feat: add initial module (#1)

Author: damianKokot

.version

@@ -1 +1 @@
-v0.0.1
+v1.0.0

README.md

@@ -1,6 +1,68 @@
 # template of terraform resource repository
 
 <!-- START_OF_AUTO_GENERATED_SECTION -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | ~>1.3.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~>4.20.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | ~>4.20.0 |
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_dynamodb_table.terraform-state-lock](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/dynamodb_table) | resource |
+| [aws_kms_alias.state](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_alias) | resource |
+| [aws_kms_key.state](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource |
+| [aws_s3_bucket.bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource |
+| [aws_s3_bucket_public_access_block.bucket-acl](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_public_access_block) | resource |
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_bucket_name"></a> [bucket\_name](#input\_bucket\_name) | S3 state bucket name | `string` | n/a | yes |
+| <a name="input_dynamodb_table_name"></a> [dynamodb\_table\_name](#input\_dynamodb\_table\_name) | DynamoDB state lock table name | `string` | n/a | yes |
+| <a name="input_tags"></a> [tags](#input\_tags) | n/a | `map(string)` | `{}` | no |
+| <a name="input_default_tags"></a> [default\_tags](#input\_default\_tags) | n/a | `map(string)` | <pre>{<br>  "Module": "terraform-state"<br>}</pre> | no |
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_state_bucket_name"></a> [state\_bucket\_name](#output\_state\_bucket\_name) | n/a |
+| <a name="output_state_table_name"></a> [state\_table\_name](#output\_state\_table\_name) | n/a |
+| <a name="output_state_table_arn"></a> [state\_table\_arn](#output\_state\_table\_arn) | n/a |
+
+## Examples
+
+### Basic example
+```hcl
+module "string_ssm_keys" {
+  source              = "[email protected]:masterborn/terraform-kms-tfstate-backend.git?ref=v1.0.0"
+  bucket_name         = "example-state-bucket"
+  dynamodb_table_name = "example-state-lock"
+
+  tags = {
+    Env = "Org"
+  }
+}
+```
+
+Then in backend configuration:
+```hcl
+    backend "s3" {
+      region         = "us-east-1"
+      bucket         = "example-state-bucket"
+      key            = "path/to/file/terraform.tfstate"
+      dynamodb_table = "example-state-lock"
+      encrypt        = true
+    }
+```
 <!-- END_OF_AUTO_GENERATED_SECTION -->
 
 ## Enabling pre-commit hooks

examples/basic/main.tf

@@ -0,0 +1,9 @@
+module "string_ssm_keys" {
+  source              = "[email protected]:masterborn/terraform-kms-tfstate-backend.git?ref={{ provider_version }}"
+  bucket_name         = "example-state-bucket"
+  dynamodb_table_name = "example-state-lock"
+
+  tags = {
+    Env = "Org"
+  }
+}

examples/examples.md

@@ -4,3 +4,14 @@
 ```hcl
 {{ include "./basic/main.tf" }}
 ```
+
+Then in backend configuration:
+```hcl
+    backend "s3" {
+      region         = "us-east-1"
+      bucket         = "example-state-bucket"
+      key            = "path/to/file/terraform.tfstate"
+      dynamodb_table = "example-state-lock"
+      encrypt        = true
+    }
+```

main.tf

@@ -0,0 +1,57 @@
+resource "aws_dynamodb_table" "terraform-state-lock" {
+  name         = var.dynamodb_table_name
+  billing_mode = "PAY_PER_REQUEST"
+  hash_key     = "LockID"
+
+  attribute {
+    name = "LockID"
+    type = "S"
+  }
+
+  tags = local.tags
+}
+
+resource "aws_kms_key" "state" {
+  description         = "Key for terraform remote state backend bucket"
+  enable_key_rotation = true
+  tags                = var.tags
+}
+
+resource "aws_kms_alias" "state" {
+  name          = "alias/state-storage"
+  target_key_id = aws_kms_key.state.key_id
+}
+
+resource "aws_s3_bucket" "bucket" {
+  bucket = var.bucket_name
+  acl    = "private"
+
+
+  versioning {
+    enabled = true
+  }
+
+  lifecycle {
+    prevent_destroy = true
+  }
+
+  server_side_encryption_configuration {
+    rule {
+      apply_server_side_encryption_by_default {
+        kms_master_key_id = aws_kms_key.state.arn
+        sse_algorithm     = "aws:kms"
+      }
+    }
+  }
+
+  tags = local.tags
+}
+
+resource "aws_s3_bucket_public_access_block" "bucket-acl" {
+  bucket = aws_s3_bucket.bucket.id
+
+  block_public_acls       = true
+  block_public_policy     = true
+  ignore_public_acls      = true
+  restrict_public_buckets = true
+}

outputs.tf

@@ -0,0 +1,11 @@
+output "state_bucket_name" {
+  value = var.bucket_name
+}
+
+output "state_table_name" {
+  value = var.dynamodb_table_name
+}
+
+output "state_table_arn" {
+  value = aws_dynamodb_table.terraform-state-lock.arn
+}

variables.tf

@@ -0,0 +1,25 @@
+locals {
+  tags = merge(var.default_tags, var.tags)
+}
+
+variable "bucket_name" {
+  type        = string
+  description = "S3 state bucket name"
+}
+
+variable "dynamodb_table_name" {
+  type        = string
+  description = "DynamoDB state lock table name"
+}
+
+variable "tags" {
+  type    = map(string)
+  default = {}
+}
+
+variable "default_tags" {
+  type = map(string)
+  default = {
+    Module = "terraform-state"
+  }
+}

versions.tf

@@ -1,7 +1,10 @@
 terraform {
-  required_version = ">= 0.13"
+  required_version = "~>1.3.0"
 
   required_providers {
-    
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~>4.20.0"
+    }
   }
 }