Skip to content

Instantly share code, notes, and snippets.

@churnd

churnd/uw2-ue1.tf

Created March 4, 2022 19:47
Show Gist options
  • Save churnd/065d7bde0bc7143a1b6aec8227daa859 to your computer and use it in GitHub Desktop.
Save churnd/065d7bde0bc7143a1b6aec8227daa859 to your computer and use it in GitHub Desktop.
Download ZIP
s3 2 way replication with terraform
Raw
uw2-ue1.tf
provider "aws" {
region = "eu-west-1"
}
provider "aws" {
alias = "central"
region = "eu-central-1"
}
resource "aws_iam_role" "replication" {
name = "tf-iam-role-replication-12345"
assume_role_policy = <<POLICY
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "s3.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
POLICY
}
resource "aws_iam_policy" "replication" {
name = "tf-iam-role-policy-replication-12345"
policy = <<POLICY
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:GetReplicationConfiguration",
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": [
"${aws_s3_bucket.source.arn}"
]
},
{
"Action": [
"s3:GetObjectVersionForReplication",
"s3:GetObjectVersionAcl",
"s3:GetObjectVersionTagging"
],
"Effect": "Allow",
"Resource": [
"${aws_s3_bucket.source.arn}/*"
]
},
{
"Action": [
"s3:ReplicateObject",
"s3:ReplicateDelete",
"s3:ReplicateTags"
],
"Effect": "Allow",
"Resource": "${aws_s3_bucket.destination.arn}/*"
}
]
}
POLICY
}
resource "aws_iam_role_policy_attachment" "replication" {
role = aws_iam_role.replication.name
policy_arn = aws_iam_policy.replication.arn
}
resource "aws_s3_bucket" "destination" {
bucket = "tf-test-bucket-destination-12345"
}
resource "aws_s3_bucket_versioning" "destination" {
bucket = aws_s3_bucket.destination.id
versioning_configuration {
status = "Enabled"
}
}
resource "aws_s3_bucket" "source" {
provider = aws.central
bucket = "tf-test-bucket-source-12345"
}
resource "aws_s3_bucket_acl" "source_bucket_acl" {
bucket = aws_s3_bucket.source.id
acl = "private"
}
resource "aws_s3_bucket_versioning" "source" {
provider = aws.central
bucket = aws_s3_bucket.source.id
versioning_configuration {
status = "Enabled"
}
}
resource "aws_s3_bucket_replication_configuration" "replication" {
# Must have bucket versioning enabled first
depends_on = [aws_s3_bucket_versioning.source]
role = aws_iam_role.replication.arn
bucket = aws_s3_bucket.source.id
rule {
id = "foobar"
prefix = "foo"
status = "Enabled"
destination {
bucket = aws_s3_bucket.destination.arn
storage_class = "STANDARD"
}
}
}
resource "aws_s3_bucket" "east" {
bucket = "tf-test-bucket-east-12345"
}
resource "aws_s3_bucket_versioning" "east" {
bucket = aws_s3_bucket.east.id
versioning_configuration {
status = "Enabled"
}
}
resource "aws_s3_bucket" "west" {
provider = west
bucket = "tf-test-bucket-west-12345"
}
resource "aws_s3_bucket_versioning" "west" {
provider = west
bucket = aws_s3_bucket.west.id
versioning_configuration {
status = "Enabled"
}
}
resource "aws_s3_bucket_replication_configuration" "east_to_west" {
# Must have bucket versioning enabled first
depends_on = [aws_s3_bucket_versioning.east]
role = aws_iam_role.east_replication.arn
bucket = aws_s3_bucket.east.id
rule {
id = "foobar"
prefix = "foo"
status = "Enabled"
destination {
bucket = aws_s3_bucket.west.arn
storage_class = "STANDARD"
}
}
}
resource "aws_s3_bucket_replication_configuration" "west_to_east" {
# Must have bucket versioning enabled first
depends_on = [aws_s3_bucket_versioning.west]
role = aws_iam_role.west_replication.arn
bucket = aws_s3_bucket.west.id
rule {
id = "foobar"
prefix = "foo"
status = "Enabled"
destination {
bucket = aws_s3_bucket.east.arn
storage_class = "STANDARD"
}
}
}
resource "aws_s3_bucket" "east" {
bucket = "tf-test-bucket-east-12345"
}
resource "aws_s3_bucket_versioning" "east" {
bucket = aws_s3_bucket.east.id
versioning_configuration {
status = "Enabled"
}
}
resource "aws_s3_bucket" "west" {
provider = west
bucket = "tf-test-bucket-west-12345"
}
resource "aws_s3_bucket_versioning" "west" {
provider = west
bucket = aws_s3_bucket.west.id
versioning_configuration {
status = "Enabled"
}
}
resource "aws_s3_bucket_replication_configuration" "east_to_west" {
# Must have bucket versioning enabled first
depends_on = [aws_s3_bucket_versioning.east]
role = aws_iam_role.east_replication.arn
bucket = aws_s3_bucket.east.id
rule {
id = "foobar"
prefix = "foo"
status = "Enabled"
destination {
bucket = aws_s3_bucket.west.arn
storage_class = "STANDARD"
}
}
}
resource "aws_s3_bucket_replication_configuration" "west_to_east" {
# Must have bucket versioning enabled first
depends_on = [aws_s3_bucket_versioning.west]
role = aws_iam_role.west_replication.arn
bucket = aws_s3_bucket.west.id
rule {
id = "foobar"
prefix = "foo"
status = "Enabled"
destination {
bucket = aws_s3_bucket.east.arn
storage_class = "STANDARD"
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment