diff --git a/.gitignore b/.gitignore index ba8c637a..3e6734b6 100644 --- a/.gitignore +++ b/.gitignore @@ -1,7 +1,7 @@ **/.DS_Store # Local .terraform directories -**/.terraform/* +backup-vault/teraform/.terraform/* # .tfstate files *.tfstate diff --git a/backup-vault/teraform/backup-vault.tf b/backup-vault/teraform/backup-vault.tf new file mode 100644 index 00000000..a6227db8 --- /dev/null +++ b/backup-vault/teraform/backup-vault.tf @@ -0,0 +1,13 @@ +resource "aws_backup_vault" "backup_vault" { + name = "${terraform.workspace}_backup_vault" + kms_key_arn = aws_kms_key.encryption_key.arn +} + +resource "aws_kms_key" "encryption_key" { + description = "KMS key for encrypting backups" + enable_key_rotation = true +} + +resource "aws_kms_alias" "encryption_key_alias" { + target_key_id = aws_kms_key.encryption_key.id +} \ No newline at end of file diff --git a/backup-vault/teraform/main.tf b/backup-vault/teraform/main.tf new file mode 100644 index 00000000..767b54f9 --- /dev/null +++ b/backup-vault/teraform/main.tf @@ -0,0 +1,17 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 4.0" + } + } + backend "s3" { + dynamodb_table = "ndr-backup-terraform-lock" + region = "eu-west-2" + key = "ndr/terraform.tfstate" + encrypt = true + } +} +provider "aws" { + region = "eu-west-2" +} diff --git a/backup-vault/teraform/pre-prod.s3.tfbackend b/backup-vault/teraform/pre-prod.s3.tfbackend new file mode 100644 index 00000000..a2ab8baa --- /dev/null +++ b/backup-vault/teraform/pre-prod.s3.tfbackend @@ -0,0 +1,5 @@ +bucket = "ndr-backup-terraform-state" +dynamodb_table = "ndr-backup-terraform-lock" +region = "eu-west-2" +key = "backup/terraform.tfstate" +encrypt = true \ No newline at end of file diff --git a/backup-vault/teraform/prod.s3.tfbackend b/backup-vault/teraform/prod.s3.tfbackend new file mode 100644 index 00000000..a2ab8baa --- /dev/null +++ b/backup-vault/teraform/prod.s3.tfbackend @@ -0,0 +1,5 @@ +bucket = "ndr-backup-terraform-state" +dynamodb_table = "ndr-backup-terraform-lock" +region = "eu-west-2" +key = "backup/terraform.tfstate" +encrypt = true \ No newline at end of file