-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.tf
94 lines (74 loc) · 2.19 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
# -----------------------------------
# Terraform Configuration
# -----------------------------------
terraform {
# Backend configuration for storing the Terraform state in S3 with DynamoDB table for state locking
backend "s3" {
encrypt = true
bucket = "pillarbox-monitoring-tfstate"
key = "terraform/01-terraform-backend/terraform.tfstate"
dynamodb_table = "pillarbox-monitoring-terraform-statelock"
profile = "prod"
}
# Specify required providers and their versions
required_providers {
aws = {
source = "hashicorp/aws"
version = "~>5.4.0"
}
}
}
# -----------------------------------
# AWS Provider Setup
# -----------------------------------
provider "aws" {
# Apply default tags to all AWS resources
default_tags {
tags = local.default_tags
}
}
# -----------------------------------
# AWS S3 Resources
# -----------------------------------
## Management S3 Bucket for Terraform State
resource "aws_s3_bucket" "s3-terraform" {
count = 1
# Name of the bucket for storing Terraform state
bucket = "pillarbox-monitoring-tfstate"
# Prevent accidental deletion of the bucket
lifecycle {
prevent_destroy = true
}
}
## S3 Bucket Ownership Controls
resource "aws_s3_bucket_ownership_controls" "s3-ownership" {
# Apply ownership controls to the S3 bucket
bucket = one(aws_s3_bucket.s3-terraform[*].id)
rule {
object_ownership = "BucketOwnerPreferred"
}
}
## S3 Bucket ACL Configuration
resource "aws_s3_bucket_acl" "s3-acl_mgmt" {
# Ensure this resource is created after the ownership controls
depends_on = [aws_s3_bucket_ownership_controls.s3-ownership]
count = 1
bucket = one(aws_s3_bucket.s3-terraform[*].id)
acl = "private"
}
# -----------------------------------
# AWS DynamoDB Resources
# -----------------------------------
## DynamoDB Table for Terraform State Locking
resource "aws_dynamodb_table" "dynamodb-terraform-state-lock" {
count = 1
# Name of the DynamoDB table for state locking
name = "pillarbox-monitoring-terraform-statelock"
hash_key = "LockID"
read_capacity = 20
write_capacity = 20
attribute {
name = "LockID"
type = "S"
}
}