From 4fce205f69b16889722272f5ae081a564ead789d Mon Sep 17 00:00:00 2001 From: badra001 Date: Tue, 27 Oct 2020 12:06:46 -0400 Subject: [PATCH] update tags; add version.tf --- README.md | 1 + main.tf | 38 ++++++++++++++++++-------------------- version.tf | 5 +++++ 3 files changed, 24 insertions(+), 20 deletions(-) create mode 100644 version.tf diff --git a/README.md b/README.md index 11e9f6e..79f0294 100644 --- a/README.md +++ b/README.md @@ -25,6 +25,7 @@ No requirements. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| +| \_module\_version | Module version number | `string` | `"1.1"` | no | | access\_log\_bucket | Server Access Logging Bucket ID | `string` | n/a | yes | | access\_log\_bucket\_prefix | Access log bucket prefix, to which the bucket name will be appended to make the target\_prefix | `string` | `"s3"` | no | | allowed\_cidr | List of allowed source IPs (NOT from within the VPC) | `list(string)` | `[]` | no | diff --git a/main.tf b/main.tf index 607400b..545f9c2 100644 --- a/main.tf +++ b/main.tf @@ -14,23 +14,13 @@ */ locals { - enforced_tags = { - "boc:safeguard" = "title26" - } - #account_id = data.aws_caller_identity.current.account_id - #aws_region = data.aws_region.current.name - #partition = data.aws_arn.current.partition - #name = (var.name != "" && var.name != null) ? var.name : format("k-kms-%v-%v", var.bucket_name, local.aws_region) - name = var.bucket_name + name = var.bucket_name + bucket_name = format("%s%s", local._prefixes["s3"], var.bucket_name) # kms_key_arn_exists = var.kms_key_arn != "" && var.kms_key_arn != null kms_key_arn = aws_kms_key.key.arn kms_key_name = format("%s%s", local._prefixes["kms"], var.bucket_name) - base_tags = { - # "boc:tf_module_version" = var._module_version - "boc:created_by" = "terraform" - } condition_allowed_cidr = { "test" : "NotIpAddress" "variable" : "aws:sourceIp" @@ -43,13 +33,21 @@ locals { } s3_bucket_conditions_list = list(local.condition_allowed_cidr, local.condition_allowed_endpoints) s3_bucket_conditions = [for x in local.s3_bucket_conditions_list : x if length(x.values) > 0] + + enforced_tags = { + "boc:safeguard" = "title26" + } + base_tags = { + "boc:tf_module_version" = var._module_version + "boc:created_by" = "terraform" + } } #--- # s3 bucket #--- resource "aws_s3_bucket" "this" { - bucket = var.bucket_name + bucket = local.bucket_name acl = "private" force_destroy = var.force_destroy @@ -57,9 +55,7 @@ resource "aws_s3_bucket" "this" { rule { apply_server_side_encryption_by_default { kms_master_key_id = aws_kms_key.key.key_id - #kms_master_key_id = var.kms_key_id - #kms_master_key_id = "k-kms-", var.bucket_name - sse_algorithm = "aws:kms" + sse_algorithm = "aws:kms" } } } @@ -70,7 +66,7 @@ resource "aws_s3_bucket" "this" { logging { target_bucket = var.access_log_bucket - target_prefix = format("%s/%s/", var.access_log_bucket_prefix, var.bucket_name) + target_prefix = format("%s/%s/", var.access_log_bucket_prefix, local.bucket_name) } lifecycle { @@ -78,9 +74,10 @@ resource "aws_s3_bucket" "this" { } tags = merge( + local.base_tags, var.tags, local.enforced_tags, - map("Name", var.bucket_name) + map("Name", local.bucket_name) ) } @@ -198,8 +195,9 @@ resource "aws_kms_key" "key" { tags = merge( local.base_tags, - { "Name" = local.kms_key_name }, - var.tags + var.tags, + local.enforced_tags, + map("Name", local.bucket_name) ) } diff --git a/version.tf b/version.tf new file mode 100644 index 0000000..a2ef28f --- /dev/null +++ b/version.tf @@ -0,0 +1,5 @@ +variable "_module_version" { + description = "Module version number" + type = string + default = "1.1" +}