DynamoDB table fix for Terraform locks
This commit is contained in:
parent
1915f7cfb5
commit
9da183258d
|
@ -3,7 +3,7 @@
|
|||
|
||||
provider "registry.terraform.io/hashicorp/aws" {
|
||||
version = "5.39.0"
|
||||
constraints = ">= 4.0.0"
|
||||
constraints = ">= 5.0.0"
|
||||
hashes = [
|
||||
"h1:isoOv/JipnnPD3j8Df6XwGU1i4egjlygrgBv0RfsZ7g=",
|
||||
"zh:01e405306470ed784bc9d38dbaeff394bd2c0f7d58e5592c5d0165c87d84e4b0",
|
||||
|
|
32
main.tf
32
main.tf
|
@ -14,15 +14,16 @@ resource "aws_s3_bucket" "terraform_state" {
|
|||
}
|
||||
|
||||
resource "aws_s3_bucket_versioning" "enabled" {
|
||||
bucket = aws_s3_bucket.terraform_state.id
|
||||
bucket = aws_s3_bucket.terraform_state.bucket
|
||||
versioning_configuration {
|
||||
status = "Enabled"
|
||||
mfa_delete = "Disabled"
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
resource "aws_s3_bucket_server_side_encryption_configuration" "default" {
|
||||
bucket = aws_s3_bucket.terraform_state.id
|
||||
bucket = aws_s3_bucket.terraform_state.bucket
|
||||
|
||||
rule {
|
||||
apply_server_side_encryption_by_default {
|
||||
|
@ -33,7 +34,7 @@ resource "aws_s3_bucket_server_side_encryption_configuration" "default" {
|
|||
}
|
||||
|
||||
resource "aws_s3_bucket_public_access_block" "public_access" {
|
||||
bucket = aws_s3_bucket.terraform_state.id
|
||||
bucket = aws_s3_bucket.terraform_state.bucket
|
||||
block_public_acls = true
|
||||
block_public_policy = true
|
||||
ignore_public_acls = true
|
||||
|
@ -41,15 +42,40 @@ resource "aws_s3_bucket_public_access_block" "public_access" {
|
|||
|
||||
}
|
||||
|
||||
# DynamoBD CMK
|
||||
resource "aws_kms_key" "dynamodb" {
|
||||
description = "DynamoDB Table Server side encryption"
|
||||
enable_key_rotation = true
|
||||
key_usage = "ENCRYPT_DECRYPT"
|
||||
|
||||
}
|
||||
|
||||
resource "aws_kms_alias" "dynamodb" {
|
||||
name = format("alias/%s-dynamodb-CMK", var.resource_name_prefix,)
|
||||
target_key_id = aws_kms_key.dynamodb.key_id
|
||||
}
|
||||
|
||||
|
||||
resource "aws_dynamodb_table" "terraform_locks" {
|
||||
name = "omnicognate-terraform-locks"
|
||||
billing_mode = "PAY_PER_REQUEST"
|
||||
hash_key = "LockID"
|
||||
depends_on = [ aws_s3_bucket_versioning.enabled ]
|
||||
|
||||
attribute {
|
||||
name = "LockID"
|
||||
type = "S"
|
||||
}
|
||||
server_side_encryption {
|
||||
enabled = true
|
||||
kms_key_arn = aws_kms_key.dynamodb.arn
|
||||
}
|
||||
point_in_time_recovery {
|
||||
enabled = true
|
||||
}
|
||||
lifecycle {
|
||||
prevent_destroy = true
|
||||
}
|
||||
tags = merge(
|
||||
{ Name = "${var.resource_name_prefix}-aws_dynamodb_table" },
|
||||
var.common_tags,
|
||||
|
|
|
@ -8,7 +8,7 @@ terraform {
|
|||
required_providers {
|
||||
aws = {
|
||||
source = "hashicorp/aws"
|
||||
version = ">= 4.0.0"
|
||||
version = ">= 5.0.0"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -16,7 +16,7 @@ provider "aws" {
|
|||
region = var.aws_region
|
||||
# using aws-vault to assume a role
|
||||
assume_role {
|
||||
duration = "1h"
|
||||
duration = "3600s"
|
||||
role_arn = var.role_arn
|
||||
}
|
||||
}
|
||||
|
|
Binary file not shown.
Loading…
Reference in New Issue