infrastructure/base/modules/aws/bootstrap/main.tf
##
# Module to build the Terraform "bootstrap" configuration
##
# Build an S3 bucket to store TF state
resource "aws_s3_bucket" "state_bucket" {
bucket = var.s3_bucket
# Prevents Terraform from destroying or replacing this object - a great safety mechanism
lifecycle {
prevent_destroy = true
}
tags = merge({ Resource = "Terraform State" },
var.tags)
}
resource "aws_s3_bucket_server_side_encryption_configuration" "state_bucket_encryption" {
bucket = aws_s3_bucket.state_bucket.bucket
rule {
apply_server_side_encryption_by_default {
sse_algorithm = "AES256"
}
}
}
resource "aws_s3_bucket_versioning" "state_bucket_versioning" {
bucket = aws_s3_bucket.state_bucket.id
versioning_configuration {
status = "Enabled"
}
}
# Build a DynamoDB to use for terraform state locking
resource "aws_dynamodb_table" "tf_lock_state" {
name = var.dynamo_db_table_name
# Pay per request is cheaper for low-i/o applications, like our TF lock state
billing_mode = "PAY_PER_REQUEST"
# Hash key is required, and must be an attribute
hash_key = "LockID"
# Attribute LockID is required for TF to use this table for lock state
attribute {
name = "LockID"
type = "S"
}
tags = merge({
Name = var.dynamo_db_table_name
Resource = "Terraform State"
},
var.tags)
}