AWS Terraspace Plugin
The AWS Terraspace Plugin adds support for the automatic creation of the backend storage s3 bucket and dynamodb table. By default:
- S3 Buckets are secured with encryption, have an enforce ssl bucket policy, have versioning enabled, and have a lifecycle policy. Bucket server access logging and also be optionally enabled.
- DynamoDB tables have encryption enabled using the AWS Managed KMS Key for DynamoDB.
The plugin settings are configurable with:
config/plugins/aws.rb
TerraspacePluginAws.configure do |config|
config.auto_create = true # set to false to completely disable auto creation
config.s3.encryption = true
config.s3.enforce_ssl = true
config.s3.versioning = true
config.s3.lifecycle = true
config.s3.access_logging = false # false is the default setting
config.s3.secure_existing = false # run the security controls on existing buckets. by default, only run on newly created bucket the first time
config.dynamodb.encryption = true
config.dynamodb.kms_master_key_id = nil
config.dynamodb.sse_type = "KMS"
end
For more docs, refer to the plugin itself: terraspace_plugin_aws.