Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
T
tf_mod_aws_remotestate
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
steamhaus
tf_mod_aws_remotestate
Commits
648240f1
Commit
648240f1
authored
Sep 15, 2017
by
Sean Clerkin
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Initial commit
parent
8f1bb09e
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
90 additions
and
0 deletions
+90
-0
README.md
README.md
+19
-0
dynamodb.tf
dynamodb.tf
+11
-0
s3.tf
s3.tf
+51
-0
variables.tf
variables.tf
+9
-0
No files found.
README.md
View file @
648240f1
tf_mod_aws_remotestate
==
A Terraform module for creating an initial S3 bucket for remote state storage
and a DynamoDB table for remote state locking.
```
module "remote_state" {
source = "git::https://git.steamhaus.co.uk/steamhaus/tf_mod_aws_remotestate"
name = "my-awsesome-remote-state"
}
```
Notes:
-
The name variable names both the S3 bucket and the DynamoDB table and therefore
needs to be globally unique.
-
The S3 bucket policy only allows SSE object uploads so ensure Terraform is
configured with the encryption setting on the S3 backend.
dynamodb.tf
0 → 100644
View file @
648240f1
resource
"aws_dynamodb_table"
"remote_state_locking"
{
name
=
"
${
var
.
name
}
"
read_capacity
=
"
${
var
.
dynamodb_read_capacity
}
"
write_capacity
=
"
${
var
.
dynamodb_write_capacity
}
"
hash_key
=
"LockID"
attribute
{
name
=
"LockID"
type
=
"S"
}
}
s3.tf
0 → 100644
View file @
648240f1
resource
"aws_s3_bucket"
"remote_state"
{
bucket
=
"
${
var
.
name
}
"
acl
=
"private"
versioning
{
enabled
=
true
}
}
data
"aws_iam_policy_document"
"remote_state_always_enc"
{
statement
{
sid
=
"DenyIncorrectEncryptionHeader"
effect
=
"Deny"
actions
=
[
"s3:PutObject"
]
resources
=
[
"arn:aws:s3:::
${
var
.
name
}
/*"
]
principals
{
type
=
"AWS"
identifiers
=
[
"*"
]
}
condition
{
test
=
"StringNotEquals"
variable
=
"s3:x-amz-server-side-encryption"
values
=
[
"AES256"
]
}
}
statement
{
sid
=
"DenyUnEncryptedObjectUploads"
effect
=
"Deny"
actions
=
[
"s3:PutObject"
]
resources
=
[
"arn:aws:s3:::
${
var
.
name
}
/*"
]
principals
{
type
=
"AWS"
identifiers
=
[
"*"
]
}
condition
{
test
=
"Null"
variable
=
"s3:x-amz-server-side-encryption"
values
=
[
"true"
]
}
}
}
resource
"aws_s3_bucket_policy"
"remote_state"
{
bucket
=
"
${
aws_s3_bucket
.
remote_state
.
id
}
"
policy
=
"
${data
.
aws_iam_policy_document
.
remote_state_always_enc
.
json
}
"
}
variables.tf
0 → 100644
View file @
648240f1
variable
"name"
{}
variable
"dynamodb_read_capacity"
{
default
=
"5"
}
variable
"dynamodb_write_capacity"
{
default
=
"5"
}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
