From cbcd153aad7ddd7c3c85d101f6ca2edc35f25cb6 Mon Sep 17 00:00:00 2001 From: sh1220 Date: Thu, 17 Jul 2025 21:44:13 +0900 Subject: [PATCH 1/2] feat: billing bucket --- management-team-account/billing/s3/backend.tf | 9 ++++++++ management-team-account/billing/s3/main.tf | 21 +++++++++++++++++++ management-team-account/billing/s3/outputs.tf | 7 +++++++ 3 files changed, 37 insertions(+) create mode 100644 management-team-account/billing/s3/backend.tf create mode 100644 management-team-account/billing/s3/main.tf create mode 100644 management-team-account/billing/s3/outputs.tf diff --git a/management-team-account/billing/s3/backend.tf b/management-team-account/billing/s3/backend.tf new file mode 100644 index 0000000..812631e --- /dev/null +++ b/management-team-account/billing/s3/backend.tf @@ -0,0 +1,9 @@ +terraform { + backend "s3" { + bucket = "cloudfence-management-state" + key = "billing/s3.tfstate" + region = "ap-northeast-2" + encrypt = true + dynamodb_table = "s3-management-lock" + } +} diff --git a/management-team-account/billing/s3/main.tf b/management-team-account/billing/s3/main.tf new file mode 100644 index 0000000..9d64084 --- /dev/null +++ b/management-team-account/billing/s3/main.tf @@ -0,0 +1,21 @@ + +# billing을 담을 bucket 생성 +resource "aws_s3_bucket" "billing" { + bucket = "billing-report-bucket" + force_destroy = true +} + +# billing에서 bucket에 putobject를 하는 것을 허용 +resource "aws_s3_bucket_policy" "allow_billing_upload" { + bucket = aws_s3_bucket.billing.id + + policy = jsonencode({ + Version = "2012-10-17", + Statement = [{ + Effect = "Allow", + Principal = { Service = "billingreports.amazonaws.com" }, + Action = "s3:PutObject", + Resource = "${aws_s3_bucket.billing.arn}/*" + }] + }) +} diff --git a/management-team-account/billing/s3/outputs.tf b/management-team-account/billing/s3/outputs.tf new file mode 100644 index 0000000..54f6907 --- /dev/null +++ b/management-team-account/billing/s3/outputs.tf @@ -0,0 +1,7 @@ +output "bucket_id" { + value = aws_s3_bucket.billing.id +} + +output "bucket_arn" { + value = aws_s3_bucket.billing.arn +} \ No newline at end of file From 2fdeaad06a7f7933b61e5f877c001ee17e468b7e Mon Sep 17 00:00:00 2001 From: sh1220 Date: Thu, 17 Jul 2025 23:05:35 +0900 Subject: [PATCH 2/2] temp --- management-team-account/billing/s3/main.tf | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/management-team-account/billing/s3/main.tf b/management-team-account/billing/s3/main.tf index 9d64084..65a3240 100644 --- a/management-team-account/billing/s3/main.tf +++ b/management-team-account/billing/s3/main.tf @@ -1,8 +1,15 @@ # billing을 담을 bucket 생성 resource "aws_s3_bucket" "billing" { - bucket = "billing-report-bucket" - force_destroy = true + bucket = "billing-report-bucket" + lifecycle { + prevent_destroy = false + } + + tags = { + Name = "Billing Bucket" + Environment = "management" + } } # billing에서 bucket에 putobject를 하는 것을 허용