diff --git a/some-dir-2/terraform/.gitignore b/some-dir-2/terraform/.gitignore new file mode 100644 index 0000000..05b2a76 --- /dev/null +++ b/some-dir-2/terraform/.gitignore @@ -0,0 +1,32 @@ +# Source: https://github.com/github/gitignore/blob/main/Terraform.gitignore +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc + diff --git a/some-dir-2/terraform/README.md b/some-dir-2/terraform/README.md new file mode 100644 index 0000000..86308f8 --- /dev/null +++ b/some-dir-2/terraform/README.md @@ -0,0 +1,3 @@ +# README +This is a readme file for IaC generated with StackGen. +You can modify your appStack -> [here](http://main.dev.stackgen.com/appstacks/2c74b69b-130d-4992-9ce5-7265826b6620) diff --git a/some-dir-2/terraform/main.tf b/some-dir-2/terraform/main.tf new file mode 100644 index 0000000..1666f13 --- /dev/null +++ b/some-dir-2/terraform/main.tf @@ -0,0 +1,31 @@ +module "stackgen_02cdd473-eeb6-42a0-8f82-983f2fa8b43e" { + source = "./modules/aws_athena" + athena_engine_version = "AUTO" + bucket_name = module.stackgen_51ed38bd-41dc-4e0c-ab87-a909fa78978b.arn + bytes_scanned_cutoff_per_query = 10485760 + database_force_destroy = false + database_name = "test-athena-2905" + encrypt_query_results = true + encryption_option = "SSE_KMS" + expected_bucket_owner = null + kms_key = null + query = "Select * from table" + query_description = "" + query_name = "test-query-2905" + query_results_encryption_option = "SSE_KMS" + require_encryption_configuration = false + result_output_location = null + set_acl_configuration = false + tags = {} + workgroup_description = null + workgroup_force_destroy = false + workgroup_name = "test-wg-2905" + workgroup_state = "ENABLED" +} + +module "stackgen_51ed38bd-41dc-4e0c-ab87-a909fa78978b" { + source = "./modules/aws_external" + arn = "arn:aws:s3:::drift-detect-tfstates" + resource_type = aws_s3 +} + diff --git a/some-dir-2/terraform/modules/aws_athena/aws_athena.tf b/some-dir-2/terraform/modules/aws_athena/aws_athena.tf new file mode 100644 index 0000000..045f2c0 --- /dev/null +++ b/some-dir-2/terraform/modules/aws_athena/aws_athena.tf @@ -0,0 +1,80 @@ +# named query resource +resource "aws_athena_named_query" "this" { + name = var.query_name + description = var.query_description + query = var.query + workgroup = aws_athena_workgroup.this.id + database = aws_athena_database.this.name +} + +# database resource +resource "aws_athena_database" "this" { + name = var.database_name + bucket = var.bucket_name + dynamic "acl_configuration" { + for_each = var.set_acl_configuration ? [1] : [] + content { + s3_acl_option = "BUCKET_OWNER_FULL_CONTROL" + } + } + + dynamic "encryption_configuration" { + for_each = var.require_encryption_configuration ? [1] : [] + content { + encryption_option = var.encryption_option + kms_key = var.kms_key + } + } + + expected_bucket_owner = var.expected_bucket_owner + force_destroy = var.database_force_destroy +} + +resource "aws_kms_key" "aws_athena-result" { + deletion_window_in_days = 7 + description = "Athena KMS Key" +} + +resource "aws_kms_key" "athena_result_encryption" { + count = var.encrypt_query_results && var.query_results_encryption_option != "SSE_S3" ? 1 : 0 + description = "Custom KMS key for Athena query result encryption." + enable_key_rotation = true +} + +# workgroup resource +resource "aws_athena_workgroup" "this" { + name = var.workgroup_name + description = var.workgroup_description + state = var.workgroup_state + force_destroy = var.workgroup_force_destroy + tags = var.tags + + configuration { + bytes_scanned_cutoff_per_query = var.bytes_scanned_cutoff_per_query + engine_version { + selected_engine_version = var.athena_engine_version + } + result_configuration { + dynamic "encryption_configuration" { + for_each = var.encrypt_query_results ? [1] : [] + content { + encryption_option = var.query_results_encryption_option + kms_key_arn = aws_kms_key.athena_result_encryption[0].arn + } + } + dynamic "acl_configuration" { + for_each = var.set_acl_configuration ? [1] : [] + content { + s3_acl_option = "BUCKET_OWNER_FULL_CONTROL" + } + } + output_location = var.result_output_location + } + } +} + + + + + + diff --git a/some-dir-2/terraform/modules/aws_athena/outputs.tf.json b/some-dir-2/terraform/modules/aws_athena/outputs.tf.json new file mode 100644 index 0000000..c82acb8 --- /dev/null +++ b/some-dir-2/terraform/modules/aws_athena/outputs.tf.json @@ -0,0 +1,19 @@ +{ + "output": { + "arn": { + "description": "The value of the wg_arn output", + "sensitive": false, + "value": "${aws_athena_workgroup.this.arn}" + }, + "database_id": { + "description": "The value of the database_id output", + "sensitive": false, + "value": "${aws_athena_database.this.id}" + }, + "query_id": { + "description": "The value of the query_id output", + "sensitive": false, + "value": "${aws_athena_named_query.this.id}" + } + } +} \ No newline at end of file diff --git a/some-dir-2/terraform/modules/aws_athena/variables.tf.json b/some-dir-2/terraform/modules/aws_athena/variables.tf.json new file mode 100644 index 0000000..f272aae --- /dev/null +++ b/some-dir-2/terraform/modules/aws_athena/variables.tf.json @@ -0,0 +1,161 @@ +{ + "variable": { + "athena_engine_version": [ + { + "default": "AUTO", + "description": "Requested Athena engine version.", + "nullable": false, + "type": "string" + } + ], + "bucket_name": [ + { + "description": "Name of S3 bucket to save the results of the query execution.", + "nullable": false, + "type": "string" + } + ], + "bytes_scanned_cutoff_per_query": [ + { + "default": 10485760, + "description": "The upper data usage limit (cutoff) for the amount of bytes a single query in a workgroup is allowed to scan.", + "nullable": false, + "type": "number" + } + ], + "database_force_destroy": [ + { + "default": false, + "description": "Whether to destroy all tables in the database when destroying the database resource.", + "nullable": false, + "type": "bool" + } + ], + "database_name": [ + { + "description": "Name of the database to create.", + "nullable": false, + "type": "string" + } + ], + "encrypt_query_results": [ + { + "default": true, + "description": "Specifies whether query results must be encrypted, for all queries that run in this workgroup.", + "nullable": false, + "type": "bool" + } + ], + "encryption_option": [ + { + "default": "SSE_KMS", + "description": "Type of key.", + "nullable": false, + "type": "string" + } + ], + "expected_bucket_owner": [ + { + "description": "AWS account ID that you expect to be the owner of the Amazon S3 bucket.", + "nullable": true, + "type": "string" + } + ], + "kms_key": [ + { + "description": "The ARN of the KMS key to be used to decrypt the data in S3.", + "nullable": true, + "type": "string" + } + ], + "query": [ + { + "description": "The query string.", + "nullable": false, + "type": "string" + } + ], + "query_description": [ + { + "description": "The description for the named query.", + "nullable": true, + "type": "string" + } + ], + "query_name": [ + { + "description": "The name of the query.", + "type": "string" + } + ], + "query_results_encryption_option": [ + { + "default": "SSE_KMS", + "description": "Type of encryption.", + "nullable": false, + "type": "string" + } + ], + "require_encryption_configuration": [ + { + "default": false, + "description": "Encryption key block AWS Athena uses to decrypt the data in S3.", + "nullable": false, + "type": "bool" + } + ], + "result_output_location": [ + { + "description": "The location in Amazon S3 where your query results are stored, such as s3://path/to/query/bucket/.", + "nullable": true, + "type": "string" + } + ], + "set_acl_configuration": [ + { + "default": false, + "description": "Should an Amazon S3 canned ACL be set to control ownership of stored query results.", + "nullable": false, + "type": "bool" + } + ], + "workgroup_description": [ + { + "description": "The description of the workgroup.", + "nullable": true, + "type": "string" + } + ], + "workgroup_force_destroy": [ + { + "default": false, + "description": "Option to delete the workgroup and its contents even if the workgroup contains any named queries.", + "nullable": false, + "type": "bool" + } + ], + "workgroup_name": [ + { + "description": "The name of the workgroup.", + "nullable": false, + "type": "string" + } + ], + "workgroup_state": [ + { + "default": "ENABLED", + "description": "The state of the workgroup.", + "nullable": false, + "type": "string" + } + ], + "tags": [ + { + "default": {}, + "description": "A map of tags to apply to the resources", + "type": "map(string)", + "nullable":true + } + ] + } +} \ No newline at end of file diff --git a/some-dir-2/terraform/modules/aws_external/outputs.tf.json b/some-dir-2/terraform/modules/aws_external/outputs.tf.json new file mode 100644 index 0000000..fa94742 --- /dev/null +++ b/some-dir-2/terraform/modules/aws_external/outputs.tf.json @@ -0,0 +1,9 @@ +{ + "output": { + "arn": { + "description": "The value of the arn output", + "sensitive": false, + "value": "${var.arn}" + } + } +} \ No newline at end of file diff --git a/some-dir-2/terraform/modules/aws_external/variables.tf.json b/some-dir-2/terraform/modules/aws_external/variables.tf.json new file mode 100644 index 0000000..b141fb8 --- /dev/null +++ b/some-dir-2/terraform/modules/aws_external/variables.tf.json @@ -0,0 +1,17 @@ +{ + "variable": { + "arn": [ + { + "description": "The ARN of the external resource", + "type": "string" + } + ], + "resource_type": [ + { + "description": "The resource type of the external resource", + "nullable": true, + "type": "string" + } + ] + } +} \ No newline at end of file diff --git a/some-dir-2/terraform/outputs.tf b/some-dir-2/terraform/outputs.tf new file mode 100644 index 0000000..2a9c0d5 --- /dev/null +++ b/some-dir-2/terraform/outputs.tf @@ -0,0 +1,20 @@ +output "aws_athena_stackgen_02cdd473-eeb6-42a0-8f82-983f2fa8b43e_arn" { + value = module.stackgen_02cdd473-eeb6-42a0-8f82-983f2fa8b43e.arn + sensitive = false +} + +output "aws_athena_stackgen_02cdd473-eeb6-42a0-8f82-983f2fa8b43e_database_id" { + value = module.stackgen_02cdd473-eeb6-42a0-8f82-983f2fa8b43e.database_id + sensitive = false +} + +output "aws_athena_stackgen_02cdd473-eeb6-42a0-8f82-983f2fa8b43e_query_id" { + value = module.stackgen_02cdd473-eeb6-42a0-8f82-983f2fa8b43e.query_id + sensitive = false +} + +output "aws_external_stackgen_51ed38bd-41dc-4e0c-ab87-a909fa78978b_arn" { + value = module.stackgen_51ed38bd-41dc-4e0c-ab87-a909fa78978b.arn + sensitive = false +} + diff --git a/some-dir-2/terraform/provider.tf b/some-dir-2/terraform/provider.tf new file mode 100644 index 0000000..f411dbd --- /dev/null +++ b/some-dir-2/terraform/provider.tf @@ -0,0 +1,23 @@ +terraform { + required_version = ">= 1.0.0, < 2.0.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 5.0" + } + + awscc = { // AWS Cloud Control + source = "hashicorp/awscc" + version = "~> 1.0" + } + } +} + +provider "awscc" { + region = var.region +} + +provider "aws" { + region = var.region +} diff --git a/some-dir-2/terraform/variables.tf b/some-dir-2/terraform/variables.tf new file mode 100644 index 0000000..60fa06c --- /dev/null +++ b/some-dir-2/terraform/variables.tf @@ -0,0 +1,4 @@ +variable "region" { + description = "AWS region in which the project needs to be setup (us-east-1, ca-west-1, eu-west-3, etc)" +} +