-
Notifications
You must be signed in to change notification settings - Fork 0
/
bucket.tf
59 lines (51 loc) · 1.51 KB
/
bucket.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
# Create a bucket for storage the terraform remote-state
resource "aws_s3_bucket" "remote-state" {
bucket = "${var.resource_tags["Name"]}-${var.resource_tags["Environment"]}"
tags = var.resource_tags
}
# Block whole public acess possibilities
resource "aws_s3_bucket_public_access_block" "example" {
bucket = aws_s3_bucket.remote-state.id
block_public_acls = true
block_public_policy = true
ignore_public_acls = true
restrict_public_buckets = true
}
# Encrypt bucket With SSE-S3
resource "aws_s3_bucket_server_side_encryption_configuration" "remote-state" {
bucket = aws_s3_bucket.remote-state.bucket
rule {
apply_server_side_encryption_by_default {
sse_algorithm = "AES256"
}
}
}
# Active versioning on bucket
resource "aws_s3_bucket_versioning" "remote-state" {
bucket = aws_s3_bucket.remote-state.id
versioning_configuration {
status = "Enabled"
}
}
# Lifecycle for version archives
resource "aws_s3_bucket_lifecycle_configuration" "remote-state" {
# Must have bucket versioning enabled first
depends_on = [aws_s3_bucket_versioning.remote-state]
bucket = aws_s3_bucket.remote-state.bucket
rule {
id = "config"
noncurrent_version_expiration {
newer_noncurrent_versions = 7
noncurrent_days = 30
}
status = "Enabled"
}
}
# Output bucket remote state
output "remote_state_bucket" {
value = aws_s3_bucket.remote-state.bucket
}
# Output bucket arn
output "remote_state_bucket_arn" {
value = aws_s3_bucket.remote-state.arn
}