Skip to content

Ce 2642 adding s3 bucket for mwaa etl scripts #2064

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
LBH-wgreeff merged 6 commits into from
Jan 16, 2025
Merged

Ce 2642 adding s3 bucket for mwaa etl scripts #2064

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
c8656f9
creating s3 bucket for mwaa etl scripts
LBH-wgreeff Jan 15, 2025
306368c
adding missing compliance exclude
LBH-wgreeff Jan 15, 2025
deaef49
adding missing aws_s3_bucket_public_access_block block
LBH-wgreeff Jan 15, 2025
7159262
fixed typo
LBH-wgreeff Jan 15, 2025
2a117c4
fixing typo
LBH-wgreeff Jan 15, 2025
a5df14d
Merge branch 'main' into CE-2642-adding-s3-bucket-for-mwaa-etl-scripts
LBH-wgreeff Jan 15, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions terraform/compliance/s3.feature
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ Feature: S3
@exclude_module.qlik_server\[0\].aws_s3_bucket.qlik_alb_logs\[0\]
@exclude_module.airflow.aws_s3_bucket.bucket
@exclude_aws_s3_bucket.mwaa_bucket
@exclude_aws_s3_bucket.mwaa_etl_scripts_bucket
Scenario: Data must be encrypted at rest for buckets created using server_side_encryption_configuration property within bucket resource
Given I have aws_s3_bucket defined
Then it must have server_side_encryption_configuration
Expand Down
27 changes: 27 additions & 0 deletions terraform/core/46-mwaa-bucket-kms.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -89,3 +89,30 @@ resource "aws_s3_bucket_public_access_block" "mwaa_bucket_block" {
ignore_public_acls = true
restrict_public_buckets = true
}

resource "aws_s3_bucket" "mwaa_etl_scripts_bucket" {
bucket = "${local.identifier_prefix}-mwaa-etl-scripts-bucket"

tags = module.tags.values
}

resource "aws_s3_bucket_server_side_encryption_configuration" "mwaa_etl_scripts_bucket_encryption" {
bucket = aws_s3_bucket.mwaa_etl_scripts_bucket.id

rule {
apply_server_side_encryption_by_default {
sse_algorithm = "aws:kms"
kms_master_key_id = aws_kms_key.mwaa_key.arn
}
bucket_key_enabled = true
}
}

resource "aws_s3_bucket_public_access_block" "mwaa_etl_scripts_bucket_block" {
bucket = aws_s3_bucket.mwaa_etl_scripts_bucket.id

block_public_acls = true
block_public_policy = true
ignore_public_acls = true
restrict_public_buckets = true
}
Loading