Create TF backend layer in the Data Science account (#569)

* Create Data Science TF backend layer * Update readme
binbashar · May 7, 2024 · bf8f395 · bf8f395
1 parent 74187c6
commit bf8f395
Show file tree

Hide file tree

Showing 7 changed files with 90 additions and 0 deletions.
diff --git a/data-science/us-east-1/base-tf-backend/README.md b/data-science/us-east-1/base-tf-backend/README.md
@@ -0,0 +1,7 @@
+# Terraform - S3 & DynamoDB for Remote State Storage & Locking
+
+## Overview
+Use this terraforms configuration files to create the S3 bucket & DynamoDB table needed to use Terraform Remote State Storage & Locking.
+
+## Set Up
+Please refer to [this documentation](https://leverage.binbash.co/user-guide/ref-architecture-aws/tf-state/).
diff --git a/data-science/us-east-1/base-tf-backend/common-variables.tf b/data-science/us-east-1/base-tf-backend/common-variables.tf
@@ -0,0 +1 @@
+../../../config/common-variables.tf
diff --git a/data-science/us-east-1/base-tf-backend/config.tf b/data-science/us-east-1/base-tf-backend/config.tf
@@ -0,0 +1,32 @@
+#=============================#
+# AWS Provider Settings       #
+#=============================#
+# Add default aws provider configuration
+provider "aws" {
+  region  = var.region
+  profile = var.profile
+}
+
+provider "aws" {
+  alias   = "main_region"
+  region  = var.region
+  profile = var.profile
+}
+
+provider "aws" {
+  alias   = "secondary_region"
+  region  = var.region_secondary
+  profile = var.profile
+}
+
+terraform {
+  required_version = "~> 1.2"
+
+  required_providers {
+    aws = "~> 5.0"
+  }
+
+  backend "s3" {
+    key = "data-science/tf-backend/terraform.tfstate"
+  }
+}
diff --git a/data-science/us-east-1/base-tf-backend/locals.tf b/data-science/us-east-1/base-tf-backend/locals.tf
@@ -0,0 +1,6 @@
+locals {
+  tags = {
+    Terraform   = "true"
+    Environment = var.environment
+  }
+}
diff --git a/data-science/us-east-1/base-tf-backend/main.tf b/data-science/us-east-1/base-tf-backend/main.tf
@@ -0,0 +1,40 @@
+module "terraform_backend" {
+  source = "github.com/binbashar/terraform-aws-tfstate-backend.git?ref=v1.0.28"
+
+  #
+  # Bucket Name
+  #
+  delimiter = "-"
+  namespace = var.project
+  stage     = var.environment
+  name      = "terraform-backend"
+
+  #
+  # Security
+  #
+  acl                           = "private"
+  block_public_acls             = true
+  block_public_policy           = true
+  restrict_public_buckets       = true
+  enable_server_side_encryption = var.encrypt
+  enforce_ssl_requests          = true
+  ignore_public_acls            = true
+
+  #
+  # Replication
+  #
+  bucket_replication_enabled = true
+
+  notifications_sns             = false
+  bucket_lifecycle_enabled      = false
+  billing_mode                  = "PROVISIONED"
+  enable_point_in_time_recovery = false
+  create_kms_key                = false # USE SSE-S3
+
+  tags = local.tags
+
+  providers = {
+    aws.primary   = aws.main_region
+    aws.secondary = aws.secondary_region
+  }
+}
diff --git a/data-science/us-east-1/base-tf-backend/variables.tf b/data-science/us-east-1/base-tf-backend/variables.tf
@@ -0,0 +1,3 @@
+#================================#
+# Local variables                #
+#================================#
diff --git a/management/global/sso/policies.tf b/management/global/sso/policies.tf
@@ -73,6 +73,7 @@ data "aws_iam_policy_document" "devops" {
       "secretsmanager:*",
       "securityhub:*",
       "servicediscovery:*",
+      "scheduler:*",
       "shield:*",
       "synthetics:*",
       "sns:*",