{ "version": 4, "terraform_version": "0.12.26", "serial": 9, "lineage": "98e5e789-5a16-5c08-b9f6-7e8cb242c2a4", "outputs": {}, "resources": [ { "module": "module.tfstate", "mode": "data", "type": "aws_caller_identity", "name": "current", "provider": "provider.aws", "instances": [ { "schema_version": 0, "attributes": { "account_id": "701290387780", "arn": "arn:aws-us-gov:sts::701290387780:assumed-role/mdr_terraformer/terraform", "id": "2020-07-07 14:04:14.074532 +0000 UTC", "user_id": "AROA2GSBKDFCIT5IHVMAA:terraform" } } ] }, { "module": "module.tfstate", "mode": "data", "type": "aws_iam_policy_document", "name": "kms_key_policy_tfstate", "provider": "provider.aws", "instances": [ { "schema_version": 0, "attributes": { "id": "3988755204", "json": "{\n \"Version\": \"2012-10-17\",\n \"Id\": \"key-consolepolicy-3\",\n \"Statement\": [\n {\n \"Sid\": \"Enable IAM User Permissions\",\n \"Effect\": \"Allow\",\n \"Action\": \"kms:*\",\n \"Resource\": \"*\",\n \"Principal\": {\n \"AWS\": \"arn:aws-us-gov:iam::701290387780:root\"\n }\n },\n {\n \"Sid\": \"Allow access for Key Administrators\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"kms:Update*\",\n \"kms:UntagResource\",\n \"kms:TagResource\",\n \"kms:ScheduleKeyDeletion\",\n \"kms:Revoke*\",\n \"kms:Put*\",\n \"kms:List*\",\n \"kms:Get*\",\n \"kms:Enable*\",\n \"kms:Disable*\",\n \"kms:Describe*\",\n \"kms:Delete*\",\n \"kms:Create*\",\n \"kms:CancelKeyDeletion\"\n ],\n \"Resource\": \"*\",\n \"Principal\": {\n \"AWS\": \"arn:aws-us-gov:iam::701290387780:user/MDRAdmin\"\n }\n },\n {\n \"Sid\": \"Allow use of the key\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"kms:ReEncrypt*\",\n \"kms:GenerateDataKey*\",\n \"kms:Encrypt\",\n \"kms:DescribeKey\",\n \"kms:Decrypt\"\n ],\n \"Resource\": \"*\",\n \"Principal\": {\n \"AWS\": \"arn:aws-us-gov:iam::701290387780:user/MDRAdmin\"\n }\n },\n {\n \"Sid\": \"Allow attachment of persistent resources\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"kms:RevokeGrant\",\n \"kms:ListGrants\",\n \"kms:CreateGrant\"\n ],\n \"Resource\": \"*\",\n \"Principal\": {\n \"AWS\": \"arn:aws-us-gov:iam::701290387780:user/MDRAdmin\"\n },\n \"Condition\": {\n \"Bool\": {\n \"kms:GrantIsForAWSResource\": \"true\"\n }\n }\n }\n ]\n}", "override_json": null, "policy_id": "key-consolepolicy-3", "source_json": null, "statement": [ { "actions": [ "kms:*" ], "condition": [], "effect": "Allow", "not_actions": [], "not_principals": [], "not_resources": [], "principals": [ { "identifiers": [ "arn:aws-us-gov:iam::701290387780:root" ], "type": "AWS" } ], "resources": [ "*" ], "sid": "Enable IAM User Permissions" }, { "actions": [ "kms:CancelKeyDeletion", "kms:Create*", "kms:Delete*", "kms:Describe*", "kms:Disable*", "kms:Enable*", "kms:Get*", "kms:List*", "kms:Put*", "kms:Revoke*", "kms:ScheduleKeyDeletion", "kms:TagResource", "kms:UntagResource", "kms:Update*" ], "condition": [], "effect": "Allow", "not_actions": [], "not_principals": [], "not_resources": [], "principals": [ { "identifiers": [ "arn:aws-us-gov:iam::701290387780:user/MDRAdmin" ], "type": "AWS" } ], "resources": [ "*" ], "sid": "Allow access for Key Administrators" }, { "actions": [ "kms:Decrypt", "kms:DescribeKey", "kms:Encrypt", "kms:GenerateDataKey*", "kms:ReEncrypt*" ], "condition": [], "effect": "Allow", "not_actions": [], "not_principals": [], "not_resources": [], "principals": [ { "identifiers": [ "arn:aws-us-gov:iam::701290387780:user/MDRAdmin" ], "type": "AWS" } ], "resources": [ "*" ], "sid": "Allow use of the key" }, { "actions": [ "kms:CreateGrant", "kms:ListGrants", "kms:RevokeGrant" ], "condition": [ { "test": "Bool", "values": [ "true" ], "variable": "kms:GrantIsForAWSResource" } ], "effect": "Allow", "not_actions": [], "not_principals": [], "not_resources": [], "principals": [ { "identifiers": [ "arn:aws-us-gov:iam::701290387780:user/MDRAdmin" ], "type": "AWS" } ], "resources": [ "*" ], "sid": "Allow attachment of persistent resources" } ], "version": "2012-10-17" } } ] }, { "module": "module.tfstate", "mode": "data", "type": "aws_partition", "name": "current", "provider": "provider.aws", "instances": [ { "schema_version": 0, "attributes": { "dns_suffix": "amazonaws.com", "id": "2020-07-07 14:04:13.787107 +0000 UTC", "partition": "aws-us-gov" } } ] }, { "module": "module.tfstate", "mode": "managed", "type": "aws_dynamodb_table", "name": "lock_table", "provider": "provider.aws", "instances": [ { "schema_version": 1, "attributes": { "arn": "arn:aws-us-gov:dynamodb:us-gov-east-1:701290387780:table/afsxdr-terraform-state", "attribute": [ { "name": "LockID", "type": "S" } ], "billing_mode": "PAY_PER_REQUEST", "global_secondary_index": [], "hash_key": "LockID", "id": "afsxdr-terraform-state", "local_secondary_index": [], "name": "afsxdr-terraform-state", "point_in_time_recovery": [ { "enabled": false } ], "range_key": null, "read_capacity": 0, "replica": [], "server_side_encryption": [ { "enabled": true, "kms_key_arn": "arn:aws-us-gov:kms:us-gov-east-1:701290387780:key/dddb424f-ebdd-416e-8772-3fc18aa81cb7" } ], "stream_arn": "", "stream_enabled": false, "stream_label": "", "stream_view_type": "", "tags": { "Name": "afsxdr-terraform-state" }, "timeouts": null, "ttl": [ { "attribute_name": "", "enabled": false } ], "write_capacity": 0 }, "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjM2MDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", "dependencies": [ "module.tfstate.aws_kms_key.tfstate" ] } ] }, { "module": "module.tfstate", "mode": "managed", "type": "aws_kms_alias", "name": "tfstate", "provider": "provider.aws", "instances": [ { "schema_version": 0, "attributes": { "arn": "arn:aws-us-gov:kms:us-gov-east-1:701290387780:alias/tfstate", "id": "alias/tfstate", "name": "alias/tfstate", "name_prefix": null, "target_key_arn": "arn:aws-us-gov:kms:us-gov-east-1:701290387780:key/dddb424f-ebdd-416e-8772-3fc18aa81cb7", "target_key_id": "dddb424f-ebdd-416e-8772-3fc18aa81cb7" }, "private": "bnVsbA==", "dependencies": [ "module.tfstate.aws_kms_key.tfstate" ] } ] }, { "module": "module.tfstate", "mode": "managed", "type": "aws_kms_key", "name": "tfstate", "provider": "provider.aws", "instances": [ { "schema_version": 0, "attributes": { "arn": "arn:aws-us-gov:kms:us-gov-east-1:701290387780:key/dddb424f-ebdd-416e-8772-3fc18aa81cb7", "customer_master_key_spec": "SYMMETRIC_DEFAULT", "deletion_window_in_days": 30, "description": "tfstate bucket default S3 SSE-KMS", "enable_key_rotation": true, "id": "dddb424f-ebdd-416e-8772-3fc18aa81cb7", "is_enabled": true, "key_id": "dddb424f-ebdd-416e-8772-3fc18aa81cb7", "key_usage": "ENCRYPT_DECRYPT", "policy": "{\"Id\":\"key-consolepolicy-3\",\"Statement\":[{\"Action\":\"kms:*\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws-us-gov:iam::701290387780:root\"},\"Resource\":\"*\",\"Sid\":\"Enable IAM User Permissions\"},{\"Action\":[\"kms:Update*\",\"kms:UntagResource\",\"kms:TagResource\",\"kms:ScheduleKeyDeletion\",\"kms:Revoke*\",\"kms:Put*\",\"kms:List*\",\"kms:Get*\",\"kms:Enable*\",\"kms:Disable*\",\"kms:Describe*\",\"kms:Delete*\",\"kms:Create*\",\"kms:CancelKeyDeletion\"],\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws-us-gov:iam::701290387780:user/MDRAdmin\"},\"Resource\":\"*\",\"Sid\":\"Allow access for Key Administrators\"},{\"Action\":[\"kms:ReEncrypt*\",\"kms:GenerateDataKey*\",\"kms:Encrypt\",\"kms:DescribeKey\",\"kms:Decrypt\"],\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws-us-gov:iam::701290387780:user/MDRAdmin\"},\"Resource\":\"*\",\"Sid\":\"Allow use of the key\"},{\"Action\":[\"kms:RevokeGrant\",\"kms:ListGrants\",\"kms:CreateGrant\"],\"Condition\":{\"Bool\":{\"kms:GrantIsForAWSResource\":\"true\"}},\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws-us-gov:iam::701290387780:user/MDRAdmin\"},\"Resource\":\"*\",\"Sid\":\"Allow attachment of persistent resources\"}],\"Version\":\"2012-10-17\"}", "tags": {} }, "private": "bnVsbA==" } ] }, { "module": "module.tfstate", "mode": "managed", "type": "aws_s3_bucket", "name": "tfstate", "provider": "provider.aws", "instances": [ { "schema_version": 0, "attributes": { "acceleration_status": "", "acl": "private", "arn": "arn:aws-us-gov:s3:::afsxdr-terraform-state", "bucket": "afsxdr-terraform-state", "bucket_domain_name": "afsxdr-terraform-state.s3.amazonaws.com", "bucket_prefix": null, "bucket_regional_domain_name": "afsxdr-terraform-state.s3.us-gov-east-1.amazonaws.com", "cors_rule": [], "force_destroy": false, "grant": [], "hosted_zone_id": "Z31GFT0UA1I2HV", "id": "afsxdr-terraform-state", "lifecycle_rule": [ { "abort_incomplete_multipart_upload_days": 7, "enabled": true, "expiration": [], "id": "tf-s3-lifecycle-20200610174352244400000001", "noncurrent_version_expiration": [ { "days": 730 } ], "noncurrent_version_transition": [ { "days": 30, "storage_class": "STANDARD_IA" } ], "prefix": "", "tags": {}, "transition": [] } ], "logging": [], "object_lock_configuration": [], "policy": null, "region": "us-gov-east-1", "replication_configuration": [], "request_payer": "BucketOwner", "server_side_encryption_configuration": [ { "rule": [ { "apply_server_side_encryption_by_default": [ { "kms_master_key_id": "arn:aws-us-gov:kms:us-gov-east-1:701290387780:key/dddb424f-ebdd-416e-8772-3fc18aa81cb7", "sse_algorithm": "aws:kms" } ] } ] } ], "tags": {}, "versioning": [ { "enabled": true, "mfa_delete": false } ], "website": [], "website_domain": null, "website_endpoint": null }, "private": "bnVsbA==", "dependencies": [ "module.tfstate.aws_kms_key.tfstate" ] } ] }, { "module": "module.tfstate", "mode": "managed", "type": "aws_s3_bucket_public_access_block", "name": "tfstate", "provider": "provider.aws", "instances": [ { "schema_version": 0, "attributes": { "block_public_acls": true, "block_public_policy": true, "bucket": "afsxdr-terraform-state", "id": "afsxdr-terraform-state", "ignore_public_acls": true, "restrict_public_buckets": true }, "private": "bnVsbA==", "dependencies": [ "module.tfstate.aws_kms_key.tfstate", "module.tfstate.aws_s3_bucket.tfstate" ] } ] } ] }