Merge pull request #1 from johnricords/initial

initial deployment
plus3it · Jan 18, 2024 · 4ea700d · 4ea700d
2 parents 16499f6 + ac1130f
commit 4ea700d
Show file tree

Hide file tree

Showing 8 changed files with 162 additions and 61 deletions.
diff --git a/.bumpversion.cfg b/.bumpversion.cfg
@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 1.2.0
+current_version = 1.0.0
 commit = True
 message = Bumps version to {new_version}
 tag = False

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,32 +1,12 @@
-## repo-template
+## terraform-aws-tardigrade-s3-backend
 
 All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/).
 
-### [1.2.0] (https://github.com/plus3it/repo-template/releases/tag/1.2.0)
+### [1.0.0](https://github.com/plus3it/terraform-aws-tardigrade-s3-backend/releasestag/1.0.0)
 
-**Summary**:
-
-*   Updated SHA value for Github Actions Workflows
-*   Updated CHANGELOG.template.md file
-*   Added Master branch in release workflow logic to make migration to Github Actions more efficient
-
-### 1.1.0
-
-**Commit Delta**: N/A
-
-**Released**: 2023.01.27
-
-**Summary**:
-
-*   Updated workflow files to be consumable and reusable, and now points to actions-workflows repo
-
-### 1.0.0
-
-**Commit Delta**: N/A
-
-**Released**: 2023.01.10
+**Released**:  2023.12.28 
 
 **Summary**:
 

diff --git a/CHANGELOG.template.md b/CHANGELOG.template.md
diff --git a/LICENSE b/LICENSE
@@ -186,7 +186,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright 2023 Maintainers of plus3it/repo-template
+   Copyright 2023 Maintainers of plus3it/terraform-aws-tardigrade-s3-backend
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

diff --git a/README.md b/README.md
@@ -1,23 +1,33 @@
-# repo-template
-Generic repo template for Plus3IT repositories
-
-To use this template:
-
-1. Select the green "Use this template" button, or [click here](https://github.com/plus3it/repo-template/generate).
-2. Select the repo Owner, give the repo a name, enter a description, select Public or Private, and click "Create repository from template".
-3. Clone the repository and create a new branch.
-4. Edit the following files to customize them for the new repository:
-    * `LICENSE`
-        * Near the end of the file, edit the date and change the repository name
-    * `CHANGELOG.template.md`
-        * Rename to `CHANGELOG.md`, replacing the repo-template changelog
-        * Edit templated items for the new repo
-    * `.bumpversion.cfg`
-        * Edit the version number for the new repo, ask team if not sure what to
-          start with
-    * `README.md`
-        * Replace contents for the new repo
-    * `.github/`
-        * Inspect dependabot and workflow files in case changes are needed for
-          the new repo
-5. Commit the changes and open a pull request
+# terraform-aws-tardigrade-s3-backend
+Repo to manage S3 backend
+
+
+<!-- BEGIN TFDOCS -->
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_backend_config"></a> [backend\_config](#input\_backend\_config) | Object of S3 backend config | <pre>object({<br>    bucket        = string<br>    force_destroy = optional(bool, true)<br>    versioning    = optional(string, "Enabled")<br>    public_access_block = optional(object({<br>      block_public_acls       = optional(bool, true)<br>      block_public_policy     = optional(bool, true)<br>      ignore_public_acls      = optional(bool, true)<br>      restrict_public_buckets = optional(bool, true)<br>    }))<br>    server_side_encryption_configuration = optional(object({<br>      bucket_key_enabled = optional(bool, true)<br>      sse_algorithm      = optional(string, "aws:kms")<br>      kms_master_key_id  = optional(string)<br>    }))<br>    dynamodb_table = object({<br>      name                        = string<br>      deletion_protection_enabled = optional(bool, true)<br>      billing_mode                = optional(string, "PAY_PER_REQUEST")<br>    })<br>  })</pre> | n/a | yes |
+
+## Outputs
+
+No outputs.
+
+<!-- END TFDOCS -->
diff --git a/main.tf b/main.tf
@@ -0,0 +1,74 @@
+module "state_bucket" {
+  source        = "git::https://github.com/plus3it/terraform-aws-tardigrade-s3-bucket.git?ref=5.0.0"
+  bucket        = var.backend_config.bucket
+  force_destroy = var.backend_config.force_destroy
+  versioning    = var.backend_config.versioning
+
+  public_access_block = var.backend_config.public_access_block
+
+  policy = {
+    json = jsonencode({
+      "Version" : "2012-10-17",
+      "Statement" : [
+        {
+          "Sid" : "EnforcedTLS",
+          "Effect" : "Deny",
+          "Principal" : "*",
+          "Action" : "s3:*",
+          "Resource" : [
+            "arn:${data.aws_partition.current.partition}:s3:::${var.backend_config.bucket}",
+            "arn:${data.aws_partition.current.partition}:s3:::${var.backend_config.bucket}/*"
+          ],
+          "Condition" : {
+            "Bool" : {
+              "aws:SecureTransport" : "false"
+            }
+          }
+        },
+        {
+          "Sid" : "RootAccess",
+          "Effect" : "Allow",
+          "Principal" : {
+            "AWS" : "arn:${data.aws_partition.current.partition}:iam::${data.aws_caller_identity.current.account_id}:root"
+          },
+          "Action" : "s3:*",
+          "Resource" : [
+            "arn:${data.aws_partition.current.partition}:s3:::${var.backend_config.bucket}",
+            "arn:${data.aws_partition.current.partition}:s3:::${var.backend_config.bucket}/*"
+          ]
+        },
+        {
+          "Sid" : "DenyS3DeleteObject",
+          "Action" : [
+            "s3:DeleteObject"
+          ],
+          "Effect" : "Deny",
+          "Resource" : [
+            "arn:${data.aws_partition.current.partition}:s3:::${var.backend_config.bucket}/*"
+          ],
+          "Principal" : "*"
+        }
+      ]
+    })
+  }
+
+
+  server_side_encryption_configuration = var.backend_config.server_side_encryption_configuration
+
+}
+
+resource "aws_dynamodb_table" "this" {
+  name                        = var.backend_config.dynamodb_table.name
+  deletion_protection_enabled = var.backend_config.dynamodb_table.deletion_protection_enabled
+  billing_mode                = var.backend_config.dynamodb_table.billing_mode
+  hash_key                    = "LockID"
+
+  attribute {
+    name = "LockID"
+    type = "S"
+  }
+}
+
+data "aws_caller_identity" "current" {}
+
+data "aws_partition" "current" {}
diff --git a/tests/create_all/main.tf b/tests/create_all/main.tf
@@ -0,0 +1,25 @@
+module "state_bucket" {
+  source = "../../"
+
+  backend_config = {
+    bucket        = "test-bucket-for-backend"
+    force_destroy = true
+    versioning    = "Enabled"
+
+    public_access_block = {
+      block_public_acls       = true
+      block_public_policy     = true
+      ignore_public_acls      = true
+      restrict_public_buckets = true
+    }
+
+    server_side_encryption_configuration = {
+      bucket_key_enabled = true
+      sse_algorithm      = "aws:kms"
+      kms_master_key_id  = null
+    }
+    dynamodb_table = {
+      name = "test-ddb-for-backend"
+    }
+  }
+}
diff --git a/variables.tf b/variables.tf
@@ -0,0 +1,25 @@
+variable "backend_config" {
+  description = "Object of S3 backend config"
+  type = object({
+    bucket        = string
+    force_destroy = optional(bool, true)
+    versioning    = optional(string, "Enabled")
+    public_access_block = optional(object({
+      block_public_acls       = optional(bool, true)
+      block_public_policy     = optional(bool, true)
+      ignore_public_acls      = optional(bool, true)
+      restrict_public_buckets = optional(bool, true)
+    }))
+    server_side_encryption_configuration = optional(object({
+      bucket_key_enabled = optional(bool, true)
+      sse_algorithm      = optional(string, "aws:kms")
+      kms_master_key_id  = optional(string)
+    }))
+    dynamodb_table = object({
+      name                        = string
+      deletion_protection_enabled = optional(bool, true)
+      billing_mode                = optional(string, "PAY_PER_REQUEST")
+    })
+  })
+
+}