# Backend Infrastructure - Creates the S3 bucket and DynamoDB table for remote state # This should be run FIRST with local state, then never changed terraform { # No backend configuration - uses local state for bootstrap required_providers { aws = { source = "hashicorp/aws" version = "~> 5.0" } } } provider "aws" { region = var.aws_region } # S3 bucket for Terraform state resource "aws_s3_bucket" "tfstate" { bucket = var.backend_bucket_name tags = { Name = var.backend_bucket_name Environment = "Production" Purpose = "Terraform State Storage" } } # S3 bucket versioning resource "aws_s3_bucket_versioning" "tfstate_versioning" { bucket = aws_s3_bucket.tfstate.id versioning_configuration { status = "Enabled" } } # S3 bucket encryption resource "aws_s3_bucket_server_side_encryption_configuration" "tfstate_encryption" { bucket = aws_s3_bucket.tfstate.id rule { apply_server_side_encryption_by_default { sse_algorithm = "AES256" } } } # S3 bucket public access block resource "aws_s3_bucket_public_access_block" "tfstate_block" { bucket = aws_s3_bucket.tfstate.id block_public_acls = true block_public_policy = true ignore_public_acls = true restrict_public_buckets = true } # DynamoDB table for state locking resource "aws_dynamodb_table" "locks" { name = var.lock_table_name billing_mode = "PAY_PER_REQUEST" hash_key = "LockID" attribute { name = "LockID" type = "S" } point_in_time_recovery { enabled = true } tags = { Name = var.lock_table_name Environment = "Production" Purpose = "Terraform State Locking" } } # Outputs for reference output "s3_bucket_name" { description = "Name of the S3 bucket for Terraform state" value = aws_s3_bucket.tfstate.bucket } output "dynamodb_table_name" { description = "Name of the DynamoDB table for state locking" value = aws_dynamodb_table.locks.name } output "s3_bucket_arn" { description = "ARN of the S3 bucket" value = aws_s3_bucket.tfstate.arn } output "dynamodb_table_arn" { description = "ARN of the DynamoDB table" value = aws_dynamodb_table.locks.arn }