Эхлэл Бүгдийг харах Тусламж
Бүртгүүлэх Нэвтрэх
Splunk
/
FredsAWSStandaloneWithSmartStore
2
0
Салаа 0
Файлууд Асуудлууд 0 Хуулах хүсэлтүүд 0 Мэдлэгийн сан
Мод: 108c1da63f
Салаанууд Тагууд
FredsAWSStandal...
/
3.infrastructure
/
s3.smartstore.tf

s3.smartstore.tf 2.1 KB
Түүх Анхны өгөгдөл

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172 
  1. # This is the smartstore bucket. This is the data. Keep this safe.
    2. 

  2. resource "aws_s3_bucket" "splunk-smartstore" {
    3. 

  3.   bucket = "ftd-splunk-smartstore"
    4. 

  4. 

  5.   versioning {
    6. 

  6.     enabled = true # Allows us to archive frozen data directly into glacier without splunk intervention
    7. 

  7.   }
    8. 

  8. 

  9.   lifecycle {
    10. 

  10.     # Set to TRUE for production!
    11. 

  11.     prevent_destroy = false
    12. 

  12.   }
    13. 

  13.   # set to FALSE for production!
    14. 

  14.   force_destroy = true
    15. 

  15. 

  16.   server_side_encryption_configuration {
    17. 

  17.     rule {
    18. 

  18.       apply_server_side_encryption_by_default {
    19. 

  19.         kms_master_key_id = "${aws_kms_key.splunk_s3_key.arn}"
    20. 

  20.         sse_algorithm     = "aws:kms"
    21. 

  21.       }
    22. 

  22.     }
    23. 

  23.   }
    24. 

  24. 

  25.   # This will save some money by moving to "infrequently accessed" after a period of time
    26. 

  26.   lifecycle_rule {
    27. 

  27.     id = "InfrequentAccessAfteraYear"
    28. 

  28.     enabled = true
    29. 

  29.     transition {
    30. 

  30.       # For production, probably set this to something longer, like 90 days or a year
    31. 

  31.       days = 30
    32. 

  32.       storage_class = "STANDARD_IA"
    33. 

  33.     }
    34. 

  34. 

  35.     noncurrent_version_transition {
    36. 

  36.       days = 0
    37. 

  37.       storage_class = "GLACIER"
    38. 

  38.     }
    39. 

  39.     
    40. 

  40.     # This would be a good place to transition to deep archive a few days/weeks/months after
    41. 

  41.     # the transition to glacier, if you're really only rarely going to access it.
    42. 

  42.   }
    43. 

  43. 

  44.   tags = {
    45. 

  45.     Project = "Splunk"
    46. 

  46.     Environment = "Production"
    47. 

  47.   }
    48. 

  48. }
    49. 

  49. 

  50. resource "aws_s3_bucket_public_access_block" "keep_smartstore_safe" {
    51. 

  51.   bucket = "${aws_s3_bucket.splunk-smartstore.id}"
    52. 

  52. 

  53.   block_public_acls = true
    54. 

  54.   block_public_policy = true
    55. 

  55.   ignore_public_acls = true
    56. 

  56.   restrict_public_buckets = true
    57. 

  57. }
    58. 

  58. 

  59. data "template_file" "s3_splunk_bucket_policy" {
    60. 

  60.   template = "${file("policies/s3_splunk_bucket_policy.json.tpl")}"
    61. 

  61.   vars = {
    62. 

  62.     account = "${data.aws_caller_identity.current.account_id}"
    63. 

  63.     bucket_arn = "${aws_s3_bucket.splunk-smartstore.arn}"
    64. 

  64.     vpc_cidr = "${data.terraform_remote_state.network.outputs.vpc_cidr}"
    65. 

  65.     role_arn = "${aws_iam_role.Splunk-EC2-Standalone.arn}"
    66. 

  66.   }
    67. 

  67. }
    68. 

  68. 

  69. resource "aws_s3_bucket_policy" "splunk_servers_only" {
    70. 

  70.   bucket = "${aws_s3_bucket.splunk-smartstore.id}"
    71. 

  71.   policy = "${data.template_file.s3_splunk_bucket_policy.rendered}"
    72. 

  72. }
    73.