diff --git a/operations/terraform/common.tf b/operations/terraform/common.tf index 6037a21..e58481d 100644 --- a/operations/terraform/common.tf +++ b/operations/terraform/common.tf @@ -5,15 +5,7 @@ variable "aws_region" { default = "us-west-2" # Oregon } -variable "deploy_bucket_name" { +variable "app_root_url" { description = "Name of the S3 bucket to store deployed artifacts, logs, etc." default = "pm.jdb-labs.com" } - -#### Provider Configuration - -provider "aws" { - region = var.aws_region -} - - diff --git a/operations/terraform/main.tf b/operations/terraform/main.tf index 5744c84..028ffb5 100644 --- a/operations/terraform/main.tf +++ b/operations/terraform/main.tf @@ -1,8 +1,28 @@ +provider "aws" { + region = var.aws_region +} + resource "aws_s3_bucket" "personal_measure" { - bucket = "${var.deploy_bucket_name}" + bucket = "${var.app_root_url}" acl = "log-delivery-write" } +resource "aws_dynamodb_table" "dynamodb_terraform-state-lock" { + name = "terraform-state-lock.${var.app_root_url}" + hash_key = "LockID" + read_capacity = 20 + write_capacity = 20 + + attribute { + name = "LockID" + type = "S" + } + + tags = { + Name = "Terraform DynamoDB State Lock Table" + } +} + module "dev_env" { source = "./deployed_env" diff --git a/operations/terraform/terraform.tf b/operations/terraform/terraform.tf new file mode 100644 index 0000000..0c1518f --- /dev/null +++ b/operations/terraform/terraform.tf @@ -0,0 +1,8 @@ +terraform { + backend "s3" { + bucket = "pm.jdb-labs.com" + region = "us-west-2" + key = "terraform.tfstate" + dynamodb_table = "terraform-state-lock.pm.jdb-labs.com" + } +} diff --git a/operations/terraform/terraform.tfstate b/operations/terraform/terraform.tfstate deleted file mode 100644 index c53b1fd..0000000 --- a/operations/terraform/terraform.tfstate +++ /dev/null @@ -1,547 +0,0 @@ -{ - "version": 4, - "terraform_version": "0.12.9", - "serial": 13, - "lineage": "07ea4679-dcfc-ec03-69c0-9f3b3df53386", - "outputs": {}, - "resources": [ - { - "module": "module.prod_env", - "mode": "data", - "type": "aws_iam_policy_document", - "name": "bucket_access_policy", - "provider": "provider.aws", - "instances": [ - { - "schema_version": 0, - "attributes": { - "id": "4164925389", - "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com/prod/webroot/*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity EV7VQF8SH3HMM\"\n }\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity EV7VQF8SH3HMM\"\n }\n }\n ]\n}", - "override_json": null, - "policy_id": null, - "source_json": null, - "statement": [ - { - "actions": [ - "s3:GetObject" - ], - "condition": [], - "effect": "Allow", - "not_actions": [], - "not_principals": [], - "not_resources": [], - "principals": [ - { - "identifiers": [ - "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity EV7VQF8SH3HMM" - ], - "type": "AWS" - } - ], - "resources": [ - "arn:aws:s3:::pm.jdb-labs.com/prod/webroot/*" - ], - "sid": "" - }, - { - "actions": [ - "s3:ListBucket" - ], - "condition": [], - "effect": "Allow", - "not_actions": [], - "not_principals": [], - "not_resources": [], - "principals": [ - { - "identifiers": [ - "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity EV7VQF8SH3HMM" - ], - "type": "AWS" - } - ], - "resources": [ - "arn:aws:s3:::pm.jdb-labs.com" - ], - "sid": "" - } - ], - "version": "2012-10-17" - }, - "depends_on": [ - "aws_cloudfront_origin_access_identity.origin_access_identity" - ] - } - ] - }, - { - "module": "module.dev_env", - "mode": "data", - "type": "aws_iam_policy_document", - "name": "bucket_access_policy", - "provider": "provider.aws", - "instances": [ - { - "schema_version": 0, - "attributes": { - "id": "672870168", - "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com/dev/webroot/*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ENADNQSO0I1JY\"\n }\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ENADNQSO0I1JY\"\n }\n }\n ]\n}", - "override_json": null, - "policy_id": null, - "source_json": null, - "statement": [ - { - "actions": [ - "s3:GetObject" - ], - "condition": [], - "effect": "Allow", - "not_actions": [], - "not_principals": [], - "not_resources": [], - "principals": [ - { - "identifiers": [ - "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ENADNQSO0I1JY" - ], - "type": "AWS" - } - ], - "resources": [ - "arn:aws:s3:::pm.jdb-labs.com/dev/webroot/*" - ], - "sid": "" - }, - { - "actions": [ - "s3:ListBucket" - ], - "condition": [], - "effect": "Allow", - "not_actions": [], - "not_principals": [], - "not_resources": [], - "principals": [ - { - "identifiers": [ - "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ENADNQSO0I1JY" - ], - "type": "AWS" - } - ], - "resources": [ - "arn:aws:s3:::pm.jdb-labs.com" - ], - "sid": "" - } - ], - "version": "2012-10-17" - }, - "depends_on": [ - "aws_cloudfront_origin_access_identity.origin_access_identity" - ] - } - ] - }, - { - "mode": "data", - "type": "aws_iam_policy_document", - "name": "cloudfront_access_policy", - "provider": "provider.aws", - "instances": [ - { - "schema_version": 0, - "attributes": { - "id": "1534115699", - "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com/dev/webroot/*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ENADNQSO0I1JY\"\n }\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ENADNQSO0I1JY\"\n }\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com/prod/webroot/*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity EV7VQF8SH3HMM\"\n }\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity EV7VQF8SH3HMM\"\n }\n }\n ]\n}", - "override_json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com/prod/webroot/*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity EV7VQF8SH3HMM\"\n }\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity EV7VQF8SH3HMM\"\n }\n }\n ]\n}", - "policy_id": null, - "source_json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com/dev/webroot/*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ENADNQSO0I1JY\"\n }\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ENADNQSO0I1JY\"\n }\n }\n ]\n}", - "statement": null, - "version": "2012-10-17" - }, - "depends_on": [ - "module.dev_env", - "module.prod_env" - ] - } - ] - }, - { - "module": "module.prod_env", - "mode": "managed", - "type": "aws_cloudfront_distribution", - "name": "s3_distribution", - "provider": "provider.aws", - "instances": [ - { - "schema_version": 1, - "attributes": { - "active_trusted_signers": { - "enabled": "false", - "items.#": "0" - }, - "aliases": [ - "pm.jdb-labs.com" - ], - "arn": "arn:aws:cloudfront::063932952339:distribution/E331OLEUZMJYX2", - "cache_behavior": [], - "caller_reference": "terraform-20190924171430991900000002", - "comment": "Personal Measure prod distribution.", - "custom_error_response": [ - { - "error_caching_min_ttl": null, - "error_code": 404, - "response_code": 200, - "response_page_path": "/index.html" - } - ], - "default_cache_behavior": [ - { - "allowed_methods": [ - "GET", - "HEAD", - "OPTIONS" - ], - "cached_methods": [ - "GET", - "HEAD", - "OPTIONS" - ], - "compress": true, - "default_ttl": 31536000, - "field_level_encryption_id": "", - "forwarded_values": [ - { - "cookies": [ - { - "forward": "none", - "whitelisted_names": null - } - ], - "headers": null, - "query_string": false, - "query_string_cache_keys": null - } - ], - "lambda_function_association": [], - "max_ttl": 31536000, - "min_ttl": 0, - "smooth_streaming": false, - "target_origin_id": "S3-PersonalMeasure-prod", - "trusted_signers": null, - "viewer_protocol_policy": "redirect-to-https" - } - ], - "default_root_object": "/index.html", - "domain_name": "d1pydbw1mwi6dq.cloudfront.net", - "enabled": true, - "etag": "E39Y9O0I859AQB", - "hosted_zone_id": "Z2FDTNDATAQYW2", - "http_version": "http2", - "id": "E331OLEUZMJYX2", - "in_progress_validation_batches": 0, - "is_ipv6_enabled": true, - "last_modified_time": "2019-09-24 17:14:34.861 +0000 UTC", - "logging_config": [ - { - "bucket": "pm.jdb-labs.com.s3.amazonaws.com", - "include_cookies": false, - "prefix": "prod/logs/cloudfront" - } - ], - "ordered_cache_behavior": [], - "origin": [ - { - "custom_header": [], - "custom_origin_config": [], - "domain_name": "pm.jdb-labs.com.s3.us-west-2.amazonaws.com", - "origin_id": "S3-PersonalMeasure-prod", - "origin_path": "/prod/webroot", - "s3_origin_config": [ - { - "origin_access_identity": "origin-access-identity/cloudfront/EV7VQF8SH3HMM" - } - ] - } - ], - "origin_group": [], - "price_class": "PriceClass_100", - "restrictions": [ - { - "geo_restriction": [ - { - "locations": null, - "restriction_type": "none" - } - ] - } - ], - "retain_on_delete": false, - "status": "Deployed", - "tags": { - "Environment": "prod" - }, - "viewer_certificate": [ - { - "acm_certificate_arn": "arn:aws:acm:us-east-1:063932952339:certificate/48fe3ce0-4700-4eaa-b433-bb634f47934c", - "cloudfront_default_certificate": false, - "iam_certificate_id": "", - "minimum_protocol_version": "TLSv1", - "ssl_support_method": "sni-only" - } - ], - "wait_for_deployment": true, - "web_acl_id": "" - }, - "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", - "depends_on": [ - "aws_cloudfront_origin_access_identity.origin_access_identity" - ] - } - ] - }, - { - "module": "module.dev_env", - "mode": "managed", - "type": "aws_cloudfront_distribution", - "name": "s3_distribution", - "provider": "provider.aws", - "instances": [ - { - "schema_version": 1, - "attributes": { - "active_trusted_signers": { - "enabled": "false", - "items.#": "0" - }, - "aliases": [ - "pm-dev.jdb-labs.com" - ], - "arn": "arn:aws:cloudfront::063932952339:distribution/EYDKNEMGBYXK6", - "cache_behavior": [], - "caller_reference": "terraform-20190924171430991900000001", - "comment": "Personal Measure dev distribution.", - "custom_error_response": [ - { - "error_caching_min_ttl": null, - "error_code": 404, - "response_code": 200, - "response_page_path": "/index.html" - } - ], - "default_cache_behavior": [ - { - "allowed_methods": [ - "GET", - "HEAD", - "OPTIONS" - ], - "cached_methods": [ - "GET", - "HEAD", - "OPTIONS" - ], - "compress": true, - "default_ttl": 31536000, - "field_level_encryption_id": "", - "forwarded_values": [ - { - "cookies": [ - { - "forward": "none", - "whitelisted_names": null - } - ], - "headers": null, - "query_string": false, - "query_string_cache_keys": null - } - ], - "lambda_function_association": [], - "max_ttl": 31536000, - "min_ttl": 0, - "smooth_streaming": false, - "target_origin_id": "S3-PersonalMeasure-dev", - "trusted_signers": null, - "viewer_protocol_policy": "redirect-to-https" - } - ], - "default_root_object": "/index.html", - "domain_name": "d2gk6d79ot5fv3.cloudfront.net", - "enabled": true, - "etag": "E1DN3CB5IQVST8", - "hosted_zone_id": "Z2FDTNDATAQYW2", - "http_version": "http2", - "id": "EYDKNEMGBYXK6", - "in_progress_validation_batches": 0, - "is_ipv6_enabled": true, - "last_modified_time": "2019-09-24 17:14:32.614 +0000 UTC", - "logging_config": [ - { - "bucket": "pm.jdb-labs.com.s3.amazonaws.com", - "include_cookies": false, - "prefix": "dev/logs/cloudfront" - } - ], - "ordered_cache_behavior": [], - "origin": [ - { - "custom_header": [], - "custom_origin_config": [], - "domain_name": "pm.jdb-labs.com.s3.us-west-2.amazonaws.com", - "origin_id": "S3-PersonalMeasure-dev", - "origin_path": "/dev/webroot", - "s3_origin_config": [ - { - "origin_access_identity": "origin-access-identity/cloudfront/ENADNQSO0I1JY" - } - ] - } - ], - "origin_group": [], - "price_class": "PriceClass_100", - "restrictions": [ - { - "geo_restriction": [ - { - "locations": null, - "restriction_type": "none" - } - ] - } - ], - "retain_on_delete": false, - "status": "Deployed", - "tags": { - "Environment": "dev" - }, - "viewer_certificate": [ - { - "acm_certificate_arn": "arn:aws:acm:us-east-1:063932952339:certificate/48fe3ce0-4700-4eaa-b433-bb634f47934c", - "cloudfront_default_certificate": false, - "iam_certificate_id": "", - "minimum_protocol_version": "TLSv1", - "ssl_support_method": "sni-only" - } - ], - "wait_for_deployment": true, - "web_acl_id": "" - }, - "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", - "depends_on": [ - "aws_cloudfront_origin_access_identity.origin_access_identity" - ] - } - ] - }, - { - "module": "module.prod_env", - "mode": "managed", - "type": "aws_cloudfront_origin_access_identity", - "name": "origin_access_identity", - "provider": "provider.aws", - "instances": [ - { - "schema_version": 0, - "attributes": { - "caller_reference": "terraform-20190924170615555500000002", - "cloudfront_access_identity_path": "origin-access-identity/cloudfront/EV7VQF8SH3HMM", - "comment": "OAI for Personal Measure {$var.environment} environment.", - "etag": "E1XJOGSBHHRD9K", - "iam_arn": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity EV7VQF8SH3HMM", - "id": "EV7VQF8SH3HMM", - "s3_canonical_user_id": "3a882d18f05e2fa5a3cabc208bcb8c0e2143166b56c0b8442f5b8b405c203859a3f525afcabc2e52dd1c9799d883a166" - }, - "private": "bnVsbA==" - } - ] - }, - { - "module": "module.dev_env", - "mode": "managed", - "type": "aws_cloudfront_origin_access_identity", - "name": "origin_access_identity", - "provider": "provider.aws", - "instances": [ - { - "schema_version": 0, - "attributes": { - "caller_reference": "terraform-20190924170615555100000001", - "cloudfront_access_identity_path": "origin-access-identity/cloudfront/ENADNQSO0I1JY", - "comment": "OAI for Personal Measure {$var.environment} environment.", - "etag": "E1K0T63S2F5CYR", - "iam_arn": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ENADNQSO0I1JY", - "id": "ENADNQSO0I1JY", - "s3_canonical_user_id": "6e965a9a0e9034badac65e1ac223e048b6d1b934d146abd32c49634489959a5ee1252e34fb643cd222dde425f2abfcd4" - }, - "private": "bnVsbA==" - } - ] - }, - { - "mode": "managed", - "type": "aws_s3_bucket", - "name": "personal_measure", - "provider": "provider.aws", - "instances": [ - { - "schema_version": 0, - "attributes": { - "acceleration_status": "", - "acl": "log-delivery-write", - "arn": "arn:aws:s3:::pm.jdb-labs.com", - "bucket": "pm.jdb-labs.com", - "bucket_domain_name": "pm.jdb-labs.com.s3.amazonaws.com", - "bucket_prefix": null, - "bucket_regional_domain_name": "pm.jdb-labs.com.s3.us-west-2.amazonaws.com", - "cors_rule": [], - "force_destroy": false, - "hosted_zone_id": "Z3BJ6K6RIION7M", - "id": "pm.jdb-labs.com", - "lifecycle_rule": [], - "logging": [], - "object_lock_configuration": [], - "policy": null, - "region": "us-west-2", - "replication_configuration": [], - "request_payer": "BucketOwner", - "server_side_encryption_configuration": [], - "tags": {}, - "versioning": [ - { - "enabled": false, - "mfa_delete": false - } - ], - "website": [], - "website_domain": null, - "website_endpoint": null - }, - "private": "bnVsbA==" - } - ] - }, - { - "mode": "managed", - "type": "aws_s3_bucket_policy", - "name": "personal_measure", - "provider": "provider.aws", - "instances": [ - { - "schema_version": 0, - "attributes": { - "bucket": "pm.jdb-labs.com", - "id": "pm.jdb-labs.com", - "policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com/dev/webroot/*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ENADNQSO0I1JY\"\n }\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ENADNQSO0I1JY\"\n }\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com/prod/webroot/*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity EV7VQF8SH3HMM\"\n }\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity EV7VQF8SH3HMM\"\n }\n }\n ]\n}" - }, - "private": "bnVsbA==", - "depends_on": [ - "aws_s3_bucket.personal_measure", - "data.aws_iam_policy_document.cloudfront_access_policy" - ] - } - ] - } - ] -} diff --git a/operations/terraform/terraform.tfstate.backup b/operations/terraform/terraform.tfstate.backup deleted file mode 100644 index 7e966ae..0000000 --- a/operations/terraform/terraform.tfstate.backup +++ /dev/null @@ -1,279 +0,0 @@ -{ - "version": 4, - "terraform_version": "0.12.9", - "serial": 9, - "lineage": "07ea4679-dcfc-ec03-69c0-9f3b3df53386", - "outputs": {}, - "resources": [ - { - "module": "module.prod_env", - "mode": "data", - "type": "aws_iam_policy_document", - "name": "bucket_access_policy", - "provider": "provider.aws", - "instances": [ - { - "schema_version": 0, - "attributes": { - "id": "1727217411", - "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com/prod/webroot/*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront_Origin_Access_Identity_EV7VQF8SH3HMM\"\n }\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront_Origin_Access_Identity_EV7VQF8SH3HMM\"\n }\n }\n ]\n}", - "override_json": null, - "policy_id": null, - "source_json": null, - "statement": [ - { - "actions": [ - "s3:GetObject" - ], - "condition": [], - "effect": "Allow", - "not_actions": [], - "not_principals": [], - "not_resources": [], - "principals": [ - { - "identifiers": [ - "arn:aws:iam::cloudfront:user/CloudFront_Origin_Access_Identity_EV7VQF8SH3HMM" - ], - "type": "AWS" - } - ], - "resources": [ - "arn:aws:s3:::pm.jdb-labs.com/prod/webroot/*" - ], - "sid": "" - }, - { - "actions": [ - "s3:ListBucket" - ], - "condition": [], - "effect": "Allow", - "not_actions": [], - "not_principals": [], - "not_resources": [], - "principals": [ - { - "identifiers": [ - "arn:aws:iam::cloudfront:user/CloudFront_Origin_Access_Identity_EV7VQF8SH3HMM" - ], - "type": "AWS" - } - ], - "resources": [ - "arn:aws:s3:::pm.jdb-labs.com" - ], - "sid": "" - } - ], - "version": "2012-10-17" - }, - "depends_on": [ - "aws_cloudfront_origin_access_identity.origin_access_identity" - ] - } - ] - }, - { - "module": "module.dev_env", - "mode": "data", - "type": "aws_iam_policy_document", - "name": "bucket_access_policy", - "provider": "provider.aws", - "instances": [ - { - "schema_version": 0, - "attributes": { - "id": "3067586518", - "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com/dev/webroot/*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront_Origin_Access_Identity_ENADNQSO0I1JY\"\n }\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront_Origin_Access_Identity_ENADNQSO0I1JY\"\n }\n }\n ]\n}", - "override_json": null, - "policy_id": null, - "source_json": null, - "statement": [ - { - "actions": [ - "s3:GetObject" - ], - "condition": [], - "effect": "Allow", - "not_actions": [], - "not_principals": [], - "not_resources": [], - "principals": [ - { - "identifiers": [ - "arn:aws:iam::cloudfront:user/CloudFront_Origin_Access_Identity_ENADNQSO0I1JY" - ], - "type": "AWS" - } - ], - "resources": [ - "arn:aws:s3:::pm.jdb-labs.com/dev/webroot/*" - ], - "sid": "" - }, - { - "actions": [ - "s3:ListBucket" - ], - "condition": [], - "effect": "Allow", - "not_actions": [], - "not_principals": [], - "not_resources": [], - "principals": [ - { - "identifiers": [ - "arn:aws:iam::cloudfront:user/CloudFront_Origin_Access_Identity_ENADNQSO0I1JY" - ], - "type": "AWS" - } - ], - "resources": [ - "arn:aws:s3:::pm.jdb-labs.com" - ], - "sid": "" - } - ], - "version": "2012-10-17" - }, - "depends_on": [ - "aws_cloudfront_origin_access_identity.origin_access_identity" - ] - } - ] - }, - { - "mode": "data", - "type": "aws_iam_policy_document", - "name": "cloudfront_access_policy", - "provider": "provider.aws", - "instances": [ - { - "schema_version": 0, - "attributes": { - "id": "754132408", - "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com/dev/webroot/*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront_Origin_Access_Identity_ENADNQSO0I1JY\"\n }\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront_Origin_Access_Identity_ENADNQSO0I1JY\"\n }\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com/prod/webroot/*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront_Origin_Access_Identity_EV7VQF8SH3HMM\"\n }\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront_Origin_Access_Identity_EV7VQF8SH3HMM\"\n }\n }\n ]\n}", - "override_json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com/prod/webroot/*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront_Origin_Access_Identity_EV7VQF8SH3HMM\"\n }\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront_Origin_Access_Identity_EV7VQF8SH3HMM\"\n }\n }\n ]\n}", - "policy_id": null, - "source_json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com/dev/webroot/*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront_Origin_Access_Identity_ENADNQSO0I1JY\"\n }\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront_Origin_Access_Identity_ENADNQSO0I1JY\"\n }\n }\n ]\n}", - "statement": null, - "version": "2012-10-17" - }, - "depends_on": [ - "module.dev_env", - "module.prod_env" - ] - } - ] - }, - { - "module": "module.prod_env", - "mode": "managed", - "type": "aws_cloudfront_origin_access_identity", - "name": "origin_access_identity", - "provider": "provider.aws", - "instances": [ - { - "schema_version": 0, - "attributes": { - "caller_reference": "terraform-20190924170615555500000002", - "cloudfront_access_identity_path": "origin-access-identity/cloudfront/EV7VQF8SH3HMM", - "comment": "OAI for Personal Measure {$var.environment} environment.", - "etag": "E1XJOGSBHHRD9K", - "iam_arn": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity EV7VQF8SH3HMM", - "id": "EV7VQF8SH3HMM", - "s3_canonical_user_id": "3a882d18f05e2fa5a3cabc208bcb8c0e2143166b56c0b8442f5b8b405c203859a3f525afcabc2e52dd1c9799d883a166" - }, - "private": "bnVsbA==" - } - ] - }, - { - "module": "module.dev_env", - "mode": "managed", - "type": "aws_cloudfront_origin_access_identity", - "name": "origin_access_identity", - "provider": "provider.aws", - "instances": [ - { - "schema_version": 0, - "attributes": { - "caller_reference": "terraform-20190924170615555100000001", - "cloudfront_access_identity_path": "origin-access-identity/cloudfront/ENADNQSO0I1JY", - "comment": "OAI for Personal Measure {$var.environment} environment.", - "etag": "E1K0T63S2F5CYR", - "iam_arn": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ENADNQSO0I1JY", - "id": "ENADNQSO0I1JY", - "s3_canonical_user_id": "6e965a9a0e9034badac65e1ac223e048b6d1b934d146abd32c49634489959a5ee1252e34fb643cd222dde425f2abfcd4" - }, - "private": "bnVsbA==" - } - ] - }, - { - "mode": "managed", - "type": "aws_s3_bucket", - "name": "personal_measure", - "provider": "provider.aws", - "instances": [ - { - "schema_version": 0, - "attributes": { - "acceleration_status": "", - "acl": "log-delivery-write", - "arn": "arn:aws:s3:::pm.jdb-labs.com", - "bucket": "pm.jdb-labs.com", - "bucket_domain_name": "pm.jdb-labs.com.s3.amazonaws.com", - "bucket_prefix": null, - "bucket_regional_domain_name": "pm.jdb-labs.com.s3.us-west-2.amazonaws.com", - "cors_rule": [], - "force_destroy": false, - "hosted_zone_id": "Z3BJ6K6RIION7M", - "id": "pm.jdb-labs.com", - "lifecycle_rule": [], - "logging": [], - "object_lock_configuration": [], - "policy": null, - "region": "us-west-2", - "replication_configuration": [], - "request_payer": "BucketOwner", - "server_side_encryption_configuration": [], - "tags": {}, - "versioning": [ - { - "enabled": false, - "mfa_delete": false - } - ], - "website": [], - "website_domain": null, - "website_endpoint": null - }, - "private": "bnVsbA==" - } - ] - }, - { - "mode": "managed", - "type": "aws_s3_bucket_policy", - "name": "personal_measure", - "provider": "provider.aws", - "instances": [ - { - "schema_version": 0, - "attributes": { - "bucket": "pm.jdb-labs.com", - "id": "pm.jdb-labs.com", - "policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com/dev/webroot/*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront_Origin_Access_Identity_ENADNQSO0I1JY\"\n }\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront_Origin_Access_Identity_ENADNQSO0I1JY\"\n }\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com/prod/webroot/*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront_Origin_Access_Identity_EV7VQF8SH3HMM\"\n }\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront_Origin_Access_Identity_EV7VQF8SH3HMM\"\n }\n }\n ]\n}" - }, - "private": "bnVsbA==", - "depends_on": [ - "aws_s3_bucket.personal_measure", - "data.aws_iam_policy_document.cloudfront_access_policy" - ] - } - ] - } - ] -}