nvhi-atsila-microservice/terraform-backend/main.tf

# Backend Infrastructure - Creates the S3 bucket and DynamoDB table for remote state
# This should be run FIRST with local state, then never changed

terraform {
  # No backend configuration - uses local state for bootstrap
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 5.0"
    }
  }
}

provider "aws" {
  region = var.aws_region
}

# S3 bucket for Terraform state
resource "aws_s3_bucket" "tfstate" {
  bucket = var.backend_bucket_name

  tags = {
    Name        = var.backend_bucket_name
    Environment = "Production"
    Purpose     = "Terraform State Storage"
  }
}

# S3 bucket versioning
resource "aws_s3_bucket_versioning" "tfstate_versioning" {
  bucket = aws_s3_bucket.tfstate.id
  versioning_configuration {
    status = "Enabled"
  }
}

# S3 bucket encryption
resource "aws_s3_bucket_server_side_encryption_configuration" "tfstate_encryption" {
  bucket = aws_s3_bucket.tfstate.id

  rule {
    apply_server_side_encryption_by_default {
      sse_algorithm = "AES256"
    }
  }
}

# S3 bucket public access block
resource "aws_s3_bucket_public_access_block" "tfstate_block" {
  bucket = aws_s3_bucket.tfstate.id

  block_public_acls       = true
  block_public_policy     = true
  ignore_public_acls      = true
  restrict_public_buckets = true
}

# DynamoDB table for state locking
resource "aws_dynamodb_table" "locks" {
  name         = var.lock_table_name
  billing_mode = "PAY_PER_REQUEST"
  hash_key     = "LockID"

  attribute {
    name = "LockID"
    type = "S"
  }

  point_in_time_recovery {
    enabled = true
  }

  tags = {
    Name        = var.lock_table_name
    Environment = "Production"
    Purpose     = "Terraform State Locking"
  }
}

# Outputs for reference
output "s3_bucket_name" {
  description = "Name of the S3 bucket for Terraform state"
  value       = aws_s3_bucket.tfstate.bucket
}

output "dynamodb_table_name" {
  description = "Name of the DynamoDB table for state locking"
  value       = aws_dynamodb_table.locks.name
}

output "s3_bucket_arn" {
  description = "ARN of the S3 bucket"
  value       = aws_s3_bucket.tfstate.arn
}

output "dynamodb_table_arn" {
  description = "ARN of the DynamoDB table"
  value       = aws_dynamodb_table.locks.arn
}
automated terminal push 2025-07-12 18:19:18 +00:00			`# Backend Infrastructure - Creates the S3 bucket and DynamoDB table for remote state`
			`# This should be run FIRST with local state, then never changed`

			`terraform {`
			`# No backend configuration - uses local state for bootstrap`
			`required_providers {`
			`aws = {`
			`source = "hashicorp/aws"`
			`version = "~> 5.0"`
			`}`
			`}`
			`}`

			`provider "aws" {`
			`region = var.aws_region`
			`}`

			`# S3 bucket for Terraform state`
			`resource "aws_s3_bucket" "tfstate" {`
			`bucket = var.backend_bucket_name`

			`tags = {`
			`Name = var.backend_bucket_name`
			`Environment = "Production"`
			`Purpose = "Terraform State Storage"`
			`}`
			`}`

			`# S3 bucket versioning`
			`resource "aws_s3_bucket_versioning" "tfstate_versioning" {`
			`bucket = aws_s3_bucket.tfstate.id`
			`versioning_configuration {`
			`status = "Enabled"`
			`}`
			`}`

			`# S3 bucket encryption`
			`resource "aws_s3_bucket_server_side_encryption_configuration" "tfstate_encryption" {`
			`bucket = aws_s3_bucket.tfstate.id`

			`rule {`
			`apply_server_side_encryption_by_default {`
			`sse_algorithm = "AES256"`
			`}`
			`}`
			`}`

			`# S3 bucket public access block`
			`resource "aws_s3_bucket_public_access_block" "tfstate_block" {`
			`bucket = aws_s3_bucket.tfstate.id`

			`block_public_acls = true`
			`block_public_policy = true`
			`ignore_public_acls = true`
			`restrict_public_buckets = true`
			`}`

			`# DynamoDB table for state locking`
			`resource "aws_dynamodb_table" "locks" {`
			`name = var.lock_table_name`
			`billing_mode = "PAY_PER_REQUEST"`
			`hash_key = "LockID"`

			`attribute {`
			`name = "LockID"`
			`type = "S"`
			`}`

			`point_in_time_recovery {`
			`enabled = true`
			`}`

			`tags = {`
			`Name = var.lock_table_name`
			`Environment = "Production"`
			`Purpose = "Terraform State Locking"`
			`}`
			`}`

			`# Outputs for reference`
			`output "s3_bucket_name" {`
			`description = "Name of the S3 bucket for Terraform state"`
			`value = aws_s3_bucket.tfstate.bucket`
			`}`

			`output "dynamodb_table_name" {`
			`description = "Name of the DynamoDB table for state locking"`
			`value = aws_dynamodb_table.locks.name`
			`}`

			`output "s3_bucket_arn" {`
			`description = "ARN of the S3 bucket"`
			`value = aws_s3_bucket.tfstate.arn`
			`}`

			`output "dynamodb_table_arn" {`
			`description = "ARN of the DynamoDB table"`
			`value = aws_dynamodb_table.locks.arn`
			`}`