From 2330b6870dc01933623440238422281be19cf9b1 Mon Sep 17 00:00:00 2001 From: anero Date: Thu, 24 Mar 2022 13:16:26 -0300 Subject: [PATCH] Migrate resources to Terraform's AWS provider v4 --- glue_job.tf | 21 +++++++++++++-------- s3.tf | 32 ++++++++++++++++++++------------ versions.tf | 2 +- 3 files changed, 34 insertions(+), 21 deletions(-) diff --git a/glue_job.tf b/glue_job.tf index d6e7c64..ed1f1d7 100644 --- a/glue_job.tf +++ b/glue_job.tf @@ -18,14 +18,19 @@ resource "aws_glue_crawler" "signatures_crawler" { resource "aws_s3_bucket" "glue_resources" { bucket = var.glue_scripts_bucket_name - region = var.aws_region +} - acl = "private" - server_side_encryption_configuration { - rule { - apply_server_side_encryption_by_default { - sse_algorithm = "AES256" - } +resource "aws_s3_bucket_acl" "glue_resources" { + bucket = aws_s3_bucket.glue_resources.id + acl = "private" +} + +resource "aws_s3_bucket_server_side_encryption_configuration" "glue_resources" { + bucket = aws_s3_bucket.glue_resources.bucket + + rule { + apply_server_side_encryption_by_default { + sse_algorithm = "AES256" } } } @@ -40,7 +45,7 @@ data "template_file" "signatures_script" { } } -resource "aws_s3_bucket_object" "signatures_script" { +resource "aws_s3_object" "signatures_script" { bucket = aws_s3_bucket.glue_resources.id key = "${var.controlshift_environment}/signatures_job.py" acl = "private" diff --git a/s3.tf b/s3.tf index eab1f70..f448fad 100644 --- a/s3.tf +++ b/s3.tf @@ -7,25 +7,20 @@ provider "aws" { resource "aws_s3_bucket" "manifest" { provider = aws.controlshift bucket = var.manifest_bucket_name - acl = "private" - region = var.controlshift_aws_region - server_side_encryption_configuration { - rule { - apply_server_side_encryption_by_default { - sse_algorithm = "AES256" - } - } - } tags = { Name = "ControlShift puts import manifests here" } +} + +resource "aws_s3_bucket_lifecycle_configuration" "manifest" { + bucket = aws_s3_bucket.manifest.id # expire the ingested manifests after 5 days after they have been processed to save disk space while providing enough # time to analyze things that might have gone wrong. - lifecycle_rule { - id = "expire-manifests" - enabled = true + rule { + id = "expire-manifests" + status = "Enabled" expiration { days = 5 @@ -33,4 +28,17 @@ resource "aws_s3_bucket" "manifest" { } } +resource "aws_s3_bucket_acl" "manifest" { + bucket = aws_s3_bucket.manifest.id + acl = "private" +} + +resource "aws_s3_bucket_server_side_encryption_configuration" "manifest" { + bucket = aws_s3_bucket.manifest.bucket + rule { + apply_server_side_encryption_by_default { + sse_algorithm = "AES256" + } + } +} diff --git a/versions.tf b/versions.tf index 4f8f56d..5e463c5 100644 --- a/versions.tf +++ b/versions.tf @@ -6,7 +6,7 @@ terraform { } aws = { source = "hashicorp/aws" - version = "~> 2.0" + version = "~> 4.0" } http = { source = "hashicorp/http"