forked from jenkins-infra/azure
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy patharchives.tf
37 lines (32 loc) · 1.34 KB
/
archives.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
resource "azurerm_resource_group" "archives" {
name = "archives"
location = var.location
tags = local.default_tags
}
resource "azurerm_storage_account" "archives" {
name = "jenkinsinfraarchives"
resource_group_name = azurerm_resource_group.archives.name
location = azurerm_resource_group.archives.location
account_tier = "Standard"
account_replication_type = "GRS" # recommended for backups
# https://learn.microsoft.com/en-gb/azure/storage/common/infrastructure-encryption-enable
infrastructure_encryption_enabled = true
min_tls_version = "TLS1_2" # default value, needed for tfsec
network_rules {
default_action = "Deny"
ip_rules = values(local.admin_allowed_ips)
virtual_network_subnet_ids = [data.azurerm_subnet.privatek8s_tier.id]
bypass = ["AzureServices"]
}
tags = local.default_tags
}
## Archived items
# Container for the dump of confluence databases
resource "azurerm_storage_container" "confluence_dumps" {
name = "confluence-databases-dump"
storage_account_name = azurerm_storage_account.archives.name
container_access_type = "private"
metadata = merge(local.default_tags, {
helpdesk = "https://github.com/jenkins-infra/helpdesk/issues/3249"
})
}