Skip to content

Automated PR #13

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 32 additions & 0 deletions sales-demo-8492994/terraform/.gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
# Source: https://github.com/github/gitignore/blob/main/Terraform.gitignore
# Local .terraform directories
**/.terraform/*

# .tfstate files
*.tfstate
*.tfstate.*

# Crash log files
crash.log
crash.*.log

# Ignore override files as they are usually used to override resources locally and so
# are not checked in
override.tf
override.tf.json
*_override.tf
*_override.tf.json

# Ignore transient lock info files created by terraform apply
.terraform.tfstate.lock.info

# Include override files you do wish to add to version control using negated pattern
# !example_override.tf

# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
# example: *tfplan*

# Ignore CLI configuration files
.terraformrc
terraform.rc

7 changes: 7 additions & 0 deletions sales-demo-8492994/terraform/.metadata
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
{
"app_stack_name": "untitled-appStack-5aeb8bac",
"iac_type": "Terraform",
"provider": "aws",
"multi_env": false,
"exporter": "terraform"
}
3 changes: 3 additions & 0 deletions sales-demo-8492994/terraform/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
# README
This is a readme file for IaC generated with StackGen.
You can modify your appStack -> [here](http://demo.cloud.stackgen.com/appstacks/7e3dbbf6-6d38-4766-9da6-6725d5d7a048)
5 changes: 5 additions & 0 deletions sales-demo-8492994/terraform/backend.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
terraform {
backend "local" {
path = "/Users/gauravchavan/Documents/demo-s3-aws7744.tfstate"
}
}
16 changes: 16 additions & 0 deletions sales-demo-8492994/terraform/modules.tf.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
{
"module": {
"stackgen_5d42e787-7921-40e1-8c8d-b044556863f8": {
"block_public_access": true,
"bucket_name": "gaurav-drift-bucket",
"bucket_policy": "",
"enable_versioning": true,
"enable_website_configuration": false,
"source": "./modules/aws_s3",
"sse_algorithm": "aws:kms",
"tags": {},
"website_error_document": "404.html",
"website_index_document": "index.html"
}
}
}
107 changes: 107 additions & 0 deletions sales-demo-8492994/terraform/modules/aws_s3/aws_s3.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,107 @@
resource "aws_s3_bucket" "this" {
bucket = var.bucket_name
tags = var.tags
}

# create versioning for the bucket
resource "aws_s3_bucket_versioning" "this" {
# create this resource only if var.versioning is not empty
count = var.enable_versioning ? 1 : 0

bucket = aws_s3_bucket.this.id

# enable versioning
versioning_configuration {
status = "Enabled"
}
}

# Create a server-side encryption configuration for the bucket
resource "aws_s3_bucket_server_side_encryption_configuration" "this" {
# create this resource only if var.sse_algorithm is not empty
count = var.sse_algorithm != "" ? 1 : 0

bucket = aws_s3_bucket.this.id

rule {
apply_server_side_encryption_by_default {
kms_master_key_id = var.sse_algorithm == "aws:kms" ? aws_kms_key.custom_s3_kms_key[0].key_id : null
sse_algorithm = var.sse_algorithm
}
}
}

# block public access
resource "aws_s3_bucket_public_access_block" "this" {

bucket = aws_s3_bucket.this.id

block_public_acls = var.block_public_access
block_public_policy = var.block_public_access
ignore_public_acls = var.block_public_access
restrict_public_buckets = var.block_public_access
}


resource "aws_s3_bucket_website_configuration" "this" {
count = var.enable_website_configuration ? 1 : 0
bucket = aws_s3_bucket.this.id

index_document {
suffix = var.website_index_document
}

error_document {
key = var.website_error_document
}
}

resource "aws_s3_bucket_policy" "website_bucket_policy" {
count = var.enable_website_configuration ? 1 : 0
bucket = aws_s3_bucket.this.id
policy = data.aws_iam_policy_document.website_bucket_policy[0].json
}

data "aws_iam_policy_document" "website_bucket_policy" {
count = var.enable_website_configuration ? 1 : 0
statement {
effect = "Allow"
principals {
type = "AWS"
identifiers = ["*"]
}
actions = ["s3:GetObject"]
resources = ["${aws_s3_bucket.this.arn}/*"]

}
}

resource "aws_s3_bucket_policy" "allow_access" {
count = var.bucket_policy != "" ? 1 : 0
bucket = aws_s3_bucket.this.id
policy = var.bucket_policy
}


resource "aws_kms_key" "custom_s3_kms_key" {
count = var.sse_algorithm == "aws:kms" ? 1 : 0
description = "Custom KMS key for s3 bucket encryption"
enable_key_rotation = true
}

resource "aws_kms_alias" "a" {
count = var.sse_algorithm == "aws:kms" ? 1 : 0
name = "alias/s3-${replace(aws_s3_bucket.this.bucket, ".", "-")}"
target_key_id = aws_kms_key.custom_s3_kms_key[0].key_id
}

data "aws_caller_identity" "current" {}









24 changes: 24 additions & 0 deletions sales-demo-8492994/terraform/modules/aws_s3/outputs.tf.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
{
"output": {
"arn": {
"description": "The value of the arn output",
"sensitive": false,
"value": "${aws_s3_bucket.this.arn}"
},
"bucket_name": {
"description": "The value of the bucket_name output",
"sensitive": false,
"value": "${aws_s3_bucket.this.id}"
},
"bucket_website_endpoint": {
"description": "The value of the bucket_website_endpoint output",
"sensitive": false,
"value": "${var.enable_website_configuration ? aws_s3_bucket_website_configuration.this[0].website_endpoint : null}"
},
"kms_arn": {
"description": "The value of the kms_arn output",
"sensitive": false,
"value": "${var.sse_algorithm == \"aws:kms\" ? aws_kms_key.custom_s3_kms_key[0].arn : null}"
}
}
}
72 changes: 72 additions & 0 deletions sales-demo-8492994/terraform/modules/aws_s3/variables.tf.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,72 @@
{
"variable": {
"block_public_access": [
{
"default": true,
"description": "A state of block public access. If false, block public access is not enabled.",
"type": "bool",
"nullable": true
}
],
"bucket_name": [
{
"description": "The name of the s3 bucket",
"nullable": false,
"type": "string"
}
],
"enable_versioning": [
{
"default": true,
"description": "Enable versioning for the bucket",
"type": "bool",
"nullable": true
}
],
"sse_algorithm": [
{
"default": "aws:kms",
"description": "The server-side encryption algorithm to use. Valid values are AES256 and aws:kms. If you specify aws:kms, a new KMS key will be provisioned and used. If empty, no encryption is performed.",
"type": "string",
"nullable": true
}
],
"enable_website_configuration": [
{
"default": false,
"description": "Enable website configuration for the bucket",
"type": "bool"
}
],
"website_index_document": [
{
"description": "The index document for the bucket",
"type": "string",
"default": "index.html"
}
],
"website_error_document": [
{
"description": "The error document for the bucket",
"type": "string",
"default": "404.html"
}
],
"bucket_policy": [
{
"description": "The IAM policy of the bucket (can be used to allow access to other roles or accounts)",
"type": "string",
"default": "",
"nullable": true
}
],
"tags": [
{
"default": {},
"description": "A mapping of AWS tags to assign to the bucket.",
"type": "map(string)",
"nullable": true
}
]
}
}
20 changes: 20 additions & 0 deletions sales-demo-8492994/terraform/outputs.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
output "aws_s3_stackgen_5d42e787-7921-40e1-8c8d-b044556863f8_arn" {
value = module.stackgen_5d42e787-7921-40e1-8c8d-b044556863f8.arn
sensitive = false
}

output "aws_s3_stackgen_5d42e787-7921-40e1-8c8d-b044556863f8_bucket_name" {
value = module.stackgen_5d42e787-7921-40e1-8c8d-b044556863f8.bucket_name
sensitive = false
}

output "aws_s3_stackgen_5d42e787-7921-40e1-8c8d-b044556863f8_bucket_website_endpoint" {
value = module.stackgen_5d42e787-7921-40e1-8c8d-b044556863f8.bucket_website_endpoint
sensitive = false
}

output "aws_s3_stackgen_5d42e787-7921-40e1-8c8d-b044556863f8_kms_arn" {
value = module.stackgen_5d42e787-7921-40e1-8c8d-b044556863f8.kms_arn
sensitive = false
}

23 changes: 23 additions & 0 deletions sales-demo-8492994/terraform/provider.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
terraform {
required_version = ">= 1.0.0, < 2.0.0"

required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 5.0"
}

awscc = { // AWS Cloud Control
source = "hashicorp/awscc"
version = "~> 1.0"
}
}
}

provider "awscc" {
region = var.region
}

provider "aws" {
region = var.region
}
3 changes: 3 additions & 0 deletions sales-demo-8492994/terraform/variables.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
variable "region" {
description = "AWS region in which the project needs to be setup (us-east-1, ca-west-1, eu-west-3, etc)"
}
Loading