Refactor: s3 module (#5)

* refactor: create module for s3 buckets --------- Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
GlueOps · Mar 4, 2023 · 1a7d3df · 1a7d3df
1 parent 4998c33
commit 1a7d3df
Show file tree

Hide file tree

Showing 8 changed files with 81 additions and 23 deletions.
diff --git a/README.md b/README.md
@@ -17,13 +17,13 @@ This terraform module creates a "parent" zone and multiple subdomain zones under
 | Name | Version |
 |------|---------|
 | <a name="provider_aws.clientaccount"></a> [aws.clientaccount](#provider\_aws.clientaccount) | 4.55.0 |
-| <a name="provider_aws.primaryregion"></a> [aws.primaryregion](#provider\_aws.primaryregion) | 4.55.0 |
-| <a name="provider_aws.replicaregion"></a> [aws.replicaregion](#provider\_aws.replicaregion) | 4.55.0 |
 | <a name="provider_cloudflare"></a> [cloudflare](#provider\_cloudflare) | 3.35.0 |
 
 ## Modules
 
-No modules.
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_common_s3"></a> [common\_s3](#module\_common\_s3) | ./modules/multy-s3-bucket/0.1.0 | n/a |
 
 ## Resources
 
@@ -32,11 +32,8 @@ No modules.
 | [aws_iam_access_key.certmanager](https://registry.terraform.io/providers/hashicorp/aws/4.55.0/docs/resources/iam_access_key) | resource |
 | [aws_iam_access_key.externaldns](https://registry.terraform.io/providers/hashicorp/aws/4.55.0/docs/resources/iam_access_key) | resource |
 | [aws_iam_access_key.vault_s3](https://registry.terraform.io/providers/hashicorp/aws/4.55.0/docs/resources/iam_access_key) | resource |
-| [aws_iam_policy.replication](https://registry.terraform.io/providers/hashicorp/aws/4.55.0/docs/resources/iam_policy) | resource |
 | [aws_iam_policy.route53](https://registry.terraform.io/providers/hashicorp/aws/4.55.0/docs/resources/iam_policy) | resource |
 | [aws_iam_policy.vault_s3_backup](https://registry.terraform.io/providers/hashicorp/aws/4.55.0/docs/resources/iam_policy) | resource |
-| [aws_iam_role.replication](https://registry.terraform.io/providers/hashicorp/aws/4.55.0/docs/resources/iam_role) | resource |
-| [aws_iam_role_policy_attachment.replication](https://registry.terraform.io/providers/hashicorp/aws/4.55.0/docs/resources/iam_role_policy_attachment) | resource |
 | [aws_iam_user.certmanager](https://registry.terraform.io/providers/hashicorp/aws/4.55.0/docs/resources/iam_user) | resource |
 | [aws_iam_user.externaldns](https://registry.terraform.io/providers/hashicorp/aws/4.55.0/docs/resources/iam_user) | resource |
 | [aws_iam_user.vault_s3](https://registry.terraform.io/providers/hashicorp/aws/4.55.0/docs/resources/iam_user) | resource |
@@ -47,19 +44,6 @@ No modules.
 | [aws_route53_record.wildcard_for_apps](https://registry.terraform.io/providers/hashicorp/aws/4.55.0/docs/resources/route53_record) | resource |
 | [aws_route53_zone.clusters](https://registry.terraform.io/providers/hashicorp/aws/4.55.0/docs/resources/route53_zone) | resource |
 | [aws_route53_zone.main](https://registry.terraform.io/providers/hashicorp/aws/4.55.0/docs/resources/route53_zone) | resource |
-| [aws_s3_bucket.primary](https://registry.terraform.io/providers/hashicorp/aws/4.55.0/docs/resources/s3_bucket) | resource |
-| [aws_s3_bucket.replica](https://registry.terraform.io/providers/hashicorp/aws/4.55.0/docs/resources/s3_bucket) | resource |
-| [aws_s3_bucket_acl.primary](https://registry.terraform.io/providers/hashicorp/aws/4.55.0/docs/resources/s3_bucket_acl) | resource |
-| [aws_s3_bucket_acl.replica](https://registry.terraform.io/providers/hashicorp/aws/4.55.0/docs/resources/s3_bucket_acl) | resource |
-| [aws_s3_bucket_lifecycle_configuration.primary](https://registry.terraform.io/providers/hashicorp/aws/4.55.0/docs/resources/s3_bucket_lifecycle_configuration) | resource |
-| [aws_s3_bucket_lifecycle_configuration.replica](https://registry.terraform.io/providers/hashicorp/aws/4.55.0/docs/resources/s3_bucket_lifecycle_configuration) | resource |
-| [aws_s3_bucket_public_access_block.primary](https://registry.terraform.io/providers/hashicorp/aws/4.55.0/docs/resources/s3_bucket_public_access_block) | resource |
-| [aws_s3_bucket_public_access_block.replica](https://registry.terraform.io/providers/hashicorp/aws/4.55.0/docs/resources/s3_bucket_public_access_block) | resource |
-| [aws_s3_bucket_replication_configuration.replication](https://registry.terraform.io/providers/hashicorp/aws/4.55.0/docs/resources/s3_bucket_replication_configuration) | resource |
-| [aws_s3_bucket_server_side_encryption_configuration.primary](https://registry.terraform.io/providers/hashicorp/aws/4.55.0/docs/resources/s3_bucket_server_side_encryption_configuration) | resource |
-| [aws_s3_bucket_server_side_encryption_configuration.replica](https://registry.terraform.io/providers/hashicorp/aws/4.55.0/docs/resources/s3_bucket_server_side_encryption_configuration) | resource |
-| [aws_s3_bucket_versioning.primary](https://registry.terraform.io/providers/hashicorp/aws/4.55.0/docs/resources/s3_bucket_versioning) | resource |
-| [aws_s3_bucket_versioning.replica](https://registry.terraform.io/providers/hashicorp/aws/4.55.0/docs/resources/s3_bucket_versioning) | resource |
 | [cloudflare_record.delegation_ns_record_first](https://registry.terraform.io/providers/cloudflare/cloudflare/3.35.0/docs/resources/record) | resource |
 | [cloudflare_record.delegation_ns_record_fourth](https://registry.terraform.io/providers/cloudflare/cloudflare/3.35.0/docs/resources/record) | resource |
 | [cloudflare_record.delegation_ns_record_second](https://registry.terraform.io/providers/cloudflare/cloudflare/3.35.0/docs/resources/record) | resource |

diff --git a/iam-policy-vault-backup-s3.tf b/iam-policy-vault-backup-s3.tf
@@ -12,8 +12,8 @@ resource "aws_iam_policy" "vault_s3_backup" {
         "s3:PutObject"
       ],
       "Resource": [
-        "${aws_s3_bucket.primary.arn}/${aws_route53_zone.clusters[each.key].name}/hashicorp-vault-backups/*",
-        "${aws_s3_bucket.replica.arn}/${aws_route53_zone.clusters[each.key].name}/hashicorp-vault-backups/*"
+        "${module.common_s3.primary_s3_bucket_arn}/${aws_route53_zone.clusters[each.key].name}/hashicorp-vault-backups/*",
+        "${module.common_s3.replica_s3_bucket_arn}/${aws_route53_zone.clusters[each.key].name}/hashicorp-vault-backups/*"
       ]
     }
   ]

diff --git a/modules/multy-s3-bucket/0.1.0/providers.tf b/modules/multy-s3-bucket/0.1.0/providers.tf
@@ -0,0 +1,26 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "4.55.0"
+    }
+  }
+}
+
+
+provider "aws" {
+  alias  = "primaryregion"
+  region = var.primary_region
+  assume_role {
+    role_arn = "arn:aws:iam::${var.company_account_id}:role/OrganizationAccountAccessRole"
+  }
+}
+
+provider "aws" {
+  alias  = "replicaregion"
+  region = var.backup_region
+  assume_role {
+    role_arn = "arn:aws:iam::${var.company_account_id}:role/OrganizationAccountAccessRole"
+  }
+}
+
diff --git a/s3-backup-bucket.tf → ...multy-s3-bucket/0.1.0/s3-backup-bucket.tf b/s3-backup-bucket.tf → ...multy-s3-bucket/0.1.0/s3-backup-bucket.tf
@@ -1,8 +1,12 @@
 resource "aws_s3_bucket" "replica" {
   provider      = aws.replicaregion
-  bucket        = "${local.bucket_name}-replica"
+  bucket        = "${var.bucket_name}-replica"
   force_destroy = var.this_is_development ? true : false
 }
+output "replica_s3_bucket_arn" {
+  value = aws_s3_bucket.replica.arn
+}
+
 resource "aws_s3_bucket_acl" "replica" {
   provider = aws.replicaregion
   bucket   = aws_s3_bucket.replica.id

diff --git a/s3-primary-bucket.tf → ...ulty-s3-bucket/0.1.0/s3-primary-bucket.tf b/s3-primary-bucket.tf → ...ulty-s3-bucket/0.1.0/s3-primary-bucket.tf
@@ -1,8 +1,11 @@
 resource "aws_s3_bucket" "primary" {
   provider      = aws.primaryregion
-  bucket        = "${local.bucket_name}-primary"
+  bucket        = "${var.bucket_name}-primary"
   force_destroy = var.this_is_development ? true : false
 }
+output "primary_s3_bucket_arn" {
+  value = aws_s3_bucket.primary.arn
+}
 
 resource "aws_s3_bucket_acl" "primary" {
   provider = aws.primaryregion

diff --git a/s3-replication.tf → ...s/multy-s3-bucket/0.1.0/s3-replication.tf b/s3-replication.tf → ...s/multy-s3-bucket/0.1.0/s3-replication.tf
diff --git a/modules/multy-s3-bucket/0.1.0/variables.tf b/modules/multy-s3-bucket/0.1.0/variables.tf
@@ -0,0 +1,32 @@
+variable "bucket_name" {
+  description = "The root name of the s3 bucket to be created, will be suffixed with '-primary' and '-replica'"
+  type        = string
+  nullable    = false
+  default     = false
+}
+
+variable "this_is_development" {
+  description = "The development cluster environment and data/resources can be destroyed!"
+  type        = string
+  nullable    = false
+  default     = false
+}
+
+variable "company_account_id" {
+  description = "The company AWS account id"
+  type        = string
+  nullable    = false
+}
+
+variable "primary_region" {
+  description = "The primary S3 region to create S3 bucket in used for backups. This should be the same region as the one where the cluster is being deployed."
+  type        = string
+  nullable    = false
+}
+
+variable "backup_region" {
+  description = "The secondary S3 region to create S3 bucket in used for backups. This should be different than the primary region and will have the data from the primary region replicated to it."
+  type        = string
+  nullable    = false
+}
+
diff --git a/s3-common.tf b/s3-common.tf
@@ -0,0 +1,9 @@
+module "common_s3" {
+  source = "./modules/multy-s3-bucket/0.1.0"
+
+  bucket_name         = local.bucket_name
+  this_is_development = var.this_is_development
+  company_account_id  = var.company_account_id
+  primary_region      = var.primary_region
+  backup_region       = var.backup_region
+}