This module creates and configures a S3 bucket backend and DynamoDB lock table for terraform state files.
module "bootstrap" {
source = "sourcefuse/arc-bootstrap/aws"
version = "1.0.9"
bucket_name = var.bucket_name
dynamodb_name = var.dynamodb_name
dynamo_kms_master_key_id = var.dynamo_kms_master_key_id
}| Name | Version |
|---|---|
| terraform | ~> 1.4 |
| aws | ~> 3.0 |
| Name | Version |
|---|---|
| aws | 3.75.2 |
No modules.
| Name | Type |
|---|---|
| aws_dynamodb_table.terraform_state_lock | resource |
| aws_s3_bucket.private | resource |
| aws_s3_bucket_analytics_configuration.private_analytics_config | resource |
| aws_s3_bucket_inventory.inventory | resource |
| aws_s3_bucket_public_access_block.public_access_block | resource |
| aws_caller_identity.current | data source |
| aws_iam_policy_document.policy | data source |
| aws_partition.current | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| abort_incomplete_multipart_upload_days | Specifies the number of days after initiating a multipart upload when the multipart upload must be completed. | number |
14 |
no |
| bucket_key_enabled | Whether or not to use Amazon S3 Bucket Keys for SSE-KMS. | bool |
false |
no |
| bucket_name | The name of the bucket. | string |
n/a | yes |
| cors_rules | List of maps containing rules for Cross-Origin Resource Sharing. | list(any) |
[] |
no |
| dynamo_kms_master_key_id | The Default ID of an AWS-managed customer master key (CMK) for Amazon Dynamo | string |
null |
no |
| dynamodb_hash_key | The attribute to use as the hash (partition) key. | string |
"LockID" |
no |
| dynamodb_name | The name of the table, this needs to be unique within a region. | string |
n/a | yes |
| enable_analytics | Enables storage class analytics on the bucket. | bool |
true |
no |
| enable_bucket_force_destroy | A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. | bool |
false |
no |
| enable_bucket_inventory | If set to true, Bucket Inventory will be enabled. | bool |
false |
no |
| enable_bucket_logging | Enable bucket activity logging. | bool |
false |
no |
| enable_dynamodb_point_in_time_recovery | Whether to enable point-in-time recovery - note that it can take up to 10 minutes to enable for new tables. | bool |
true |
no |
| enable_s3_public_access_block | Bool for toggling whether the s3 public access block resource should be enabled. | bool |
true |
no |
| enable_versioning | Enable versioning. Once you version-enable a bucket, it can never return to an unversioned state. | bool |
true |
no |
| expiration | Specifies a period in the object's expire. | list(any) |
[ |
no |
| inventory_bucket_format | The format for the inventory file. Default is ORC. Options are ORC or CSV. | string |
"ORC" |
no |
| kms_master_key_id | The AWS KMS master key ID used for the SSE-KMS encryption. | string |
"" |
no |
| logging_bucket_name | The S3 bucket to send S3 access logs. | string |
"" |
no |
| logging_bucket_target_prefix | To specify a key prefix for log objects. | string |
"" |
no |
| mfa_delete | mfa_delete is disabled | bool |
false |
no |
| noncurrent_version_expiration | Number of days until non-current version of object expires | number |
365 |
no |
| noncurrent_version_transitions | Non-current version transition blocks | list(any) |
[ |
no |
| schedule_frequency | The S3 bucket inventory frequency. Defaults to Weekly. Options are 'Weekly' or 'Daily'. | string |
"Weekly" |
no |
| sse_algorithm | The server-side encryption algorithm to use. Valid values are AES256 and aws:kms | string |
"AES256" |
no |
| tags | A mapping of tags to assign to the bucket. | map(string) |
{ |
no |
| transitions | Current version transition blocks | list(any) |
[] |
no |
| Name | Description |
|---|---|
| bucket_arn | n/a |
| bucket_id | n/a |
| bucket_name | n/a |
| dynamodb_arn | n/a |
| dynamodb_id | n/a |
| dynamodb_name | n/a |
On initial run, this project will create a local terraform state file. DO NOT delete this file. Once our backend and lock table are created, we will migrate the state to the new backend.
After the initial apply of terraform, you can uncomment this section and save the state to the backend.
terraform {
required_version = "~> 1.0.3"
backend "s3" {
region = "us-east-1"
key = "terraform-bootstrap/terraform.tfstate"
bucket = "terraformbucketexample"
dynamodb_table = "terraform-lock"
encrypt = true
}
}Then run terraform init to initialize the new backend:
Initializing modules...
Initializing the backend...
Do you want to migrate all workspaces to "aws"?
Both the existing "local" backend and the newly configured "aws" backend
support workspaces. When migrating between backends, Terraform will copy
all workspaces (with the same names). THIS WILL OVERWRITE any conflicting
states in the destination.
Terraform initialization doesn't currently migrate only select workspaces.
If you want to migrate a select number of workspaces, you must manually
pull and push those states.
If you answer "yes", Terraform will migrate all states. If you answer
"no", Terraform will abort.
Our local state has now been migrated to the new backend. It is now safe to remove the local terraform.tfstate.
while Contributing or doing git commit please specify the breaking change in your commit message whether its major,minor or patch
For Example
git commit -m "your commit message #major"By specifying this , it will bump the version and if you dont specify this in your commit message then by default it will consider patch and will bump that accordingly
- Configure pre-commit hooks
pre-commit install- Configure golang deps for tests
go get github.com/gruntwork-io/terratest/modules/terraform
go get github.com/stretchr/testify/assert- Execute pre-commit
pre-commit run -aThis project is authored by below people
This project was generated by generator-tf-module
| Name | Version |
|---|---|
| aws | ~> 3.0 |
| Name | Version |
|---|---|
| aws | ~> 3.0 |
No modules.
| Name | Type |
|---|---|
| aws_dynamodb_table.terraform_state_lock | resource |
| aws_s3_bucket.private | resource |
| aws_s3_bucket_analytics_configuration.private_analytics_config | resource |
| aws_s3_bucket_inventory.inventory | resource |
| aws_s3_bucket_public_access_block.public_access_block | resource |
| aws_caller_identity.current | data source |
| aws_iam_policy_document.policy | data source |
| aws_partition.current | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| abort_incomplete_multipart_upload_days | Specifies the number of days after initiating a multipart upload when the multipart upload must be completed. | number |
14 |
no |
| bucket_key_enabled | Whether or not to use Amazon S3 Bucket Keys for SSE-KMS. | bool |
false |
no |
| bucket_name | The name of the bucket. | any |
n/a | yes |
| cors_rules | List of maps containing rules for Cross-Origin Resource Sharing. | list(any) |
[] |
no |
| dynamodb_hash_key | The attribute to use as the hash (partition) key. | string |
"LockID" |
no |
| dynamodb_name | The name of the table, this needs to be unique within a region. | any |
n/a | yes |
| enable_analytics | Enables storage class analytics on the bucket. | bool |
true |
no |
| enable_bucket_force_destroy | A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. | bool |
false |
no |
| enable_bucket_inventory | If set to true, Bucket Inventory will be enabled. | bool |
false |
no |
| enable_bucket_logging | Enable bucket activity logging. | bool |
false |
no |
| enable_dynamodb_point_in_time_recovery | Whether to enable point-in-time recovery - note that it can take up to 10 minutes to enable for new tables. | bool |
false |
no |
| enable_s3_public_access_block | Bool for toggling whether the s3 public access block resource should be enabled. | bool |
true |
no |
| enable_versioning | Enable versioning. Once you version-enable a bucket, it can never return to an unversioned state. | bool |
true |
no |
| expiration | Specifies a period in the object's expire. | list(any) |
[ |
no |
| inventory_bucket_format | The format for the inventory file. Default is ORC. Options are ORC or CSV. | string |
"ORC" |
no |
| kms_master_key_id | The AWS KMS master key ID used for the SSE-KMS encryption. | string |
"" |
no |
| logging_bucket_name | The S3 bucket to send S3 access logs. | string |
"" |
no |
| logging_bucket_target_prefix | To specify a key prefix for log objects. | string |
"" |
no |
| noncurrent_version_expiration | Number of days until non-current version of object expires | number |
365 |
no |
| noncurrent_version_transitions | Non-current version transition blocks | list(any) |
[ |
no |
| schedule_frequency | The S3 bucket inventory frequency. Defaults to Weekly. Options are 'Weekly' or 'Daily'. | string |
"Weekly" |
no |
| sse_algorithm | The server-side encryption algorithm to use. Valid values are AES256 and aws:kms | string |
"AES256" |
no |
| tags | A mapping of tags to assign to the bucket. | map(string) |
{ |
no |
| transitions | Current version transition blocks | list(any) |
[] |
no |
| Name | Description |
|---|---|
| bucket_arn | n/a |
| bucket_id | n/a |
| bucket_name | n/a |
| dynamodb_arn | n/a |
| dynamodb_id | n/a |
| dynamodb_name | n/a |