update tags; add version.tf

terraform-modules · Oct 27, 2020 · 4fce205 · 4fce205
1 parent 0b6f4fa
commit 4fce205
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 20 deletions.
diff --git a/README.md b/README.md
@@ -25,6 +25,7 @@ No requirements.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| \_module\_version | Module version number | `string` | `"1.1"` | no |
 | access\_log\_bucket | Server Access Logging Bucket ID | `string` | n/a | yes |
 | access\_log\_bucket\_prefix | Access log bucket prefix, to which the bucket name will be appended to make the target\_prefix | `string` | `"s3"` | no |
 | allowed\_cidr | List of allowed source IPs (NOT from within the VPC) | `list(string)` | `[]` | no |

diff --git a/main.tf b/main.tf
@@ -14,23 +14,13 @@
 */
 
 locals {
-  enforced_tags = {
-    "boc:safeguard" = "title26"
-  }
-  #account_id = data.aws_caller_identity.current.account_id
-  #aws_region = data.aws_region.current.name
-  #partition  = data.aws_arn.current.partition
-  #name       = (var.name != "" && var.name != null) ? var.name : format("k-kms-%v-%v", var.bucket_name, local.aws_region)
-  name = var.bucket_name
+  name        = var.bucket_name
+  bucket_name = format("%s%s", local._prefixes["s3"], var.bucket_name)
 
   # kms_key_arn_exists = var.kms_key_arn != "" && var.kms_key_arn != null
   kms_key_arn  = aws_kms_key.key.arn
   kms_key_name = format("%s%s", local._prefixes["kms"], var.bucket_name)
 
-  base_tags = {
-    # "boc:tf_module_version" = var._module_version
-    "boc:created_by" = "terraform"
-  }
   condition_allowed_cidr = {
     "test" : "NotIpAddress"
     "variable" : "aws:sourceIp"
@@ -43,23 +33,29 @@ locals {
   }
   s3_bucket_conditions_list = list(local.condition_allowed_cidr, local.condition_allowed_endpoints)
   s3_bucket_conditions      = [for x in local.s3_bucket_conditions_list : x if length(x.values) > 0]
+
+  enforced_tags = {
+    "boc:safeguard" = "title26"
+  }
+  base_tags = {
+    "boc:tf_module_version" = var._module_version
+    "boc:created_by"        = "terraform"
+  }
 }
 
 #---
 # s3 bucket
 #---
 resource "aws_s3_bucket" "this" {
-  bucket        = var.bucket_name
+  bucket        = local.bucket_name
   acl           = "private"
   force_destroy = var.force_destroy
 
   server_side_encryption_configuration {
     rule {
       apply_server_side_encryption_by_default {
         kms_master_key_id = aws_kms_key.key.key_id
-        #kms_master_key_id = var.kms_key_id
-        #kms_master_key_id = "k-kms-", var.bucket_name
-        sse_algorithm = "aws:kms"
+        sse_algorithm     = "aws:kms"
       }
     }
   }
@@ -70,17 +66,18 @@ resource "aws_s3_bucket" "this" {
 
   logging {
     target_bucket = var.access_log_bucket
-    target_prefix = format("%s/%s/", var.access_log_bucket_prefix, var.bucket_name)
+    target_prefix = format("%s/%s/", var.access_log_bucket_prefix, local.bucket_name)
   }
 
   lifecycle {
     prevent_destroy = false
   }
 
   tags = merge(
+    local.base_tags,
     var.tags,
     local.enforced_tags,
-    map("Name", var.bucket_name)
+    map("Name", local.bucket_name)
   )
 }
 
@@ -198,8 +195,9 @@ resource "aws_kms_key" "key" {
 
   tags = merge(
     local.base_tags,
-    { "Name" = local.kms_key_name },
-    var.tags
+    var.tags,
+    local.enforced_tags,
+    map("Name", local.bucket_name)
   )
 }
 

diff --git a/version.tf b/version.tf
@@ -0,0 +1,5 @@
+variable "_module_version" {
+  description = "Module version number"
+  type        = string
+  default     = "1.1"
+}