-
Notifications
You must be signed in to change notification settings - Fork 8
/
aws_s3_bucket.artifacts.tf
65 lines (51 loc) · 1.41 KB
/
aws_s3_bucket.artifacts.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
resource "aws_s3_bucket" "artifacts" {
# checkov:skip=CKV_AWS_144:LEGACY
# checkov:skip=CKV2_AWS_61:
# checkov:skip=CKV_AWS_18:LEGACY
# checkov:skip=CKV2_AWS_62::OVERKILL
count = var.bucketname == "" ? 1 : 0
bucket = local.bucketname
force_destroy = var.force_artifact_destroy
}
resource "aws_s3_bucket_server_side_encryption_configuration" "example" {
count = var.bucketname == "" ? 1 : 0
bucket = aws_s3_bucket.artifacts[0].bucket
rule {
apply_server_side_encryption_by_default {
sse_algorithm = var.sse_algorithm
kms_master_key_id = var.kms_key_id
}
}
}
resource "aws_s3_bucket_lifecycle_configuration" "pike" {
count = var.bucketname == "" ? 1 : 0
bucket = aws_s3_bucket.artifacts[0].id
rule {
id = "expire"
expiration {
days = var.artifact_expiry
}
abort_incomplete_multipart_upload {
days_after_initiation = 14
}
status = "Enabled"
}
}
resource "aws_s3_bucket_versioning" "example" {
count = var.bucketname == "" ? 1 : 0
bucket = aws_s3_bucket.artifacts[0].id
versioning_configuration {
status = var.versioning
mfa_delete = var.mfa_delete
}
}
resource "aws_s3_bucket_acl" "example" {
count = var.bucketname == "" ? 1 : 0
bucket = aws_s3_bucket.artifacts[0].id
acl = "private"
}
variable "artifact_expiry" {
type = number
default = 365
description = "number of days"
}