diff --git a/data-science/us-east-1/base-tf-backend/README.md b/data-science/us-east-1/base-tf-backend/README.md new file mode 100644 index 00000000..ffe7b4ad --- /dev/null +++ b/data-science/us-east-1/base-tf-backend/README.md @@ -0,0 +1,7 @@ +# Terraform - S3 & DynamoDB for Remote State Storage & Locking + +## Overview +Use this terraforms configuration files to create the S3 bucket & DynamoDB table needed to use Terraform Remote State Storage & Locking. + +## Set Up +Please refer to [this documentation](https://leverage.binbash.co/user-guide/ref-architecture-aws/tf-state/). diff --git a/data-science/us-east-1/base-tf-backend/common-variables.tf b/data-science/us-east-1/base-tf-backend/common-variables.tf new file mode 120000 index 00000000..81b884ac --- /dev/null +++ b/data-science/us-east-1/base-tf-backend/common-variables.tf @@ -0,0 +1 @@ +../../../config/common-variables.tf \ No newline at end of file diff --git a/data-science/us-east-1/base-tf-backend/config.tf b/data-science/us-east-1/base-tf-backend/config.tf new file mode 100644 index 00000000..5a24ee8e --- /dev/null +++ b/data-science/us-east-1/base-tf-backend/config.tf @@ -0,0 +1,32 @@ +#=============================# +# AWS Provider Settings # +#=============================# +# Add default aws provider configuration +provider "aws" { + region = var.region + profile = var.profile +} + +provider "aws" { + alias = "main_region" + region = var.region + profile = var.profile +} + +provider "aws" { + alias = "secondary_region" + region = var.region_secondary + profile = var.profile +} + +terraform { + required_version = "~> 1.2" + + required_providers { + aws = "~> 5.0" + } + + backend "s3" { + key = "data-science/tf-backend/terraform.tfstate" + } +} diff --git a/data-science/us-east-1/base-tf-backend/locals.tf b/data-science/us-east-1/base-tf-backend/locals.tf new file mode 100644 index 00000000..5879674a --- /dev/null +++ b/data-science/us-east-1/base-tf-backend/locals.tf @@ -0,0 +1,6 @@ +locals { + tags = { + Terraform = "true" + Environment = var.environment + } +} diff --git a/data-science/us-east-1/base-tf-backend/main.tf b/data-science/us-east-1/base-tf-backend/main.tf new file mode 100644 index 00000000..bde3e1ab --- /dev/null +++ b/data-science/us-east-1/base-tf-backend/main.tf @@ -0,0 +1,40 @@ +module "terraform_backend" { + source = "github.com/binbashar/terraform-aws-tfstate-backend.git?ref=v1.0.28" + + # + # Bucket Name + # + delimiter = "-" + namespace = var.project + stage = var.environment + name = "terraform-backend" + + # + # Security + # + acl = "private" + block_public_acls = true + block_public_policy = true + restrict_public_buckets = true + enable_server_side_encryption = var.encrypt + enforce_ssl_requests = true + ignore_public_acls = true + + # + # Replication + # + bucket_replication_enabled = true + + notifications_sns = false + bucket_lifecycle_enabled = false + billing_mode = "PROVISIONED" + enable_point_in_time_recovery = false + create_kms_key = false # USE SSE-S3 + + tags = local.tags + + providers = { + aws.primary = aws.main_region + aws.secondary = aws.secondary_region + } +} diff --git a/data-science/us-east-1/base-tf-backend/variables.tf b/data-science/us-east-1/base-tf-backend/variables.tf new file mode 100644 index 00000000..9242376c --- /dev/null +++ b/data-science/us-east-1/base-tf-backend/variables.tf @@ -0,0 +1,3 @@ +#================================# +# Local variables # +#================================# diff --git a/management/global/sso/policies.tf b/management/global/sso/policies.tf index 9e6a70dc..a38d1f02 100644 --- a/management/global/sso/policies.tf +++ b/management/global/sso/policies.tf @@ -73,6 +73,7 @@ data "aws_iam_policy_document" "devops" { "secretsmanager:*", "securityhub:*", "servicediscovery:*", + "scheduler:*", "shield:*", "synthetics:*", "sns:*",