Commit by Dhairya Anilbhai Dudhatra

Author: Dhairya-Dudhatra

stackgen_iac/terraform/.gitignore

@@ -0,0 +1,32 @@
+# Source: https://github.com/github/gitignore/blob/main/Terraform.gitignore
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Ignore transient lock info files created by terraform apply
+.terraform.tfstate.lock.info
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+

stackgen_iac/terraform/.metadata

@@ -0,0 +1,7 @@
+{
+  "app_stack_name": "untitled-appStack-5aed0be7",
+  "iac_type": "Terraform",
+  "provider": "aws",
+  "multi_env": false,
+  "exporter": "terraform"
+}

stackgen_iac/terraform/README.md

@@ -0,0 +1,3 @@
+# README
+This is a readme file for IaC generated with StackGen.
+You can modify your appStack -> [here](http://appcd.local/appstacks/7168e7a8-5587-4bc7-a49e-9cac58671fef)

stackgen_iac/terraform/main.tf

@@ -0,0 +1,13 @@
+module "stackgen_74c0ac7c-39ec-4dcd-bcd2-e6ab4e00ee1f" {
+  source                       = "./modules/aws_s3"
+  block_public_access          = true
+  bucket_name                  = "dgtshteha"
+  bucket_policy                = ""
+  enable_versioning            = true
+  enable_website_configuration = false
+  sse_algorithm                = "aws:kms"
+  tags                         = {}
+  website_error_document       = "404.html"
+  website_index_document       = "index.html"
+}
+

stackgen_iac/terraform/modules/aws_s3/aws_s3.tf

@@ -0,0 +1,105 @@
+resource "aws_s3_bucket" "this" {
+  bucket = var.bucket_name
+  tags   = var.tags
+}
+
+# create versioning for the bucket
+resource "aws_s3_bucket_versioning" "this" {
+  # create this resource only if var.versioning is not empty
+  count = var.enable_versioning ? 1 : 0
+
+  bucket = aws_s3_bucket.this.id
+
+  # enable versioning
+  versioning_configuration {
+    status = "Enabled"
+  }
+}
+
+# Create a server-side encryption configuration for the bucket
+resource "aws_s3_bucket_server_side_encryption_configuration" "this" {
+  # create this resource only if var.sse_algorithm is not empty
+  count = var.sse_algorithm != "" ? 1 : 0
+
+  bucket = aws_s3_bucket.this.id
+
+  rule {
+    apply_server_side_encryption_by_default {
+      kms_master_key_id = var.sse_algorithm == "aws:kms" ? aws_kms_key.custom_s3_kms_key[0].key_id : null
+      sse_algorithm     = var.sse_algorithm
+    }
+  }
+}
+
+# block public access
+resource "aws_s3_bucket_public_access_block" "this" {
+
+  bucket = aws_s3_bucket.this.id
+
+  block_public_acls       = var.block_public_access
+  block_public_policy     = var.block_public_access
+  ignore_public_acls      = var.block_public_access
+  restrict_public_buckets = var.block_public_access
+}
+
+
+resource "aws_s3_bucket_website_configuration" "this" {
+  count  = var.enable_website_configuration ? 1 : 0
+  bucket = aws_s3_bucket.this.id
+
+  index_document {
+    suffix = var.website_index_document
+  }
+
+  error_document {
+    key = var.website_error_document
+  }
+}
+
+resource "aws_s3_bucket_policy" "website_bucket_policy" {
+  count  = var.enable_website_configuration ? 1 : 0
+  bucket = aws_s3_bucket.this.id
+  policy = data.aws_iam_policy_document.website_bucket_policy[0].json
+}
+
+data "aws_iam_policy_document" "website_bucket_policy" {
+  count = var.enable_website_configuration ? 1 : 0
+  statement {
+    effect = "Allow"
+    principals {
+      type        = "AWS"
+      identifiers = ["*"]
+    }
+    actions   = ["s3:GetObject"]
+    resources = ["${aws_s3_bucket.this.arn}/*"]
+
+  }
+}
+
+resource "aws_s3_bucket_policy" "allow_access" {
+  count  = var.bucket_policy != "" ? 1 : 0
+  bucket = aws_s3_bucket.this.id
+  policy = var.bucket_policy
+}
+
+
+resource "aws_kms_key" "custom_s3_kms_key" {
+  count               = var.sse_algorithm == "aws:kms" ? 1 : 0
+  description         = "Custom KMS key for s3 bucket encryption"
+  enable_key_rotation = true
+}
+
+resource "aws_kms_alias" "a" {
+  count         = var.sse_algorithm == "aws:kms" ? 1 : 0
+  name          = "alias/s3-${replace(aws_s3_bucket.this.bucket, ".", "-")}"
+  target_key_id = aws_kms_key.custom_s3_kms_key[0].key_id
+}
+
+
+
+
+
+
+
+
+

stackgen_iac/terraform/modules/aws_s3/outputs.tf.json

@@ -0,0 +1,24 @@
+{
+  "output": {
+    "arn": {
+      "description": "The value of the arn output",
+      "sensitive": false,
+      "value": "${aws_s3_bucket.this.arn}"
+    },
+    "bucket_name": {
+      "description": "The value of the bucket_name output",
+      "sensitive": false,
+      "value": "${aws_s3_bucket.this.id}"
+    },
+    "bucket_website_endpoint": {
+      "description": "The value of the bucket_website_endpoint output",
+      "sensitive": false,
+      "value": "${var.enable_website_configuration ? aws_s3_bucket_website_configuration.this[0].website_endpoint : null}"
+    },
+    "kms_arn": {
+      "description": "The value of the kms_arn output",
+      "sensitive": false,
+      "value": "${var.sse_algorithm == \"aws:kms\" ? aws_kms_key.custom_s3_kms_key[0].arn : null}"
+    }
+  }
+}

stackgen_iac/terraform/modules/aws_s3/variables.tf.json

@@ -0,0 +1,72 @@
+{
+    "variable": {
+      "block_public_access": [
+        {
+          "default": true,
+          "description": "A state of block public access. If false, block public access is not enabled.",
+          "type": "bool",
+          "nullable": true
+        }
+      ],
+      "bucket_name": [
+        {
+          "description": "The name of the s3 bucket",
+          "nullable": false,
+          "type": "string"
+        }
+      ],
+      "enable_versioning": [
+        {
+          "default": true,
+          "description": "Enable versioning for the bucket",
+          "type": "bool",
+          "nullable": true
+        }
+      ],
+      "sse_algorithm": [
+        {
+          "default": "aws:kms",
+          "description": "The server-side encryption algorithm to use. Valid values are AES256 and aws:kms. If you specify aws:kms, a new KMS key will be provisioned and used. If empty, no encryption is performed.",
+          "type": "string",
+          "nullable": true
+        }
+      ],
+      "enable_website_configuration": [
+        {
+          "default": false,
+          "description": "Enable website configuration for the bucket",
+          "type": "bool"
+        }
+      ],
+      "website_index_document": [
+        {
+          "description": "The index document for the bucket",
+          "type": "string",
+          "default": "index.html"
+        }
+      ],
+      "website_error_document": [
+        {
+          "description": "The error document for the bucket",
+          "type": "string",
+          "default": "404.html"
+        }
+      ],
+      "bucket_policy": [
+        {
+          "description": "The IAM policy of the bucket (can be used to allow access to other roles or accounts)",
+          "type": "string",
+          "default": "",
+          "nullable": true
+        }
+      ],
+      "tags": [
+        {
+            "default": {},
+            "description": "A mapping of AWS tags to assign to the bucket.",
+            "type": "map(string)",
+            "nullable": true
+        }
+      ]
+    }
+  }

stackgen_iac/terraform/outputs.tf

@@ -0,0 +1,23 @@
+output "aws_s3_stackgen_74c0ac7c-39ec-4dcd-bcd2-e6ab4e00ee1f_arn" {
+  value     = module.stackgen_74c0ac7c-39ec-4dcd-bcd2-e6ab4e00ee1f.arn
+  sensitive = false
+}
+
+output "aws_s3_stackgen_74c0ac7c-39ec-4dcd-bcd2-e6ab4e00ee1f_bucket_name" {
+  value     = module.stackgen_74c0ac7c-39ec-4dcd-bcd2-e6ab4e00ee1f.bucket_name
+  sensitive = false
+}
+
+output "aws_s3_stackgen_74c0ac7c-39ec-4dcd-bcd2-e6ab4e00ee1f_bucket_website_endpoint" {
+  value     = module.stackgen_74c0ac7c-39ec-4dcd-bcd2-e6ab4e00ee1f.bucket_website_endpoint
+  sensitive = false
+}
+
+output "aws_s3_stackgen_74c0ac7c-39ec-4dcd-bcd2-e6ab4e00ee1f_kms_arn" {
+  value     = module.stackgen_74c0ac7c-39ec-4dcd-bcd2-e6ab4e00ee1f.kms_arn
+  sensitive = false
+}
+
+
+################################################################################
+

stackgen_iac/terraform/provider.tf

@@ -0,0 +1,23 @@
+terraform {
+  required_version = ">= 1.0.0, < 2.0.0"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.0"
+    }
+
+    awscc = { // AWS Cloud Control
+      source  = "hashicorp/awscc"
+      version = "~> 1.0"
+    }
+  }
+}
+
+provider "awscc" {
+  region = var.region
+}
+
+provider "aws" {
+  region = var.region
+}

stackgen_iac/terraform/variables.tf

@@ -0,0 +1,3 @@
+variable "region" {
+  description = "AWS region in which the project needs to be setup (us-east-1, ca-west-1, eu-west-3, etc)"
+}