
|
||||
type = map(string)
|
||||
description = "(Optional) Map of common tags for all taggable AWS resources."
|
||||
default = {
|
||||
"project" = "tf-state-on-s3"
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue