From 1b64ded66bfcbe88e50f1c615625c67c46f6e21c Mon Sep 17 00:00:00 2001 From: guyrenny Date: Sun, 15 Sep 2024 14:51:37 +0300 Subject: [PATCH] Allow force destroy and random string in bucket name --- examples/s3-archive/outputs.tf | 4 --- examples/s3-archive/variables.tf | 36 ++++++-------------- modules/provisioning/s3-archive/README.md | 4 ++- modules/provisioning/s3-archive/main.tf | 15 +++----- modules/provisioning/s3-archive/outputs.tf | 4 --- modules/provisioning/s3-archive/variables.tf | 12 +++++++ 6 files changed, 30 insertions(+), 45 deletions(-) diff --git a/examples/s3-archive/outputs.tf b/examples/s3-archive/outputs.tf index de95e81a..a62656b6 100644 --- a/examples/s3-archive/outputs.tf +++ b/examples/s3-archive/outputs.tf @@ -1,7 +1,3 @@ -output "bucket_name_same" { - value = local.is_same_bucket_name ? "Logs and Metrics bucket name should not be the same" : "" -} - output "wrong_region" { value = local.is_valid_region ? "" : "You tried to configure the bucket in a region that is not supported, or you are not in the region that you specified. Allow regions: eu-west-1, eu-north-1, ap-southeast-1, ap-south-1, us-east-2, us-west-2" } diff --git a/examples/s3-archive/variables.tf b/examples/s3-archive/variables.tf index c14f40ae..cbae2413 100644 --- a/examples/s3-archive/variables.tf +++ b/examples/s3-archive/variables.tf @@ -20,19 +20,6 @@ variable "custom_coralogix_arn" { default = "" } -variable "coralogix_arn_mapping" { - type = map(string) - default = { - "eu-west-1" = "625240141681" - "eu-north-1" = "625240141681" - "ap-southeast-1" = "625240141681" - "ap-south-1" = "625240141681" - "us-east-2" = "625240141681" - "us-west-2" = "739076534691" - "" = "625240141681" - } -} - variable "logs_bucket_name" { type = string description = "The name of the S3 bucket to create for the logs archive (Leave empty if not needed)" @@ -57,15 +44,14 @@ variable "metrics_kms_arn" { default = "" } -variable "aws_role_region" { - type = map - default = { - "eu-west-1"="eu1" - "eu-north-1"="eu2" - "ap-southeast-1"="ap1" - "ap-south-1"="ap2" - "us-east-2"="us1" - "us-west-2"="us2" - } - } - \ No newline at end of file +variable "logs_bucket_force_destroy" { + type = bool + description = "force the metrics bucket to destroyed, even if there is data in it" + default = false +} + +variable "metrics_bucket_force_destroy" { + type = bool + description = "force the metrics bucket to destroyed, even if there is data in it" + default = false +} diff --git a/modules/provisioning/s3-archive/README.md b/modules/provisioning/s3-archive/README.md index 42e6c2df..c5390426 100644 --- a/modules/provisioning/s3-archive/README.md +++ b/modules/provisioning/s3-archive/README.md @@ -18,9 +18,11 @@ The module can run only on the following regions eu-west-1,eu-north-1,ap-southea | [aws](#provider\_aws) | >= 4.15.1 | | Variable name | Description | Type | Default | Required | -|------|-------------|------|------|:--------:| +|---------------|-------------|------|---------|:--------:| | aws_region | The AWS region that you want to create the S3 bucket, Must be the same as the AWS region where your [coralogix account](https://coralogix.com/docs/coralogix-domain/) is set. Allowd values: eu-west-1, eu-north-1, ap-southeast-1,ap-southeast-1, ap-south-1, us-east-2, us-west-2 | `string` | n/a | :heavy_check_mark: | | logs_bucket_name | The name of the S3 bucket to create for the logs archive (Leave empty if not needed), Note: bucket name must follow [AWS naming rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html) | `string` | n/a | | | metrics_bucket_name | The name of the S3 bucket to create for the metrics archive (Leave empty if not needed), Note: bucket name must follow [AWS naming rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html) | `string` | n/a | | +| logs_bucket_force_destroy | enable force destroy to the logs S3 bucekt, to not allow delete if there is files in the bucket | `bool` | false | | +| metrics_bucket_force_destroy | enable force destroy to the metrics S3 bucekt, to not allow delete if there is files in the bucket | `bool` | false | | | logs_kms_arn | The arn of your kms for the logs bucket , Note: make sure that the kms is in the same region as your bucket | `string` | n/a | | | metrics_kms_arn | The arn of your kms for the metrics bucket , Note: make sure that the kms is in the same region as your bucket | `string` | n/a | | \ No newline at end of file diff --git a/modules/provisioning/s3-archive/main.tf b/modules/provisioning/s3-archive/main.tf index 1f9c947d..e3795cf1 100644 --- a/modules/provisioning/s3-archive/main.tf +++ b/modules/provisioning/s3-archive/main.tf @@ -1,12 +1,9 @@ locals { - is_logs_bucket_name_empty = var.logs_bucket_name != "" - is_metrics_bucket_name_empty = var.metrics_bucket_name != "" - is_same_bucket_name = var.logs_bucket_name == var.metrics_bucket_name is_valid_region = data.aws_region.current.name == var.aws_region coralogix_role_region = lookup(var.aws_role_region, var.aws_region) - logs_validations = local.is_logs_bucket_name_empty && !local.is_same_bucket_name && (local.is_valid_region || var.bypass_valid_region != "") - metrics_validations = local.is_metrics_bucket_name_empty && !local.is_same_bucket_name && (local.is_valid_region || var.bypass_valid_region != "") + logs_validations = local.is_valid_region || var.bypass_valid_region != "" + metrics_validations = local.is_valid_region || var.bypass_valid_region != "" kms_logs_validation = local.logs_validations && var.logs_kms_arn != "" && contains(split(":", var.logs_kms_arn), var.aws_region) kms_metrics_validation = local.metrics_validations && var.metrics_kms_arn != "" && contains(split(":", var.metrics_kms_arn), var.aws_region) coralogix_log_role_arn = var.custom_coralogix_arn != "" ? "arn:aws:iam::${var.custom_coralogix_arn}:role/coralogix-archive-${local.coralogix_role_region}" : var.bypass_valid_region != "" ? "arn:aws:iam::${var.coralogix_arn_mapping[""]}:role/coralogix-archive-${local.coralogix_role_region}" : "arn:aws:iam::${var.coralogix_arn_mapping[var.aws_region]}:role/coralogix-archive-${local.coralogix_role_region}" @@ -18,17 +15,13 @@ data "aws_region" "current" {} resource "aws_s3_bucket" "logs_bucket_name" { count = local.logs_validations ? 1 : 0 bucket = var.logs_bucket_name - lifecycle { - prevent_destroy = true - } + force_destroy = var.logs_bucket_force_destroy } resource "aws_s3_bucket" "metrics_bucket_name" { count = local.metrics_validations ? 1 : 0 bucket = var.metrics_bucket_name - lifecycle { - prevent_destroy = true - } + force_destroy = var.metrics_bucket_force_destroy } resource "aws_s3_bucket_policy" "logs_bucket_policy" { diff --git a/modules/provisioning/s3-archive/outputs.tf b/modules/provisioning/s3-archive/outputs.tf index de95e81a..a62656b6 100644 --- a/modules/provisioning/s3-archive/outputs.tf +++ b/modules/provisioning/s3-archive/outputs.tf @@ -1,7 +1,3 @@ -output "bucket_name_same" { - value = local.is_same_bucket_name ? "Logs and Metrics bucket name should not be the same" : "" -} - output "wrong_region" { value = local.is_valid_region ? "" : "You tried to configure the bucket in a region that is not supported, or you are not in the region that you specified. Allow regions: eu-west-1, eu-north-1, ap-southeast-1, ap-south-1, us-east-2, us-west-2" } diff --git a/modules/provisioning/s3-archive/variables.tf b/modules/provisioning/s3-archive/variables.tf index 24dfd5be..9c3fa64b 100644 --- a/modules/provisioning/s3-archive/variables.tf +++ b/modules/provisioning/s3-archive/variables.tf @@ -58,6 +58,18 @@ variable "metrics_kms_arn" { default = "" } +variable "logs_bucket_force_destroy" { + type = bool + description = "force the metrics bucket to destroyed, even if there is data in it" + default = false +} + +variable "metrics_bucket_force_destroy" { + type = bool + description = "force the metrics bucket to destroyed, even if there is data in it" + default = false +} + variable "aws_role_region" { type = map default = {