Last active
May 20, 2022 22:18
-
-
Save unfunco/dd2585ae4891a17857b06e260bba32ff to your computer and use it in GitHub Desktop.
CloudFormation template for bootstrapping a Terraform state bucket and DynamoDB locks table in AWS.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| AWSTemplateFormatVersion: 2010-09-09 | |
| Description: CloudFormation stack used to bootstrap Terraform. | |
| Resources: | |
| TerraformStateBucket: | |
| Type: AWS::S3::Bucket | |
| Properties: | |
| AccessControl: Private | |
| BucketEncryption: | |
| ServerSideEncryptionConfiguration: | |
| - ServerSideEncryptionByDefault: | |
| SSEAlgorithm: AES256 | |
| BucketName: !Sub terraform-state-${AWS::AccountId} | |
| PublicAccessBlockConfiguration: | |
| BlockPublicAcls: true | |
| BlockPublicPolicy: true | |
| IgnorePublicAcls: true | |
| RestrictPublicBuckets: true | |
| VersioningConfiguration: | |
| Status: Enabled | |
| TerraformStatePolicy: | |
| DependsOn: [ TerraformStateBucket ] | |
| Type: AWS::S3::BucketPolicy | |
| Properties: | |
| Bucket: !Ref TerraformStateBucket | |
| PolicyDocument: | |
| Statement: | |
| - Action: s3:DeleteObject | |
| Effect: Deny | |
| Principal: "*" | |
| Resource: !Sub arn:aws:s3:::${TerraformStateBucket}/* | |
| Sid: DenyDeleteTerraformState | |
| TerraformLocksTable: | |
| Type: AWS::DynamoDB::Table | |
| Properties: | |
| AttributeDefinitions: | |
| - AttributeName: LockID | |
| AttributeType: S | |
| BillingMode: PAY_PER_REQUEST | |
| KeySchema: | |
| - AttributeName: LockID | |
| KeyType: HASH | |
| PointInTimeRecoverySpecification: | |
| PointInTimeRecoveryEnabled: true | |
| SSESpecification: | |
| SSEEnabled: true | |
| TableName: terraform-locks | |
| Outputs: | |
| TerraformLocksTableArn: | |
| Description: ARN of the DynamoDB table used for locking Terraform state. | |
| Value: !GetAtt TerraformLocksTable.Arn | |
| TerraformLocksTableName: | |
| Description: Name of the DynamoDB table used for locking Terraform state. | |
| Value: !Ref TerraformLocksTable | |
| TerraformStateBucketArn: | |
| Description: ARN of the S3 bucket used to store Terraform state. | |
| Value: !GetAtt TerraformStateBucket.Arn | |
| TerraformStateBucketName: | |
| Description: Name of the S3 bucket used to store Terraform state. | |
| Value: !Ref TerraformStateBucket |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment