conner/slopedme-terrraform
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
slopedme-terrraform/remote-backend/main.tf
Conner McCall c983638571 change: initial commit 
contains sloped.me domain records and
backend configuration
2020-08-20 07:33:33 -05:00

97 lines
1.9 KiB
HCL
Raw Blame History

# Get the AWS accountID
data "aws_caller_identity" "current" {
}
# Create S3 buckets for logging and tfstate
resource "aws_s3_bucket" "tflogs" {
bucket = var.s3bucketlogs
acl = "log-delivery-write"
tags = {
Name = var.s3bucketlogs
"ManagedBy" = "terraform"
}
# Enable server-side encryption by default
server_side_encryption_configuration {
rule {
apply_server_side_encryption_by_default {
sse_algorithm = "AES256"
}
}
}
}
resource "aws_s3_bucket" "tfstate" {
bucket = var.s3bucketstate
tags = {
Name = var.s3bucketstate
"ManagedBy" = "terraform"
}
logging {
target_bucket = aws_s3_bucket.tflogs.id
target_prefix = "log/"
}
versioning {
enabled = true
}
lifecycle {
prevent_destroy = true
}
# Enable server-side encryption by default
server_side_encryption_configuration {
rule {
apply_server_side_encryption_by_default {
sse_algorithm = "AES256"
}
}
}
}
resource "aws_s3_bucket_policy" "tfstate" {
bucket = aws_s3_bucket.tfstate.id
policy = <<POLICY
{
"Statement":[
{
"Action": "s3:*",
"Effect": "Allow",
"Principal": {"AWS": ["arn:aws:iam::${data.aws_caller_identity.current.account_id}:root"]},
"Resource": "arn:aws:s3:::${var.s3bucketstate}/*",
"Sid": "AddUserPerms"
}
],
"Version": "2012-10-17"
}
POLICY
}
# Create DynamoDB table for locking and consistency checking
resource "aws_dynamodb_table" "terraform-dynamodb-table-slopedme" {
name = "terraform-dynamodb-table-slopedme"
billing_mode = "PAY_PER_REQUEST"
read_capacity = 0
write_capacity = 0
hash_key = "LockID"
attribute {
name = "LockID"
type = "S"
}
tags = {
Name = "terraform-dynamodb-table-slopedme"
"ManagedBy" = "terraform"
}
}
output "accountid" {
value = data.aws_caller_identity.current.account_id
}
Reference in a new issue View git blame Copy permalink