Página inicial Explorar Ajuda
Registrar Entrar
AFS
/
xdr-terraform-modules
2
0
Fork 0
Arquivos Issues 0 Pull Requests 0 Wiki
Tree: 1ce9d85049
Branches Tags
xdr-terraform-m...
/
base
/
teleport-single-instance
/
s3.tf

s3.tf 2.0 KB
Histórico Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677 
  1. /* 
    2. 

  2. Configuration of S3 bucket for certs and replay
    3. 

  3. storage. Uses server side encryption to secure
    4. 

  4. session replays and SSL certificates.
    5. 

  5. */
    6. 

  6. 

  7. // S3 bucket for cluster storage
    8. 

  8. resource "aws_s3_bucket" "storage" {
    9. 

  9.   bucket        = "${var.instance_name}-${var.environment}"
    10. 

  10.   force_destroy = var.instance_termination_protection ? false : true # reverse of termination protection, destroy if no termination protection
    11. 

  11. }
    12. 

  12. 

  13. resource "aws_s3_bucket_acl" "s3_acl_storage" {
    14. 

  14.   bucket = aws_s3_bucket.storage.id
    15. 

  15.   acl    = "private"
    16. 

  16. }
    17. 

  17. 

  18. resource "aws_s3_bucket_server_side_encryption_configuration" "s3_sse_storage" {
    19. 

  19.   bucket = aws_s3_bucket.storage.id
    20. 

  20.   rule {
    21. 

  21.     apply_server_side_encryption_by_default {
    22. 

  22.         sse_algorithm = "aws:kms"
    23. 

  23.       }
    24. 

  24.     }
    25. 

  25. }
    26. 

  26. 

  27. resource "aws_s3_bucket_lifecycle_configuration" "s3_lifecyle_storage" {
    28. 

  28.   bucket   = aws_s3_bucket.storage.id
    29. 

  29.   rule {
    30. 

  30.     id     = "DeleteAfter90Days"
    31. 

  31.     status = "Enabled"
    32. 

  32.     
    33. 

  33.     abort_incomplete_multipart_upload {
    34. 

  34.       days_after_initiation = 7
    35. 

  35.     }
    36. 

  36.     
    37. 

  37.     expiration {
    38. 

  38.       days = 90
    39. 

  39.     }
    40. 

  40.   }
    41. 

  41. }
    42. 

  42. 

  43. resource "aws_s3_bucket_public_access_block" "awsconfig_bucket_block_public_access" {
    44. 

  44.   block_public_acls       = true
    45. 

  45.   block_public_policy     = true
    46. 

  46.   bucket                  = aws_s3_bucket.storage.id
    47. 

  47.   ignore_public_acls      = true
    48. 

  48.   restrict_public_buckets = true
    49. 

  49. }
    50. 

  50. 

  51. 

  52. //AWS Provider outdated arguments <4.4.0
    53. 

  53. /*resource "aws_s3_bucket" "storage" {
    54. 

  54.   bucket        = "${var.instance_name}-${var.environment}"
    55. 

  55.   acl           = "private"
    56. 

  56.   force_destroy = var.instance_termination_protection ? false : true # reverse of termination protection, destroy if no termination protection
    57. 

  57. 

  58.   server_side_encryption_configuration {
    59. 

  59.     rule {
    60. 

  60.       apply_server_side_encryption_by_default {
    61. 

  61.         kms_master_key_id = aws_kms_key.s3.arn
    62. 

  62.         sse_algorithm = "aws:kms"
    63. 

  63.       }
    64. 

  64.     }
    65. 

  65.   }
    66. 

  66. 

  67.   lifecycle_rule {
    68. 

  68.     id = "DeleteAfter90Days"
    69. 

  69.     enabled = true
    70. 

  70.     abort_incomplete_multipart_upload_days = 7
    71. 

  71. 

  72.     expiration {
    73. 

  73.       days = 90
    74. 

  74.     }
    75. 

  75.   }
    76. 

  76. }
    77. 

  77. */
    78.