Página Principal Explorar Ajuda
Registe-se Iniciar Sessão
Terraform
/
sqs_fair_queueing
2
0
Fork 0
Ficheiros Problemas 0 Pull Requests 0 Wiki
Árvore: db43197e7e
Ramos Etiquetas
sqs_fair_queuei...
/
main.tf

main.tf 2.5 KB
Histórico Em bruto

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899 
  1. ######################################
    2. 

  2. # The fair queueing module example
    3. 

  3. module "sqs_fair_queue" {
    4. 

  4.   source = "./module_sqs_fair_queueing"
    5. 

  5. 

  6.   source_sqs_arn = aws_sqs_queue.queue.arn
    7. 

  7.   sqs_prefix     = "mbox-fair-queueing-test-fq"
    8. 

  8.   num_queues     = 4
    9. 

  9.   hash_jsonpath  = "$" # This will evenly distribute all messages
    10. 

  10.   tags           = local.tags
    11. 

  11. }
    12. 

  12. 

  13. ######################################
    14. 

  14. # Example Resources for testing
    15. 

  15. 

  16. # tfsec:ignore:aws-s3-enable-bucket-logging Logging is a good idea, but we don't here.
    17. 

  17. # tfsec:ignore:aws-s3-enable-versioning Versioning is a good idea, but we don't here.
    18. 

  18. resource "aws_s3_bucket" "bucket" {
    19. 

  19.   bucket        = "mbox-fair-queueing-test"
    20. 

  20.   force_destroy = true
    21. 

  21. 

  22.   tags = merge(local.tags, {
    23. 

  23.     Name        = "mbox-fair-queueing-test"
    24. 

  24.     Environment = "Dev"
    25. 

  25.     Purpose     = "POC bucket for S3 fair queueing"
    26. 

  26.   })
    27. 

  27. }
    28. 

  28. 

  29. resource "aws_s3_bucket_acl" "bucket" {
    30. 

  30.   bucket = aws_s3_bucket.bucket.id
    31. 

  31.   acl    = "private"
    32. 

  32. }
    33. 

  33. 

  34. resource "aws_s3_bucket_public_access_block" "bucket" {
    35. 

  35.   bucket = aws_s3_bucket.bucket.id
    36. 

  36. 

  37.   block_public_acls       = true
    38. 

  38.   block_public_policy     = true
    39. 

  39.   ignore_public_acls      = true
    40. 

  40.   restrict_public_buckets = true
    41. 

  41. }
    42. 

  42. 

  43. # tfsec:ignore:aws-s3-encryption-customer-key AWS managed key is sufficient
    44. 

  44. resource "aws_s3_bucket_server_side_encryption_configuration" "bucket" {
    45. 

  45.   bucket = aws_s3_bucket.bucket.bucket
    46. 

  46. 

  47.   rule {
    48. 

  48.     apply_server_side_encryption_by_default {
    49. 

  49.       sse_algorithm = "AES256"
    50. 

  50.     }
    51. 

  51.   }
    52. 

  52. }
    53. 

  53. 

  54. 

  55. # SNS and SQS configuration for the root bucket
    56. 

  56. # 
    57. 

  57. # NOTE! Only this first sns/sqs needs to be set up.
    58. 

  58. # The module will set up the sqs queues for FIFO.
    59. 

  59. # 
    60. 

  60. # Remember that the consumer service needs access to the FIFO queues,
    61. 

  61. # not these.
    62. 

  62. resource "aws_sqs_queue" "queue" {
    63. 

  63.   name = "mbox-bucket-notification"
    64. 

  64. 

  65.   sqs_managed_sse_enabled = true
    66. 

  66. 

  67.   policy = <<POLICY
    68. 

  68. {
    69. 

  69.   "Version": "2012-10-17",
    70. 

  70.   "Statement": [
    71. 

  71.     {
    72. 

  72.       "Effect": "Allow",
    73. 

  73.       "Principal": "*",
    74. 

  74.       "Action": "sqs:SendMessage",
    75. 

  75.       "Resource": "arn:aws:sqs:*:*:mbox-bucket-notification",
    76. 

  76.       "Condition": {
    77. 

  77.         "ArnEquals": { "aws:SourceArn": "${aws_s3_bucket.bucket.arn}" }
    78. 

  78.       }
    79. 

  79.     }
    80. 

  80.   ]
    81. 

  81. }
    82. 

  82. POLICY
    83. 

  83. 

  84.   depends_on = [aws_s3_bucket.bucket]
    85. 

  85. 

  86.   tags = local.tags
    87. 

  87. }
    88. 

  88. 

  89. resource "aws_s3_bucket_notification" "bucket_notification" {
    90. 

  90.   bucket = aws_s3_bucket.bucket.id
    91. 

  91. 

  92.   queue {
    93. 

  93.     queue_arn     = aws_sqs_queue.queue.arn
    94. 

  94.     events        = ["s3:ObjectCreated:*"]
    95. 

  95.     filter_prefix = "incoming/"
    96. 

  96.   }
    97. 

  97. 

  98.   depends_on = [aws_sqs_queue.queue, aws_s3_bucket.bucket]
    99. 

  99. }
    100.