Skip to content

Latest commit

 

History

History
73 lines (57 loc) · 5.59 KB

README.md

File metadata and controls

73 lines (57 loc) · 5.59 KB

AWS S3-Backend Terraform module

Terraform module for creating a S3 backend with a S3 bucket and Dynamodb table for state lock management.

The resources in the module follows the best practices and scanned by vulnerability analysis tools.

Usage

An example of how to use this module in your terraform file.

module "s3_backend" {
  source                      = "abhisheksr01/s3-backend/aws"
  version                     = "0.1.0"
  bucket_name                 = var.bucket_name
  dynamodb_table_name         = var.dynamodb_table_name
  tags                        = var.default_tags
  s3_bucket_kms_master_key_id = data.aws_kms_alias.aws_kms_s3_default_key.id
}

data "aws_kms_alias" "aws_kms_s3_default_key" {
  name = "alias/aws/s3"
}

Click here to see simplest implementation example and relevant details

Providers

Name Version
aws n/a

Resources

Name Type
aws_dynamodb_table.tf_state_locks resource
aws_s3_bucket.s3_backend_bucket resource
aws_s3_bucket_acl.s3_backend_acl resource
aws_s3_bucket_logging.s3_backend_bucket_logging resource
aws_s3_bucket_ownership_controls.s3_backend_ownership resource
aws_s3_bucket_public_access_block.s3_backend_public_access_block resource
aws_s3_bucket_server_side_encryption_configuration.s3_backend_sse_config resource
aws_s3_bucket_versioning.s3_backend_versioning resource

Inputs

Name Description Type Default Required
bucket_name S3 Bucket Name string n/a yes
dyanmodb_point_in_time_recovery Enable dynamo db point in time recovery bool true no
dynamodb_billing_mode Type of Dynamo DB table billing mode string "PAY_PER_REQUEST" no
dynamodb_hash_key Type of Dynamo DB Has Key type string "LockID" no
dynamodb_table_name Dynamo DB Table Name string n/a yes
s3_bucket_acl S3 Buckert ACL Type string "private" no
s3_bucket_key_enabled Enables sse for S3 bucket with KMS key bool true no
s3_bucket_kms_master_key_id KMS master key id used for encrypting the S3 bucket string n/a yes
s3_bucket_logging Map of S3 Bucket logging block,when set to enable = true target_bucket_name must be provided map(any)
{
"enable": false,
"target_bucket_name": "target_bucket_name",
"target_prefix": "/logs"
}
no
s3_bucket_object_ownership_controls S3 bucket object ownership controls string "BucketOwnerPreferred" no
s3_bucket_public_access_block S3 bucket public access block of Object type. Default set to true from security perspective.
object({
block_public_acls = bool
block_public_policy = bool
ignore_public_acls = bool
restrict_public_buckets = bool
})
{
"block_public_acls": true,
"block_public_policy": true,
"ignore_public_acls": true,
"restrict_public_buckets": true
}
no
s3_bucket_sse_algorithm S3 Bucket's type of sse algorithm for encryption string "AES256" no
tags These tags will be applied to all the resources within the module map(string) n/a yes

Outputs

Name Description
s3_backend_bucket_id S3 Bucket Id for backend
state_lock_dynamodb_table_id Dynamo DB Table Id for backend state lock management