Skip to content

Commit

Permalink
PRMDR-533 (#114)
Browse files Browse the repository at this point in the history
* [PRMDR-533]

Adding a backup vault and a KMS key for encrypting. Deploys well enough on the pre prod backup AWS

* [PRMDR-533]

Formatting

* [PRMDR-533]

Adding in S3 / Dynamo terraform state storage and locks

* [PRMDR-533]

Adding in S3 / Dynamo terraform state storage and locks
  • Loading branch information
AlexHerbertNHS authored Nov 28, 2023
1 parent 6fe2cbc commit af85b8d
Show file tree
Hide file tree
Showing 5 changed files with 41 additions and 1 deletion.
2 changes: 1 addition & 1 deletion .gitignore
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
**/.DS_Store

# Local .terraform directories
**/.terraform/*
backup-vault/teraform/.terraform/*

# .tfstate files
*.tfstate
Expand Down
13 changes: 13 additions & 0 deletions backup-vault/teraform/backup-vault.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
resource "aws_backup_vault" "backup_vault" {
name = "${terraform.workspace}_backup_vault"
kms_key_arn = aws_kms_key.encryption_key.arn
}

resource "aws_kms_key" "encryption_key" {
description = "KMS key for encrypting backups"
enable_key_rotation = true
}

resource "aws_kms_alias" "encryption_key_alias" {
target_key_id = aws_kms_key.encryption_key.id
}
17 changes: 17 additions & 0 deletions backup-vault/teraform/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 4.0"
}
}
backend "s3" {
dynamodb_table = "ndr-backup-terraform-lock"
region = "eu-west-2"
key = "ndr/terraform.tfstate"
encrypt = true
}
}
provider "aws" {
region = "eu-west-2"
}
5 changes: 5 additions & 0 deletions backup-vault/teraform/pre-prod.s3.tfbackend
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
bucket = "ndr-backup-terraform-state"
dynamodb_table = "ndr-backup-terraform-lock"
region = "eu-west-2"
key = "backup/terraform.tfstate"
encrypt = true
5 changes: 5 additions & 0 deletions backup-vault/teraform/prod.s3.tfbackend
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
bucket = "ndr-backup-terraform-state"
dynamodb_table = "ndr-backup-terraform-lock"
region = "eu-west-2"
key = "backup/terraform.tfstate"
encrypt = true

0 comments on commit af85b8d

Please sign in to comment.