Home Explore Help
Register Sign In
AFS
/
xdr-terraform-modules
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 88fea6eab3
Branches Tags
xdr-terraform-m...
/
base
/
teleport-single-instance
/
s3.tf

s3.tf 1.1 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839 
  1. /* 
    2. 

  2. Configuration of S3 bucket for certs and replay
    3. 

  3. storage. Uses server side encryption to secure
    4. 

  4. session replays and SSL certificates.
    5. 

  5. */
    6. 

  6. // S3 bucket for cluster storage
    7. 

  7. resource "aws_s3_bucket" "storage" {
    8. 

  8.   bucket        = "${var.instance_name}-${var.environment}"
    9. 

  9.   acl           = "private"
    10. 

  10.   force_destroy = var.instance_termination_protection ? false : true # reverse of termination protection, destroy if no termination protection
    11. 

  11. 

  12.   server_side_encryption_configuration {
    13. 

  13.     rule {
    14. 

  14.       apply_server_side_encryption_by_default {
    15. 

  15.         kms_master_key_id = aws_kms_key.s3.arn
    16. 

  16.         sse_algorithm = "aws:kms"
    17. 

  17.       }
    18. 

  18.     }
    19. 

  19.   }
    20. 

  20. 

  21.   lifecycle_rule {
    22. 

  22.     id = "DeleteAfter90Days"
    23. 

  23.     enabled = true
    24. 

  24.     abort_incomplete_multipart_upload_days = 7
    25. 

  25. 

  26.     expiration {
    27. 

  27.       days = 90
    28. 

  28.     }
    29. 

  29.   }
    30. 

  30. }
    31. 

  31. 

  32. resource "aws_s3_bucket_public_access_block" "awsconfig_bucket_block_public_access" {
    33. 

  33.   block_public_acls       = true
    34. 

  34.   block_public_policy     = true
    35. 

  35.   bucket                  = aws_s3_bucket.storage.id
    36. 

  36.   ignore_public_acls      = true
    37. 

  37.   restrict_public_buckets = true
    38. 

  38. }
    39. 

  39.