Terraform - Buckets 추가

terraform/buckets/.terraform.lock.hcl

@@ -0,0 +1,25 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/aws" {
+  version     = "5.34.0"
+  constraints = "~> 5.0"
+  hashes = [
+    "h1:Tbq6dKE+XyXmkup6+7eQj2vH+eCJipk8R3VXhebVYi4=",
+    "zh:01bb20ae12b8c66f0cacec4f417a5d6741f018009f3a66077008e67cce127aa4",
+    "zh:3b0c9bdbbf846beef2c9573fc27898ceb71b69cf9d2f4b1dd2d0c2b539eab114",
+    "zh:5226ecb9c21c2f6fbf1d662ac82459ffcd4ad058a9ea9c6200750a21a80ca009",
+    "zh:6021b905d9b3cd3d7892eb04d405c6fa20112718de1d6ef7b9f1db0b0c97721a",
+    "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
+    "zh:9e61b8e0ccf923979cd2dc1f1140dbcb02f92248578e10c1996f560b6306317c",
+    "zh:ad6bf62cdcf531f2f92f6416822918b7ba2af298e4a0065c6baf44991fda982d",
+    "zh:b698b041ef38837753bbe5265dddbc70b76e8b8b34c5c10876e6aab0eb5eaf63",
+    "zh:bb799843c534f6a3f072a99d93a3b53ff97c58a96742be15518adf8127706784",
+    "zh:cebee0d942c37cd3b21e9050457cceb26d0a6ea886b855dab64bb67d78f863d1",
+    "zh:e061fdd1cb99e7c81fb4485b41ae000c6792d38f73f9f50aed0d3d5c2ce6dcfb",
+    "zh:eeb4943f82734946362696928336357cd1d36164907ae5905da0316a67e275e1",
+    "zh:ef09b6ad475efa9300327a30cbbe4373d817261c8e41e5b7391750b16ef4547d",
+    "zh:f01aab3881cd90b3f56da7c2a75f83da37fd03cc615fc5600a44056a7e0f9af7",
+    "zh:fcd0f724ebc4b56a499eb6c0fc602de609af18a0d578befa2f7a8df155c55550",
+  ]
+}

terraform/buckets/buckets.tf

@@ -0,0 +1,15 @@
+resource "aws_s3_bucket" "bucket" {
+  for_each = var.buckets
+
+  bucket   = each.key
+}
+
+resource "aws_s3_bucket_versioning" "versioning" {
+  for_each = var.buckets
+  
+  bucket   = aws_s3_bucket.bucket[each.key].id
+  
+  versioning_configuration {
+    status = each.value.versioning
+  }
+}

terraform/buckets/lifecycle.tf

@@ -0,0 +1,18 @@
+resource "aws_s3_bucket_lifecycle_configuration" "lifecycle" {
+  for_each = {for bucket, value in var.buckets : bucket => value if value.lifecycle.status == "Enabled"}
+  
+  bucket = aws_s3_bucket.bucket[each.key].id
+
+  rule {
+    id     = "expire_objects"
+    status = each.value.lifecycle.status
+    
+    noncurrent_version_expiration {
+      noncurrent_days = each.value.lifecycle.noncurrent_days
+    }
+
+    expiration {
+      days = each.value.lifecycle.expiration_days
+    }
+  }
+}

terraform/buckets/main.tf

@@ -0,0 +1,3 @@
+provider "aws" {
+  region = var.aws_region
+}

terraform/buckets/permissions.tf

@@ -0,0 +1,50 @@
+resource "aws_s3_bucket_ownership_controls" "ownership" {
+  for_each = var.buckets
+
+  bucket = aws_s3_bucket.bucket[each.key].id
+
+  rule {
+    object_ownership = each.value.object_ownership
+  }
+}
+
+resource "aws_s3_bucket_public_access_block" "public_access_block" {
+  for_each = {for bucket, value in var.buckets : bucket => value if value.public_access == true}
+  
+  bucket = aws_s3_bucket.bucket[each.key].id
+
+  block_public_acls       = false
+  block_public_policy     = false
+  ignore_public_acls      = false
+  restrict_public_buckets = false
+}
+
+resource "aws_s3_bucket_acl" "acl" {
+  for_each = {for bucket, value in var.buckets : bucket => value if value.public_access == true}
+
+  depends_on = [
+    aws_s3_bucket_ownership_controls.ownership,
+    aws_s3_bucket_public_access_block.public_access_block
+  ]
+
+  bucket = aws_s3_bucket.bucket[each.key].id
+  acl    = "public-read"
+}
+
+resource "aws_s3_bucket_policy" "policy" {
+  for_each = {for bucket, value in var.buckets : bucket => value if value.public_access == true}
+  
+  bucket = aws_s3_bucket.bucket[each.key].id
+
+  policy = jsonencode({
+    Version = "2012-10-17",
+    Statement = [
+      {
+        Action    = ["s3:GetObject"],
+        Effect    = "Allow",
+        Resource  = ["${aws_s3_bucket.bucket[each.key].arn}/*"],
+        Principal = "*"
+      }
+    ]
+  })
+}

terraform/buckets/variables.tf

@@ -0,0 +1,46 @@
+variable "aws_region" {
+  default     = "ap-northeast-2"
+}
+
+variable "buckets" {
+  type = map(object({
+    object_ownership  = string
+    public_access     = bool
+    versioning        = string
+    lifecycle         = object({
+      status            = string
+      noncurrent_days   = optional(number)
+      expiration_days   = optional(number)
+    })
+  }))
+  default = {
+    dsk-alert-images = { 
+      object_ownership  = "BucketOwnerPreferred"
+      public_access     = true
+      versioning        = "Enabled"
+      lifecycle         = {
+        status          = "Enabled"
+        noncurrent_days = 1
+        expiration_days = 7
+      }
+    }
+    dsk-airflow = { 
+      object_ownership  = "BucketOwnerEnforced"
+      public_access     = false
+      versioning        = "Enabled"
+      lifecycle         = {
+        status          = "Enabled"
+        noncurrent_days = 1
+        expiration_days = 7
+      }
+    }
+    dsk-metering = { 
+      object_ownership  = "BucketOwnerEnforced"
+      public_access     = false
+      versioning        = "Disabled"
+      lifecycle         = {
+        status          = "Disabled"
+      }
+    }
+  }
+}

terraform/buckets/version.tf

@@ -0,0 +1,8 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.0"
+    }
+  }
+}