Merge pull request #4 from diggerhq/fix/backend-acls-again

Use terraform that actually works
diggerhq · Nov 6, 2023 · 23ec7ec · 23ec7ec
2 parents 3455728 + 943b3b9
commit 23ec7ec
Show file tree

Hide file tree

Showing 2 changed files with 43 additions and 20 deletions.
diff --git a/backend/main.tf b/backend/main.tf
@@ -2,40 +2,60 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "5.23.1"  
+      version = "5.24.0"
     }
   }
 }
 
 provider "aws" {
-  region = "us-east-1"  # Replace with your desired AWS region
+  region = "us-east-1"
 }
 
-resource "random_string" "bucket_prefix" {
-  length  = 8
-  special = false
+variable "bucket_id" {
+  type = string
+  default = "digger-s3backend-quickstart-aws"
 }
 
-resource "aws_s3_bucket" "default" {
-  bucket = "${random_string.bucket_prefix.result}-bucket-tfstate"
+variable "dynamo_lock_table_id" {
+  type = string
+  default = "digger-locktable-quickstart-aws"
 }
 
-resource "aws_s3_bucket_versioning" "versioning_example" {
-  bucket = aws_s3_bucket.default.id
+resource "aws_s3_bucket" "example" {
+  bucket = var.bucket_id
+}
+
+resource "aws_s3_bucket_versioning" "example" {
+  bucket = aws_s3_bucket.example.id
   versioning_configuration {
     status = "Enabled"
   }
 }
 
-resource "aws_s3_bucket_acl" "example" {
-  bucket = aws_s3_bucket.default.id
-  acl    = "private"
-}
+resource "aws_s3_bucket_public_access_block" "example" {
+  bucket = aws_s3_bucket.example.id
 
+  block_public_acls       = true
+  block_public_policy     = true
+  ignore_public_acls      = true
+  restrict_public_buckets = true
+}
 
 resource "aws_dynamodb_table" "DiggerDynamoDBLockTable" {
-  name             = "DiggerDynamoDBLockTable"
+  name             = var.dynamo_lock_table_id
   billing_mode     = "PAY_PER_REQUEST"
   stream_enabled   = true
   stream_view_type = "NEW_AND_OLD_IMAGES"
+  hash_key         = "PK"
+  range_key        = "SK"
+
+  attribute {
+    name = "PK"
+    type = "S"
+  }
+
+  attribute {
+    name = "SK"
+    type = "S"
+  }
 }
diff --git a/prod/main.tf b/prod/main.tf
@@ -2,15 +2,17 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "3.0.0"  # Use an appropriate version
+      version = "5.24.0"
     }
   }
     backend "s3" {
-    bucket = "8046b8f4c208f5bb-bucket-tfstate"
+    bucket = "digger-s3backend-quickstart-aws"              # Change if a different S3 bucket name was used for the backend 
+    /* Un-comment to use DynamoDB state locking
+    dynamodb_table = "digger-locktable-quickstart-aws"      # Change if a different DynamoDB table name was used for backend
+    */
     key    = "terraform/state"
     region = "us-east-1"
   }
-
 }
 
 provider "aws" {
@@ -27,7 +29,7 @@ resource "aws_vpc" "vpc_network" {
 resource "aws_subnet" "vpc_subnet" {
   vpc_id                  = aws_vpc.vpc_network.id
   cidr_block              = "10.0.1.0/24"
-  availability_zone       = "us-east-2a"  
+  availability_zone       = "us-east-1a"  
   map_public_ip_on_launch = true
 
   tags = {
@@ -36,6 +38,7 @@ resource "aws_subnet" "vpc_subnet" {
 }
 
 resource "aws_security_group" "security_group" {
+  vpc_id      = aws_vpc.vpc_network.id
   name_prefix = "terraform-"
   ingress {
     from_port   = 80
@@ -46,10 +49,10 @@ resource "aws_security_group" "security_group" {
 }
 
 resource "aws_instance" "vm_instance" {
-  ami             = "ami-0b17ac7207aae009f"  #Debian 11 (bullsey AMI provided by the Debian Project https://wiki.debian.org/Cloud/AmazonEC2Image/Bullseye)
+  ami             = "ami-05c13eab67c5d8861"                   # us-east-1 Amazon Linux 2023 AMI 2023.2.20231030.1 x86_64 HVM kernel-6.1
   instance_type   = "t2.micro"
   subnet_id       = aws_subnet.vpc_subnet.id
-  security_groups = [aws_security_group.security_group.name]
+  security_groups = [aws_security_group.security_group.id]
   tags = {
     Name = "terraform-instance"
   }