Halaman utama Jelajahi Bantuan
Daftar Masuk
AFS
/
xdr-terraform-modules
2
0
Fork 0
Berkas Masalah 0 Permintaan Tarik 0 Wiki
Pohon: c17eb3a25f
Ranting Tag
xdr-terraform-m...
/
base
/
teleport-single-instance
/
s3.tf

s3.tf 2.2 KB
Riwayat Mentahan

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687 
  1. /* 
    2. 

  2. Configuration of S3 bucket for certs and replay
    3. 

  3. storage. Uses server side encryption to secure
    4. 

  4. session replays and SSL certificates.
    5. 

  5. */
    6. 

  6. 

  7. // S3 bucket for cluster storage
    8. 

  8. resource "aws_s3_bucket" "storage" {
    9. 

  9.   bucket        = "${var.instance_name}-${var.environment}"
    10. 

  10.   force_destroy = var.instance_termination_protection ? false : true # reverse of termination protection, destroy if no termination protection
    11. 

  11. }
    12. 

  12. 

  13. resource "aws_s3_bucket_acl" "s3_acl_storage" {
    14. 

  14.   bucket = aws_s3_bucket.storage.id
    15. 

  15.   acl    = "private"
    16. 

  16. }
    17. 

  17. 

  18. resource "aws_s3_bucket_server_side_encryption_configuration" "s3_sse_storage" {
    19. 

  19.   bucket = aws_s3_bucket.storage.id
    20. 

  20. 

  21.   rule {
    22. 

  22.     apply_server_side_encryption_by_default {
    23. 

  23.       kms_master_key_id = aws_kms_key.s3.arn
    24. 

  24.       sse_algorithm     = "aws:kms"
    25. 

  25.     }
    26. 

  26.   }
    27. 

  27. }
    28. 

  28. 

  29. resource "aws_s3_bucket_lifecycle_configuration" "s3_lifecyle_storage" {
    30. 

  30.   bucket = aws_s3_bucket.storage.id
    31. 

  31. 

  32.   rule {
    33. 

  33.     id     = "DeleteAfter90Days"
    34. 

  34.     status = "Enabled"
    35. 

  35. 

  36.     abort_incomplete_multipart_upload {
    37. 

  37.       days_after_initiation = 7
    38. 

  38.     }
    39. 

  39. 

  40.     expiration {
    41. 

  41.       days = 90
    42. 

  42.     }
    43. 

  43.   }
    44. 

  44. }
    45. 

  45. 

  46. resource "aws_s3_bucket_public_access_block" "awsconfig_bucket_block_public_access" {
    47. 

  47.   block_public_acls       = true
    48. 

  48.   block_public_policy     = true
    49. 

  49.   bucket                  = aws_s3_bucket.storage.id
    50. 

  50.   ignore_public_acls      = true
    51. 

  51.   restrict_public_buckets = true
    52. 

  52. }
    53. 

  53. 

  54. # Versioning prevents accidental deletion of records
    55. 

  55. resource "aws_s3_bucket_versioning" "storage" {
    56. 

  56.   bucket = aws_s3_bucket.storage.id
    57. 

  57.   versioning_configuration {
    58. 

  58.     status = "Enabled"
    59. 

  59.   }
    60. 

  60. }
    61. 

  61. 

  62. //AWS Provider outdated arguments <4.4.0
    63. 

  63. /*resource "aws_s3_bucket" "storage" {
    64. 

  64.   bucket        = "${var.instance_name}-${var.environment}"
    65. 

  65.   acl           = "private"
    66. 

  66.   force_destroy = var.instance_termination_protection ? false : true # reverse of termination protection, destroy if no termination protection
    67. 

  67. 

  68.   server_side_encryption_configuration {
    69. 

  69.     rule {
    70. 

  70.       apply_server_side_encryption_by_default {
    71. 

  71.         kms_master_key_id = aws_kms_key.s3.arn
    72. 

  72.         sse_algorithm = "aws:kms"
    73. 

  73.       }
    74. 

  74.     }
    75. 

  75.   }
    76. 

  76. 

  77.   lifecycle_rule {
    78. 

  78.     id = "DeleteAfter90Days"
    79. 

  79.     enabled = true
    80. 

  80.     abort_incomplete_multipart_upload_days = 7
    81. 

  81. 

  82.     expiration {
    83. 

  83.       days = 90
    84. 

  84.     }
    85. 

  85.   }
    86. 

  86. }
    87. 

  87. */
    88.