Merge pull request #13 from kabisa/feat/add-S3bucket-and-DynamoDB

Feat/add S3 bucket and Dynamodb Tables
kabisa · Dec 15, 2023 · f77799d · f77799d
2 parents 4d352c3 + 9d4a51c
commit f77799d
Show file tree

Hide file tree

Showing 3 changed files with 83 additions and 0 deletions.
diff --git a/dynamodb.tf b/dynamodb.tf
@@ -0,0 +1,17 @@
+// Terraform State dynamodb table
+resource "aws_dynamodb_table" "kabisa_terraform_lockfiles_dynamodb_table" {
+  count          = var.dynamodb_tables_creation ? 1 : 0
+  name           = var.dynamodb_tables_name
+  read_capacity  = 5
+  write_capacity = 5
+  hash_key       = "LockID"
+
+  attribute {
+    name = "LockID"
+    type = "S"
+  }
+
+  tags = {
+    Terraform = true
+  }
+}
diff --git a/s3.tf b/s3.tf
@@ -0,0 +1,42 @@
+// Terraform State S3 buacket  
+resource "aws_s3_bucket" "kabisa_terraform_statefiles_bucket" {
+  count  = var.s3_bucket_state_file_creation ? 1 : 0
+  bucket = var.s3_bucket_state_file_name
+
+  tags = {
+    Terraform = true
+  }
+}
+
+resource "aws_s3_bucket_acl" "s3_bucket_private_acl" {
+  count      = var.s3_bucket_state_file_creation ? 1 : 0
+  bucket     = aws_s3_bucket.kabisa_terraform_statefiles_bucket[count.index].id
+  acl        = "private"
+  depends_on = [aws_s3_bucket_ownership_controls.s3_bucket_acl_ownership]
+}
+
+resource "aws_s3_bucket_ownership_controls" "s3_bucket_acl_ownership" {
+  count  = var.s3_bucket_state_file_creation ? 1 : 0
+  bucket = aws_s3_bucket.kabisa_terraform_statefiles_bucket[count.index].id
+  rule {
+    object_ownership = "ObjectWriter"
+  }
+}
+
+resource "aws_s3_bucket_versioning" "versioning_bucket" {
+  count  = var.s3_bucket_state_file_creation ? 1 : 0
+  bucket = aws_s3_bucket.kabisa_terraform_statefiles_bucket[count.index].id
+  versioning_configuration {
+    status = "Enabled"
+  }
+}
+
+resource "aws_s3_bucket_server_side_encryption_configuration" "s3_bucket_encrypt_rule" {
+  count  = var.s3_bucket_state_file_creation ? 1 : 0
+  bucket = aws_s3_bucket.kabisa_terraform_statefiles_bucket[count.index].id
+  rule {
+    apply_server_side_encryption_by_default {
+      sse_algorithm = "AES256"
+    }
+  }
+}
diff --git a/variables.tf b/variables.tf
@@ -223,3 +223,27 @@ variable "cloudwatch_encryption_enabled" {
   description = "(Optional) Encrypt log data."
 }
 
+variable "s3_bucket_state_file_creation" {
+  type        = bool
+  default     = false
+  description = "Whether to create S3 bucket in the AWS Account to store terraform state file"
+}
+
+variable "s3_bucket_state_file_name" {
+  type        = string
+  default     = ""
+  description = "The S3 bucket name which store the terraform state file"
+}
+
+variable "dynamodb_tables_creation" {
+  type        = bool
+  default     = false
+  description = "Whether to create dynamodb tables for terraform state file"
+}
+
+variable "dynamodb_tables_name" {
+  type        = string
+  default     = ""
+  description = "The dynamodb tables name"
+}
+