s3_state -> aws/statev0.0.3

2 files changed, 50 insertions, 0 deletions

diff --git a/aws/state/main.tf b/aws/state/main.tf
new file mode 100644
index 0000000..1190892
--- /dev/null
+++ b/aws/state/main.tf
@@ -0,0 +1,44 @@
+resource "aws_s3_bucket" "state" {
+  bucket = var.bucket_name
+
+  lifecycle {
+    prevent_destroy = true
+  }
+}
+
+resource "aws_s3_bucket_versioning" "default" {
+  bucket = aws_s3_bucket.state.id
+
+  versioning_configuration {
+    status = "Enabled"
+  }
+}
+
+resource "aws_s3_bucket_server_side_encryption_configuration" "default" {
+  bucket = aws_s3_bucket.state.id
+
+  rule {
+    apply_server_side_encryption_by_default {
+      sse_algorithm = "AES256"
+    }
+  }
+}
+
+resource "aws_s3_bucket_public_access_block" "default" {
+  bucket                  = aws_s3_bucket.state.id
+  block_public_acls       = true
+  block_public_policy     = true
+  ignore_public_acls      = true
+  restrict_public_buckets = true
+}
+
+resource "aws_dynamodb_table" "locks" {
+  name         = var.dynamodb_table_name
+  billing_mode = "PAY_PER_REQUEST"
+  hash_key     = "LockID"
+
+  attribute {
+    name = "LockID"
+    type = "S"
+  }
+}
diff --git a/aws/state/variables.tf b/aws/state/variables.tf
new file mode 100644
index 0000000..861b754
--- /dev/null
+++ b/aws/state/variables.tf
@@ -0,0 +1,6 @@
+variable "bucket_name" {
+  type = string
+}
+variable "dynamodb_table_name" {
+  type = string
+}