automated terminal push
This commit is contained in:
lenape
99
terraform-backend/main.tf
Normal file
99
terraform-backend/main.tf
Normal file
@@ -0,0 +1,99 @@
|
||||
# Backend Infrastructure - Creates the S3 bucket and DynamoDB table for remote state
|
||||
# This should be run FIRST with local state, then never changed
|
||||
|
||||
terraform {
|
||||
# No backend configuration - uses local state for bootstrap
|
||||
required_providers {
|
||||
aws = {
|
||||
source = "hashicorp/aws"
|
||||
version = "~> 5.0"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
provider "aws" {
|
||||
region = var.aws_region
|
||||
}
|
||||
|
||||
# S3 bucket for Terraform state
|
||||
resource "aws_s3_bucket" "tfstate" {
|
||||
bucket = var.backend_bucket_name
|
||||
|
||||
tags = {
|
||||
Name = var.backend_bucket_name
|
||||
Environment = "Production"
|
||||
Purpose = "Terraform State Storage"
|
||||
}
|
||||
}
|
||||
|
||||
# S3 bucket versioning
|
||||
resource "aws_s3_bucket_versioning" "tfstate_versioning" {
|
||||
bucket = aws_s3_bucket.tfstate.id
|
||||
versioning_configuration {
|
||||
status = "Enabled"
|
||||
}
|
||||
}
|
||||
|
||||
# S3 bucket encryption
|
||||
resource "aws_s3_bucket_server_side_encryption_configuration" "tfstate_encryption" {
|
||||
bucket = aws_s3_bucket.tfstate.id
|
||||
|
||||
rule {
|
||||
apply_server_side_encryption_by_default {
|
||||
sse_algorithm = "AES256"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
# S3 bucket public access block
|
||||
resource "aws_s3_bucket_public_access_block" "tfstate_block" {
|
||||
bucket = aws_s3_bucket.tfstate.id
|
||||
|
||||
block_public_acls = true
|
||||
block_public_policy = true
|
||||
ignore_public_acls = true
|
||||
restrict_public_buckets = true
|
||||
}
|
||||
|
||||
# DynamoDB table for state locking
|
||||
resource "aws_dynamodb_table" "locks" {
|
||||
name = var.lock_table_name
|
||||
billing_mode = "PAY_PER_REQUEST"
|
||||
hash_key = "LockID"
|
||||
|
||||
attribute {
|
||||
name = "LockID"
|
||||
type = "S"
|
||||
}
|
||||
|
||||
point_in_time_recovery {
|
||||
enabled = true
|
||||
}
|
||||
|
||||
tags = {
|
||||
Name = var.lock_table_name
|
||||
Environment = "Production"
|
||||
Purpose = "Terraform State Locking"
|
||||
}
|
||||
}
|
||||
|
||||
# Outputs for reference
|
||||
output "s3_bucket_name" {
|
||||
description = "Name of the S3 bucket for Terraform state"
|
||||
value = aws_s3_bucket.tfstate.bucket
|
||||
}
|
||||
|
||||
output "dynamodb_table_name" {
|
||||
description = "Name of the DynamoDB table for state locking"
|
||||
value = aws_dynamodb_table.locks.name
|
||||
}
|
||||
|
||||
output "s3_bucket_arn" {
|
||||
description = "ARN of the S3 bucket"
|
||||
value = aws_s3_bucket.tfstate.arn
|
||||
}
|
||||
|
||||
output "dynamodb_table_arn" {
|
||||
description = "ARN of the DynamoDB table"
|
||||
value = aws_dynamodb_table.locks.arn
|
||||
}
|
||||
17
terraform-backend/variables.tf
Normal file
17
terraform-backend/variables.tf
Normal file
@@ -0,0 +1,17 @@
|
||||
variable "aws_region" {
|
||||
description = "AWS region for resources"
|
||||
type = string
|
||||
default = "us-east-2"
|
||||
}
|
||||
|
||||
variable "backend_bucket_name" {
|
||||
description = "Name of the S3 bucket for Terraform state"
|
||||
type = string
|
||||
default = "nvhi-atsila-tf-state"
|
||||
}
|
||||
|
||||
variable "lock_table_name" {
|
||||
description = "Name of the DynamoDB table for state locking"
|
||||
type = string
|
||||
default = "nvhi-atsila-locks"
|
||||
}
|
||||
Reference in New Issue
Block a user