AWS Terraspace Plugin
The AWS Terraspace Plugin adds support for the automatic creation of the backend storage s3 bucket and dynamodb table. By default:
- S3 Buckets are secured with encryption, have an enforce ssl bucket policy, have versioning enabled, and have a lifecycle policy. Bucket server access logging and also be optionally enabled.
- DynamoDB tables have encryption enabled using the AWS Managed KMS Key for DynamoDB.
The plugin settings are configurable with:
config/plugins/aws.rb
TerraspacePluginAws.configure do |config|
config.auto_create = true # set to false to completely disable auto creation
config.s3.encryption = true
config.s3.enforce_ssl = true
config.s3.versioning = true
config.s3.lifecycle = true
config.s3.access_logging = false # false is the default setting
config.s3.secure_existing = false # run the security controls on existing buckets. by default, only run on newly created bucket the first time
config.dynamodb.encryption = true
config.dynamodb.kms_master_key_id = nil
config.dynamodb.sse_type = "KMS"
end
Plugin Options
Name | Description | Default |
---|---|---|
auto_create | Whether or not to automatically create the S3 bucket and DynamoDB table. | true |
s3.encryption | Whether or not to enable S3 bucket encryption. | true |
s3.enforce_ssl | Whether or not to add a S3 bucket policy that enforces SSL. | true |
s3.versioning | Whether or not to enable versioning on the S3 bucket. | true |
s3.lifecycle | Whether or not to add a lifecycle policy that cleans up old versions to the S3 bucket. | true |
s3.access_logging | Whether or not to enable access logging on the S3 bucket. | false |
s3.secure_existing | Whether or not to run the security controls on existing buckets. By default, only run on newly created bucket the first time. | false |
dynamodb.encryption | Whether or not enable encryption on the DynamoDB table. | true |
dynamodb.kms_master_key_id | Specify the KMS key to use. By default, the default DynamoDB key associated with the AWS account is used. | nil |
dynamodb.sse_type | Server-side encryption type. | “KMS” |
The full list refer to plugin source code: terraspace_plugin_aws.