new_main

terraform-modules · Sep 14, 2020 · 6100615 · 6100615
1 parent 60bc56c
commit 6100615
Showing 1 changed file with 1 addition and 106 deletions.
diff --git a/main.tf b/main.tf
@@ -1,106 +1 @@
-/* = About =
- * = Usage =
- * module "mybucket" {
- *   source = "git@github.e.it.census.gov:terraform-modules/aws-t26-s3.git"
- *
- *   bucket_name = "myt26bucket"
- * }
- * 
- */
-
-locals {
-  enforced_tags = {
-    "boc:safeguard" = "title26"
-  }
-}
-
-#---
-# s3 bucket
-#---
-resource "aws_s3_bucket" "this" {
-  bucket = var.bucket_name
-  acl    = "private"
-
-  force_destroy = true
-
-  server_side_encryption_configuration {
-    rule {
-      apply_server_side_encryption_by_default {
-        kms_master_key_id = var.kms_key_id
-        sse_algorithm     = "aws:kms"
-      }
-    }
-  }
-
-  versioning {
-    enabled = true
-    #enabled = false
-  }
-
-  logging {
-    target_bucket = var.access_log_bucket
-    target_prefix = format("%s/%s/", var.access_log_bucket_prefix, var.access_log_bucket)
-  }
-
-  lifecycle {
-    #prevent_destroy = true
-  }
-
-  tags = merge(
-    var.tags,
-    local.enforced_tags,
-    map("Name", var.bucket_name)
-  )
-}
-
-data "aws_iam_policy_document" "this" {
-  statement {
-    sid     = "DenyIncorrectEncryptionHeader"
-    effect  = "Deny"
-    actions = ["s3:PutObject"]
-    principals {
-      type        = "AWS"
-      identifiers = ["*"]
-    }
-    resources = ["${aws_s3_bucket.this.arn}/*"]
-    condition {
-      test     = "StringNotEquals"
-      variable = "s3:x-amz-server-side-encryption"
-      values   = ["aws:kms"]
-    }
-  }
-  statement {
-    sid     = "DenyUnEncryptedObjectUploads"
-    effect  = "Deny"
-    actions = ["s3:PutObject"]
-    principals {
-      type        = "AWS"
-      identifiers = ["*"]
-    }
-    resources = ["${aws_s3_bucket.this.arn}/*"]
-    condition {
-      test     = "Null"
-      variable = "s3:x-amz-server-side-encryption"
-      values   = ["true"]
-    }
-  }
-}
-
-resource "null_resource" "s3_create_wait" {
-  triggers = {
-    bucket = aws_s3_bucket.this.id
-  }
-  provisioner "local-exec" {
-    when    = create
-    command = "sleep 120"
-  }
-}
-
-resource "aws_s3_bucket_object" "this_objects" {
-  bucket = aws_s3_bucket.this.id
-  count  = length(var.bucket_folders)
-  key    = format("%s/", element(var.bucket_folders, count.index))
-  source = "/dev/null"
-
-  depends_on = [null_resource.s3_create_wait]
-}
+# temporary main.tf to test tf-destroy