From aca112144ebd6c04bc8a0b6eb3ddee2801a1deb2 Mon Sep 17 00:00:00 2001 From: stackgen-automation Date: Sat, 28 Sep 2024 09:47:25 +0000 Subject: [PATCH 1/2] Automated commit --- infra/terraform/.gitignore | 38 ++++ infra/terraform/README.md | 3 + infra/terraform/modules.tf.json | 84 +++++++++ .../aws_cloudwatch_log_group.tf | 10 ++ .../aws_cloudwatch_log_group/outputs.tf.json | 14 ++ .../variables.tf.json | 26 +++ .../modules/aws_iam_role/aws_iam_role.tf | 17 ++ .../modules/aws_iam_role/outputs.tf.json | 14 ++ .../modules/aws_iam_role/variables.tf.json | 44 +++++ .../aws_iam_role_policy.tf | 5 + .../aws_iam_role_policy/variables.tf.json | 29 +++ .../modules/aws_lambda/aws_lambda.tf | 121 +++++++++++++ .../modules/aws_lambda/outputs.tf.json | 24 +++ .../modules/aws_lambda/variables.tf.json | 165 ++++++++++++++++++ infra/terraform/modules/aws_s3/aws_s3.tf | 107 ++++++++++++ .../terraform/modules/aws_s3/outputs.tf.json | 24 +++ .../modules/aws_s3/variables.tf.json | 71 ++++++++ infra/terraform/outputs.tf | 71 ++++++++ infra/terraform/provider.tf | 14 ++ infra/terraform/variables.tf | 3 + 20 files changed, 884 insertions(+) create mode 100644 infra/terraform/.gitignore create mode 100644 infra/terraform/README.md create mode 100644 infra/terraform/modules.tf.json create mode 100644 infra/terraform/modules/aws_cloudwatch_log_group/aws_cloudwatch_log_group.tf create mode 100644 infra/terraform/modules/aws_cloudwatch_log_group/outputs.tf.json create mode 100644 infra/terraform/modules/aws_cloudwatch_log_group/variables.tf.json create mode 100644 infra/terraform/modules/aws_iam_role/aws_iam_role.tf create mode 100644 infra/terraform/modules/aws_iam_role/outputs.tf.json create mode 100644 infra/terraform/modules/aws_iam_role/variables.tf.json create mode 100644 infra/terraform/modules/aws_iam_role_policy/aws_iam_role_policy.tf create mode 100644 infra/terraform/modules/aws_iam_role_policy/variables.tf.json create mode 100644 infra/terraform/modules/aws_lambda/aws_lambda.tf create mode 100644 infra/terraform/modules/aws_lambda/outputs.tf.json create mode 100644 infra/terraform/modules/aws_lambda/variables.tf.json create mode 100644 infra/terraform/modules/aws_s3/aws_s3.tf create mode 100644 infra/terraform/modules/aws_s3/outputs.tf.json create mode 100644 infra/terraform/modules/aws_s3/variables.tf.json create mode 100644 infra/terraform/outputs.tf create mode 100644 infra/terraform/provider.tf create mode 100644 infra/terraform/variables.tf diff --git a/infra/terraform/.gitignore b/infra/terraform/.gitignore new file mode 100644 index 0000000..7379132 --- /dev/null +++ b/infra/terraform/.gitignore @@ -0,0 +1,38 @@ +# Source: https://github.com/github/gitignore/blob/main/Terraform.gitignore +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Ignore transient lock info files created by terraform apply +.terraform.tfstate.lock.info + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc diff --git a/infra/terraform/README.md b/infra/terraform/README.md new file mode 100644 index 0000000..ebc5b8c --- /dev/null +++ b/infra/terraform/README.md @@ -0,0 +1,3 @@ +# README +This is a readme file for IaC generated with appCD. +You can modify your appStack -> [here](http://cloud.stackgen.com/appstacks/79b6128e-55c9-4866-b3bd-5e987ad12e89) diff --git a/infra/terraform/modules.tf.json b/infra/terraform/modules.tf.json new file mode 100644 index 0000000..38f334f --- /dev/null +++ b/infra/terraform/modules.tf.json @@ -0,0 +1,84 @@ +{ + "module": { + "appcd_00a20b0a-2ec0-5bdc-a08d-65a85dc81d5b": { + "architecture": "x86_64", + "authorization_type": "NONE", + "cors": [], + "create_function_url": true, + "description": null, + "environment_variables": { + "IMAGES_BUCKET": "leodavis9344" + }, + "event_source_arn": null, + "event_source_mapping": [], + "filename": null, + "function_name": "hello-kitty-function-leodavis9344", + "handler": "main.lambda_handler", + "log_format": null, + "log_group_name": "${module.appcd_86ec452a-770a-59bf-87dd-67ed883e25e5.name}", + "memory_size": 128, + "role": "${module.appcd_b71fd16c-797e-5a95-8e1b-ab22f1e34f43.arn}", + "runtime": "python3.8", + "s3_bucket": "stackgen-builds", + "s3_key": "build/app.zip", + "s3_object_version": null, + "source": "./modules/aws_lambda", + "system_log_level": null, + "tags": { + "appstack": "hello-kittyy", + "component": "hello-kitty" + }, + "timeout": 3 + }, + "appcd_551e1d2b-88ec-5406-87cf-c51521bbe894": { + "block_public_access": true, + "bucket_name": "leodavis9344", + "bucket_policy": "", + "enable_versioning": true, + "enable_website_configuration": false, + "source": "./modules/aws_s3", + "sse_algorithm": "aws:kms", + "tags": { + "appstack": "hello-kittyy", + "component": "hello-kitty" + }, + "website_error_document": "404.html", + "website_index_document": "index.html" + }, + "appcd_7d6a4095-5599-4601-af7e-02c91a095ada": { + "name": "aws_s3-hello-kitty-policy", + "policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"AllowKmsAccess\",\n \"Action\": [\n \"kms:Decrypt\",\n \"kms:Encrypt\",\n \"kms:GenerateDataKey\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": [\n \"${module.appcd_551e1d2b-88ec-5406-87cf-c51521bbe894.kms_arn}\"\n ]\n },\n {\n \"Sid\": \"hellokittyIMAGESBUCKETS3Bucket551e1d2b88ec540687cfc51521bbe894\",\n \"Action\": [\n \"s3:PutObject\",\n \"s3:ListBucket\",\n \"s3:GetObject\",\n \"s3:GetObjectVersion\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": [\n \"${module.appcd_551e1d2b-88ec-5406-87cf-c51521bbe894.arn}\",\n \"${module.appcd_551e1d2b-88ec-5406-87cf-c51521bbe894.arn}/*\"\n ]\n }\n ]\n}", + "role": "${module.appcd_b71fd16c-797e-5a95-8e1b-ab22f1e34f43.name}", + "role_type": "Custom", + "source": "./modules/aws_iam_role_policy" + }, + "appcd_86ec452a-770a-59bf-87dd-67ed883e25e5": { + "name": "/aws/lambda/hello-kitty-function-leodavis9344", + "retention_in_days": 7, + "source": "./modules/aws_cloudwatch_log_group", + "tags": { + "appstack": "hello-kittyy", + "component": "hello-kitty" + } + }, + "appcd_a3ef0f41-97b7-4f03-a9db-b9ac21e97e7c": { + "name": "Writer", + "policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"CloudWatchLogGroup86ec452a770a59bf87dd67ed883e25e50\",\n \"Action\": [\n \"logs:CreateLogGroup\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": [\n \"${module.appcd_86ec452a-770a-59bf-87dd-67ed883e25e5.arn}\"\n ]\n },\n {\n \"Sid\": \"CloudWatchLogGroup86ec452a770a59bf87dd67ed883e25e51\",\n \"Action\": [\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": [\n \"${module.appcd_86ec452a-770a-59bf-87dd-67ed883e25e5.arn}:*\"\n ]\n }\n ]\n}", + "role": "${module.appcd_b71fd16c-797e-5a95-8e1b-ab22f1e34f43.name}", + "role_type": "Writer", + "source": "./modules/aws_iam_role_policy" + }, + "appcd_b71fd16c-797e-5a95-8e1b-ab22f1e34f43": { + "assume_role_policy": "{\n\t\"Version\": \"2012-10-17\",\n\t\"Statement\": {\n\t\t\"Action\": \"sts:AssumeRole\",\n\t\t\"Effect\": \"Allow\",\n\t\t\"Principal\": {\n\t\t\t\"Service\": \"lambda.amazonaws.com\"\n\t\t}\n\t}\n}", + "description": null, + "force_detach_policies": true, + "inline_policy": [], + "name": "hello-kitty-role-leodavis9344", + "source": "./modules/aws_iam_role", + "tags": { + "appstack": "hello-kittyy", + "component": "hello-kitty" + } + } + } +} \ No newline at end of file diff --git a/infra/terraform/modules/aws_cloudwatch_log_group/aws_cloudwatch_log_group.tf b/infra/terraform/modules/aws_cloudwatch_log_group/aws_cloudwatch_log_group.tf new file mode 100644 index 0000000..5290a78 --- /dev/null +++ b/infra/terraform/modules/aws_cloudwatch_log_group/aws_cloudwatch_log_group.tf @@ -0,0 +1,10 @@ +resource "aws_cloudwatch_log_group" "this" { + name = var.name + retention_in_days = var.retention_in_days + + tags = var.tags +} + + + + diff --git a/infra/terraform/modules/aws_cloudwatch_log_group/outputs.tf.json b/infra/terraform/modules/aws_cloudwatch_log_group/outputs.tf.json new file mode 100644 index 0000000..2c2f8a2 --- /dev/null +++ b/infra/terraform/modules/aws_cloudwatch_log_group/outputs.tf.json @@ -0,0 +1,14 @@ +{ + "output": { + "arn": { + "description": "The value of the arn output", + "sensitive": false, + "value": "${aws_cloudwatch_log_group.this.arn}" + }, + "name": { + "description": "The value of the name output", + "sensitive": false, + "value": "${aws_cloudwatch_log_group.this.name}" + } + } +} \ No newline at end of file diff --git a/infra/terraform/modules/aws_cloudwatch_log_group/variables.tf.json b/infra/terraform/modules/aws_cloudwatch_log_group/variables.tf.json new file mode 100644 index 0000000..e2286c1 --- /dev/null +++ b/infra/terraform/modules/aws_cloudwatch_log_group/variables.tf.json @@ -0,0 +1,26 @@ +{ + "variable": { + "name": [ + { + "description": "The name of the log group", + "type": "string" + } + ], + "retention_in_days": [ + { + "description": "The number of days to retain log events", + "type": "number", + "nullable": true, + "default": 7 + } + ], + "tags": [ + { + "description": "A map of tags to add to all resources", + "default": {}, + "type": "map(string)", + "nullable": true + } + ] + } +} diff --git a/infra/terraform/modules/aws_iam_role/aws_iam_role.tf b/infra/terraform/modules/aws_iam_role/aws_iam_role.tf new file mode 100644 index 0000000..575d9d1 --- /dev/null +++ b/infra/terraform/modules/aws_iam_role/aws_iam_role.tf @@ -0,0 +1,17 @@ +resource "aws_iam_role" "this" { + name = var.name + description = var.description + assume_role_policy = var.assume_role_policy + + dynamic "inline_policy" { + for_each = var.inline_policy + content { + name = inline_policy.value["name"] + policy = inline_policy.value["policy"] + } + } + force_detach_policies = var.force_detach_policies + tags = var.tags +} + + diff --git a/infra/terraform/modules/aws_iam_role/outputs.tf.json b/infra/terraform/modules/aws_iam_role/outputs.tf.json new file mode 100644 index 0000000..9c2ea74 --- /dev/null +++ b/infra/terraform/modules/aws_iam_role/outputs.tf.json @@ -0,0 +1,14 @@ +{ + "output": { + "arn": { + "description": "The value of the arn output", + "sensitive": false, + "value": "${aws_iam_role.this.arn}" + }, + "name": { + "description": "The value of the name output", + "sensitive": false, + "value": "${aws_iam_role.this.name}" + } + } +} \ No newline at end of file diff --git a/infra/terraform/modules/aws_iam_role/variables.tf.json b/infra/terraform/modules/aws_iam_role/variables.tf.json new file mode 100644 index 0000000..82f2c5a --- /dev/null +++ b/infra/terraform/modules/aws_iam_role/variables.tf.json @@ -0,0 +1,44 @@ +{ + "variable": { + "assume_role_policy": [ + { + "description": "The policy that grants an entity permission to assume the role", + "type": "string" + } + ], + "description": [ + { + "description": "The description of the role", + "nullable": true, + "type": "string" + } + ], + "force_detach_policies": [ + { + "default": true, + "description": "Specifies to force detaching any policies the role has before destroying it", + "type": "bool" + } + ], + "inline_policy": [ + { + "description": "The policy document", + "nullable": true, + "type": "list(object({ name: string, policy: string }))" + } + ], + "name": [ + { + "description": "The name of the role", + "type": "string" + } + ], + "tags": [ + { + "description": "A mapping of tags to assign to the role", + "nullable": true, + "type": "map(string)" + } + ] + } +} \ No newline at end of file diff --git a/infra/terraform/modules/aws_iam_role_policy/aws_iam_role_policy.tf b/infra/terraform/modules/aws_iam_role_policy/aws_iam_role_policy.tf new file mode 100644 index 0000000..18c1595 --- /dev/null +++ b/infra/terraform/modules/aws_iam_role_policy/aws_iam_role_policy.tf @@ -0,0 +1,5 @@ +resource "aws_iam_role_policy" "this" { + name = var.name + role = var.role + policy = var.policy +} \ No newline at end of file diff --git a/infra/terraform/modules/aws_iam_role_policy/variables.tf.json b/infra/terraform/modules/aws_iam_role_policy/variables.tf.json new file mode 100644 index 0000000..170a536 --- /dev/null +++ b/infra/terraform/modules/aws_iam_role_policy/variables.tf.json @@ -0,0 +1,29 @@ +{ + "variable": { + "name": [ + { + "description": "Name of the Role Policy", + "type": "string" + } + ], + "policy": [ + { + "description": "JSON formatted inline policy document", + "type": "string" + } + ], + "role": [ + { + "description": "The name of the IAM role to attach to the policy", + "type": "string" + } + ], + "role_type":[ + { + "description": "The type of the IAM role to attach to the policy", + "default": "custom", + "type": "string" + } + ] + } +} \ No newline at end of file diff --git a/infra/terraform/modules/aws_lambda/aws_lambda.tf b/infra/terraform/modules/aws_lambda/aws_lambda.tf new file mode 100644 index 0000000..634ea50 --- /dev/null +++ b/infra/terraform/modules/aws_lambda/aws_lambda.tf @@ -0,0 +1,121 @@ +resource "aws_lambda_function" "this" { + architectures = [var.architecture] + function_name = var.function_name + description = var.description + role = var.role + handler = var.handler + runtime = var.runtime + timeout = var.timeout + memory_size = var.memory_size + + # using local file for lambda + filename = var.filename != "" ? var.filename : null + source_code_hash = var.filename != "" && var.filename != null ? filemd5(var.filename) : null + + # using s3 bucket for lambda + s3_bucket = var.s3_bucket != "" ? var.s3_bucket : null + s3_key = var.s3_key + s3_object_version = var.s3_object_version + + dynamic "logging_config" { + for_each = var.log_format != null ? [1] : [] + content { + log_group = var.log_group_name + log_format = var.log_format + system_log_level = var.system_log_level + } + } + + environment { + variables = var.environment_variables + } + + tags = var.tags + +} + +resource "aws_lambda_function_url" "this" { + count = var.create_function_url ? 1 : 0 + function_name = aws_lambda_function.this.function_name + authorization_type = var.create_function_url && var.authorization_type == null ? "NONE" : var.authorization_type + + dynamic "cors" { + for_each = var.cors + content { + allow_origins = cors.value.allow_origins + allow_methods = cors.value.allow_methods + allow_headers = cors.value.allow_headers + max_age = cors.value.max_age + allow_credentials = cors.value.allow_credentials + } + } +} + + + +resource "aws_lambda_event_source_mapping" "this" { + count = length(var.event_source_mapping) + # common for all event sources + event_source_arn = var.event_source_mapping[count.index].event_source_arn + function_name = aws_lambda_function.this.arn + starting_position = var.event_source_mapping[count.index].starting_position + batch_size = var.event_source_mapping[count.index].batch_size + enabled = var.event_source_mapping[count.index].enabled + + # for MSK + topics = [var.event_source_mapping[count.index].msk_topic] + + # for MQ + queues = [var.event_source_mapping[count.index].mq_queue] + + # for kinesis and dynamodb + bisect_batch_on_function_error = var.event_source_mapping[count.index].bisect_batch_on_function_error + maximum_record_age_in_seconds = var.event_source_mapping[count.index].maximum_record_age_in_seconds + maximum_retry_attempts = var.event_source_mapping[count.index].maximum_retry_attempts + parallelization_factor = var.event_source_mapping[count.index].parallelization_factor + + # for kinsesis dynamodb and kafka + destination_config { + on_failure { + destination_arn = var.event_source_mapping[count.index].on_failure_destination_arn + } + } + maximum_batching_window_in_seconds = var.event_source_mapping[count.index].maximum_batching_window_in_seconds + + # for SQS,kinesis and dynamodb + filter_criteria { + filter { + pattern = var.event_source_mapping[count.index].filter_pattern + } + } + + # for dynamodb + document_db_event_source_config { + collection_name = var.event_source_mapping[count.index].collection_name + database_name = var.event_source_mapping[count.index].database_name + full_document = var.event_source_mapping[count.index].full_document + } + # for SQS + scaling_config { + maximum_concurrency = var.event_source_mapping[count.index].maximum_concurrency + } +} + +# in case of asyncronous invocation onfigure permission for lambda to invoke the destination +# allowed destination for asyncronous invocation are SQS, SNS and Lambda function, event bridge +resource "aws_lambda_permission" "this" { + count = length(var.event_source_mapping) + statement_id = var.event_source_mapping[count.index].principal + count.index + action = "lambda:InvokeFunction" + function_name = aws_lambda_function.this.function_name + principal = var.event_source_mapping[count.index].principal + source_arn = var.event_source_arn +} + + + + + + + + diff --git a/infra/terraform/modules/aws_lambda/outputs.tf.json b/infra/terraform/modules/aws_lambda/outputs.tf.json new file mode 100644 index 0000000..03e4b4a --- /dev/null +++ b/infra/terraform/modules/aws_lambda/outputs.tf.json @@ -0,0 +1,24 @@ +{ + "output": { + "function_arn": { + "description": "The value of the function_arn output", + "sensitive": false, + "value": "${aws_lambda_function.this.arn}" + }, + "function_name": { + "description": "The value of the function_name output", + "sensitive": false, + "value": "${aws_lambda_function.this.function_name}" + }, + "function_url": { + "description": "The value of the function_url output", + "sensitive": false, + "value": "${var.create_function_url ? aws_lambda_function_url.this[0].function_url : null}" + }, + "invoke_arn": { + "description": "The value of the invoke_arn output", + "sensitive": false, + "value": "${aws_lambda_function.this.invoke_arn}" + } + } +} \ No newline at end of file diff --git a/infra/terraform/modules/aws_lambda/variables.tf.json b/infra/terraform/modules/aws_lambda/variables.tf.json new file mode 100644 index 0000000..133a7ac --- /dev/null +++ b/infra/terraform/modules/aws_lambda/variables.tf.json @@ -0,0 +1,165 @@ +{ + "variable": { + "architecture": [ + { + "default": "x86_64", + "description": "The architectures supported by the function.", + "nullable": true, + "type": "string" + } + ], + "authorization_type": [ + { + "default": "NONE", + "description": "The authorization type for the function URL.", + "nullable": true, + "type": "string" + } + ], + "cors":[ + { + "description": "The CORS configuration for the function.", + "nullable": true, + "type": "list(object({ allow_credentials: bool, allow_headers: list(string), allow_methods: list(string), allow_origins: list(string), max_age: number }))" + } + ], + "create_function_url": [ + { + "default": false, + "description": "Whether to create a URL for the Lambda Function.", + "nullable": true, + "type": "bool" + } + ], + "description": [ + { + "description": "Description of what your Lambda Function does.", + "nullable": true, + "type": "string" + } + ], + "environment_variables": [ + { + "description": "A map that defines environment variables for the Lambda Function.", + "nullable": true, + "type": "map(string)" + } + ], + "event_source_arn": [ + { + "description": "The ARN of the event source.", + "nullable": true, + "type": "string" + } + ], + "filename": [ + { + "description": "The path to the function's deployment package(zip) within the local filesystem", + "nullable": true, + "type": "string" + } + ], + "function_name": [ + { + "description": "Unique name for your Lambda Function.", + "nullable": false, + "type": "string" + } + ], + "handler": [ + { + "default": "main.lambda_handler", + "description": "The entry point for the Lambda Function.", + "nullable": false, + "type": "string" + } + ], + "log_format": [ + { + "description": "The format of the logs in the log group.", + "nullable": true, + "type": "string" + } + ], + "log_group_name": [ + { + "description": "The name of the CloudWatch log group to send logs to.", + "nullable": true, + "type": "string" + } + ], + "role": [ + { + "description": "The ARN of the IAM role that the Lambda Function assumes when it executes your function to access any other AWS services.", + "nullable": false, + "type": "string" + } + ], + "runtime": [ + { + "description": "runtime to use when running the Lambda Function.", + "nullable": false, + "type": "string", + "default": "python3.8" + } + ], + "timeout": [ + { + "description": "The amount of time your Lambda Function has to run in seconds.", + "default": 3, + "nullable": true, + "type": "number" + } + ], + "memory_size": [ + { + "description": "The amount of memory that your Lambda Function has access to in MB.", + "default": 128, + "nullable": true, + "type": "number" + } + ], + "s3_bucket": [ + { + "description": "The S3 bucket location that contains the function's deployment package.", + "nullable": true, + "type": "string" + } + ], + "s3_key": [ + { + "description": "The S3 key of an object containing the function's deployment package.", + "nullable": true, + "type": "string" + } + ], + "s3_object_version": [ + { + "description": "The object version of the function's deployment package.", + "nullable": true, + "type": "string" + } + ], + "system_log_level": [ + { + "description": "The log level for the Lambda Function.", + "nullable": true, + "type": "string" + } + ], + "event_source_mapping":[ + { + "description": "The event source mapping configuration.", + "nullable": true, + "type": "list(object({ event_source_arn: string, starting_position: string,batch_size:number,enabled:bool,msk_topic:string,mq_queue:string,bisect_batch_on_function_error:bool, maximum_record_age_in_seconds:number,maximum_retry_attempts:number,parallelization_factor:number,on_failure_destination_arn:string,maximum_batching_window_in_seconds:number,filter_pattern:string,collection_name:string,database_name:string,full_document:string,maximum_concurrency:number,principal:string }))" + } + ], + "tags":[ + { + "description": "A mapping of tags to assign to the resource.", + "nullable": true, + "type": "map(string)" + } + ] + } +} \ No newline at end of file diff --git a/infra/terraform/modules/aws_s3/aws_s3.tf b/infra/terraform/modules/aws_s3/aws_s3.tf new file mode 100644 index 0000000..04d372b --- /dev/null +++ b/infra/terraform/modules/aws_s3/aws_s3.tf @@ -0,0 +1,107 @@ +resource "aws_s3_bucket" "this" { + bucket = var.bucket_name + tags = var.tags +} + +# create versioning for the bucket +resource "aws_s3_bucket_versioning" "this" { + # create this resource only if var.versioning is not empty + count = var.enable_versioning ? 1 : 0 + + bucket = aws_s3_bucket.this.id + + # enable versioning + versioning_configuration { + status = "Enabled" + } +} + +# Create a server-side encryption configuration for the bucket +resource "aws_s3_bucket_server_side_encryption_configuration" "this" { + # create this resource only if var.sse_algorithm is not empty + count = var.sse_algorithm != "" ? 1 : 0 + + bucket = aws_s3_bucket.this.id + + rule { + apply_server_side_encryption_by_default { + kms_master_key_id = var.sse_algorithm == "aws:kms" ? aws_kms_key.custom_s3_kms_key[0].key_id : null + sse_algorithm = var.sse_algorithm + } + } +} + +# block public access +resource "aws_s3_bucket_public_access_block" "this" { + + bucket = aws_s3_bucket.this.id + + block_public_acls = var.block_public_access + block_public_policy = var.block_public_access + ignore_public_acls = var.block_public_access + restrict_public_buckets = var.block_public_access +} + + +resource "aws_s3_bucket_website_configuration" "this" { + count = var.enable_website_configuration ? 1 : 0 + bucket = aws_s3_bucket.this.id + + index_document { + suffix = var.website_index_document + } + + error_document { + key = var.website_error_document + } +} + +resource "aws_s3_bucket_policy" "website_bucket_policy" { + count = var.enable_website_configuration ? 1 : 0 + bucket = aws_s3_bucket.this.id + policy = data.aws_iam_policy_document.website_bucket_policy[0].json +} + +data "aws_iam_policy_document" "website_bucket_policy" { + count = var.enable_website_configuration ? 1 : 0 + statement { + effect = "Allow" + principals { + type = "AWS" + identifiers = ["*"] + } + actions = ["s3:GetObject"] + resources = ["${aws_s3_bucket.this.arn}/*"] + + } +} + +resource "aws_s3_bucket_policy" "allow_access" { + count = var.bucket_policy != "" ? 1 : 0 + bucket = aws_s3_bucket.this.id + policy = var.bucket_policy +} + + +resource "aws_kms_key" "custom_s3_kms_key" { + count = var.sse_algorithm == "aws:kms" ? 1 : 0 + description = "Custom KMS key for s3 bucket encryption" + enable_key_rotation = true +} + +resource "aws_kms_alias" "a" { + count = var.sse_algorithm == "aws:kms" ? 1 : 0 + name = "alias/s3-${replace(aws_s3_bucket.this.bucket, ".", "-")}" + target_key_id = aws_kms_key.custom_s3_kms_key[0].key_id +} + +data "aws_caller_identity" "current" {} + + + + + + + + + diff --git a/infra/terraform/modules/aws_s3/outputs.tf.json b/infra/terraform/modules/aws_s3/outputs.tf.json new file mode 100644 index 0000000..b5bf317 --- /dev/null +++ b/infra/terraform/modules/aws_s3/outputs.tf.json @@ -0,0 +1,24 @@ +{ + "output": { + "arn": { + "description": "The value of the arn output", + "sensitive": false, + "value": "${aws_s3_bucket.this.arn}" + }, + "bucket_name": { + "description": "The value of the bucket_name output", + "sensitive": false, + "value": "${aws_s3_bucket.this.id}" + }, + "bucket_website_endpoint": { + "description": "The value of the bucket_website_endpoint output", + "sensitive": false, + "value": "${var.enable_website_configuration ? aws_s3_bucket_website_configuration.this[0].website_endpoint : null}" + }, + "kms_arn": { + "description": "The value of the kms_arn output", + "sensitive": false, + "value": "${var.sse_algorithm == \"aws:kms\" ? aws_kms_key.custom_s3_kms_key[0].arn : null}" + } + } +} \ No newline at end of file diff --git a/infra/terraform/modules/aws_s3/variables.tf.json b/infra/terraform/modules/aws_s3/variables.tf.json new file mode 100644 index 0000000..3599eb2 --- /dev/null +++ b/infra/terraform/modules/aws_s3/variables.tf.json @@ -0,0 +1,71 @@ +{ + "variable": { + "block_public_access": [ + { + "default": true, + "description": "A state of block public access. If false, block public access is not enabled.", + "type": "bool", + "nullable": true + } + ], + "bucket_name": [ + { + "description": "The name of the s3 bucket", + "nullable": false, + "type": "string" + } + ], + "enable_versioning": [ + { + "default": true, + "description": "Enable versioning for the bucket", + "type": "bool", + "nullable": true + } + ], + "sse_algorithm": [ + { + "default": "aws:kms", + "description": "The server-side encryption algorithm to use. Valid values are AES256 and aws:kms. If you specify aws:kms, a new KMS key will be provisioned and used. If empty, no encryption is performed.", + "type": "string", + "nullable": true + } + ], + "enable_website_configuration": [ + { + "default": false, + "description": "Enable website configuration for the bucket", + "type": "bool" + } + ], + "website_index_document": [ + { + "description": "The index document for the bucket", + "type": "string", + "default": "index.html" + } + ], + "website_error_document": [ + { + "description": "The error document for the bucket", + "type": "string", + "default": "404.html" + } + ], + "bucket_policy": [ + { + "description": "The IAM policy of the bucket (can be used to allow access to other roles or accounts)", + "type": "string", + "default": "" + } + ], + "tags": [ + { + "default": {}, + "description": "A mapping of AWS tags to assign to the bucket.", + "type": "map(string)", + "nullable": true + } + ] + } + } \ No newline at end of file diff --git a/infra/terraform/outputs.tf b/infra/terraform/outputs.tf new file mode 100644 index 0000000..d7790a2 --- /dev/null +++ b/infra/terraform/outputs.tf @@ -0,0 +1,71 @@ + +output "aws_s3_leodavis9344_bucket_name" { + value = module.appcd_551e1d2b-88ec-5406-87cf-c51521bbe894.bucket_name + sensitive = false +} + + +output "aws_s3_leodavis9344_bucket_website_endpoint" { + value = module.appcd_551e1d2b-88ec-5406-87cf-c51521bbe894.bucket_website_endpoint + sensitive = false +} + + +output "aws_s3_leodavis9344_kms_arn" { + value = module.appcd_551e1d2b-88ec-5406-87cf-c51521bbe894.kms_arn + sensitive = false +} + + +output "aws_s3_leodavis9344_arn" { + value = module.appcd_551e1d2b-88ec-5406-87cf-c51521bbe894.arn + sensitive = false +} + + +output "aws_lambda_hello_kitty_function_leodavis9344_function_arn" { + value = module.appcd_00a20b0a-2ec0-5bdc-a08d-65a85dc81d5b.function_arn + sensitive = false +} + + +output "aws_lambda_hello_kitty_function_leodavis9344_function_name" { + value = module.appcd_00a20b0a-2ec0-5bdc-a08d-65a85dc81d5b.function_name + sensitive = false +} + + +output "aws_lambda_hello_kitty_function_leodavis9344_function_url" { + value = module.appcd_00a20b0a-2ec0-5bdc-a08d-65a85dc81d5b.function_url + sensitive = false +} + + +output "aws_lambda_hello_kitty_function_leodavis9344_invoke_arn" { + value = module.appcd_00a20b0a-2ec0-5bdc-a08d-65a85dc81d5b.invoke_arn + sensitive = false +} + + +output "aws_iam_role_hello_kitty_role_leodavis9344_arn" { + value = module.appcd_b71fd16c-797e-5a95-8e1b-ab22f1e34f43.arn + sensitive = false +} + + +output "aws_iam_role_hello_kitty_role_leodavis9344_name" { + value = module.appcd_b71fd16c-797e-5a95-8e1b-ab22f1e34f43.name + sensitive = false +} + + +output "aws_cloudwatch_log_group_aws_lambda_hello_kitty_function_leodavis9344_name" { + value = module.appcd_86ec452a-770a-59bf-87dd-67ed883e25e5.name + sensitive = false +} + + +output "aws_cloudwatch_log_group_aws_lambda_hello_kitty_function_leodavis9344_arn" { + value = module.appcd_86ec452a-770a-59bf-87dd-67ed883e25e5.arn + sensitive = false +} diff --git a/infra/terraform/provider.tf b/infra/terraform/provider.tf new file mode 100644 index 0000000..24f9e77 --- /dev/null +++ b/infra/terraform/provider.tf @@ -0,0 +1,14 @@ +terraform { + required_version = ">= 1.0.0, < 2.0.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 5.0" + } + } +} + +provider "aws" { + region = var.region +} diff --git a/infra/terraform/variables.tf b/infra/terraform/variables.tf new file mode 100644 index 0000000..8075d7f --- /dev/null +++ b/infra/terraform/variables.tf @@ -0,0 +1,3 @@ +variable "region" { + description = "AWS region in which the project needs to be setup (us-east-1, ca-west-1, eu-west-3, etc)" +} From 9792ff361a0cc4e6cf86612e326a2bebf61e48c4 Mon Sep 17 00:00:00 2001 From: stackgen-automation Date: Fri, 4 Oct 2024 15:26:03 +0000 Subject: [PATCH 2/2] Automated commit --- infra/terraform/outputs.tf | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/infra/terraform/outputs.tf b/infra/terraform/outputs.tf index d7790a2..d70f896 100644 --- a/infra/terraform/outputs.tf +++ b/infra/terraform/outputs.tf @@ -1,4 +1,10 @@ +output "aws_s3_leodavis9344_arn" { + value = module.appcd_551e1d2b-88ec-5406-87cf-c51521bbe894.arn + sensitive = false +} + + output "aws_s3_leodavis9344_bucket_name" { value = module.appcd_551e1d2b-88ec-5406-87cf-c51521bbe894.bucket_name sensitive = false @@ -17,12 +23,6 @@ output "aws_s3_leodavis9344_kms_arn" { } -output "aws_s3_leodavis9344_arn" { - value = module.appcd_551e1d2b-88ec-5406-87cf-c51521bbe894.arn - sensitive = false -} - - output "aws_lambda_hello_kitty_function_leodavis9344_function_arn" { value = module.appcd_00a20b0a-2ec0-5bdc-a08d-65a85dc81d5b.function_arn sensitive = false