From 19466f51057c4721c5c7762059950802d2b9c95c Mon Sep 17 00:00:00 2001 From: Vivek Chugh Date: Tue, 20 Apr 2021 09:12:50 -0400 Subject: [PATCH 1/2] Prod - add s3 MFA delete for s3-logs and tf-state --- state_bucket/main.tf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/state_bucket/main.tf b/state_bucket/main.tf index b9b932d6..e2fb7f4d 100644 --- a/state_bucket/main.tf +++ b/state_bucket/main.tf @@ -75,6 +75,7 @@ resource "aws_s3_bucket" "s3-logs" { versioning { enabled = true + mfa_delete = var.env_name == "prod" ? true : false } lifecycle_rule { @@ -120,6 +121,7 @@ resource "aws_s3_bucket" "tf-state" { policy = "" versioning { enabled = true + mfa_delete = var.env_name == "prod" ? true : false } logging { From 8bc2b52fb0e90cf5cc4ca8cf36a547aba93948cf Mon Sep 17 00:00:00 2001 From: Vivek Chugh Date: Wed, 21 Apr 2021 10:15:07 -0400 Subject: [PATCH 2/2] Added s3 env variable for s3-logs and tf-state --- state_bucket/main.tf | 4 ++-- state_bucket/variables.tf | 5 +++++ 2 files changed, 7 insertions(+), 2 deletions(-) create mode 100644 state_bucket/variables.tf diff --git a/state_bucket/main.tf b/state_bucket/main.tf index e2fb7f4d..6c102470 100644 --- a/state_bucket/main.tf +++ b/state_bucket/main.tf @@ -75,7 +75,7 @@ resource "aws_s3_bucket" "s3-logs" { versioning { enabled = true - mfa_delete = var.env_name == "prod" ? true : false + mfa_delete = var.s3_env } lifecycle_rule { @@ -121,7 +121,7 @@ resource "aws_s3_bucket" "tf-state" { policy = "" versioning { enabled = true - mfa_delete = var.env_name == "prod" ? true : false + mfa_delete = var.s3_env } logging { diff --git a/state_bucket/variables.tf b/state_bucket/variables.tf new file mode 100644 index 00000000..72a1c7ea --- /dev/null +++ b/state_bucket/variables.tf @@ -0,0 +1,5 @@ +variable "s3_env" { + description = "Environment where the s3 bucket is being deployed (sandbox/stage/prod)" + type = string + default = "false" +}