Merge pull request #8 from appcd-dev/stackgen_af552d97-908a-404b-bd9b-bad1c2eebdf0

creating iac for storage component

Author: gauravchavan2412

sales-demo-dharani/terraform/.gitignore

@@ -0,0 +1,32 @@
+# Source: https://github.com/github/gitignore/blob/main/Terraform.gitignore
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Ignore transient lock info files created by terraform apply
+.terraform.tfstate.lock.info
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+

sales-demo-dharani/terraform/.metadata

@@ -0,0 +1,7 @@
+{
+  "app_stack_name": "untitled-appStack-02989a07",
+  "iac_type": "Terraform",
+  "provider": "aws",
+  "multi_env": false,
+  "exporter": "terraform"
+}

sales-demo-dharani/terraform/README.md

@@ -0,0 +1,3 @@
+# README
+This is a readme file for IaC generated with StackGen.
+You can modify your appStack -> [here](http://stage.dev.stackgen.com/appstacks/12f6711b-680f-4bf3-b106-91c7c817fd02)

sales-demo-dharani/terraform/backend.tf

@@ -0,0 +1,5 @@
+terraform {
+  backend "local" {
+    path = "/Users/gauravchavan/Documents/terraform.tfstate"
+  }
+}

sales-demo-dharani/terraform/main.tf

@@ -0,0 +1,38 @@
+module "stackgen_0f83e604-227d-494f-9477-1735ce19eebf" {
+  source                       = "./modules/aws_s3"
+  block_public_access          = true
+  bucket_name                  = "sg-bucket-sales-demo"
+  bucket_policy                = ""
+  enable_versioning            = true
+  enable_website_configuration = false
+  sse_algorithm                = "aws:kms"
+  tags                         = {}
+  website_error_document       = "404.html"
+  website_index_document       = "index.html"
+}
+
+module "stackgen_31ac0045-76ab-4587-951d-bab58037d7db" {
+  source                           = "./modules/aws_athena"
+  athena_engine_version            = "AUTO"
+  bucket_name                      = module.stackgen_0f83e604-227d-494f-9477-1735ce19eebf.bucket_name
+  bytes_scanned_cutoff_per_query   = 10485760
+  database_force_destroy           = false
+  database_name                    = "sg-sales-demo"
+  encrypt_query_results            = true
+  encryption_option                = "SSE_KMS"
+  expected_bucket_owner            = null
+  kms_key                          = null
+  query                            = "sg-query"
+  query_description                = null
+  query_name                       = "sg-name"
+  query_results_encryption_option  = "SSE_KMS"
+  require_encryption_configuration = false
+  result_output_location           = null
+  set_acl_configuration            = false
+  tags                             = {}
+  workgroup_description            = null
+  workgroup_force_destroy          = false
+  workgroup_name                   = "sg-work"
+  workgroup_state                  = "ENABLED"
+}
+

sales-demo-dharani/terraform/modules/aws_athena/aws_athena.tf

@@ -0,0 +1,80 @@
+# named query resource
+resource "aws_athena_named_query" "this" {
+  name        = var.query_name
+  description = var.query_description
+  query       = var.query
+  workgroup   = aws_athena_workgroup.this.id
+  database    = aws_athena_database.this.name
+}
+
+# database resource
+resource "aws_athena_database" "this" {
+  name   = var.database_name
+  bucket = var.bucket_name
+  dynamic "acl_configuration" {
+    for_each = var.set_acl_configuration ? [1] : []
+    content {
+      s3_acl_option = "BUCKET_OWNER_FULL_CONTROL"
+    }
+  }
+
+  dynamic "encryption_configuration" {
+    for_each = var.require_encryption_configuration ? [1] : []
+    content {
+      encryption_option = var.encryption_option
+      kms_key           = var.kms_key
+    }
+  }
+
+  expected_bucket_owner = var.expected_bucket_owner
+  force_destroy         = var.database_force_destroy
+}
+
+resource "aws_kms_key" "aws_athena-result" {
+  deletion_window_in_days = 7
+  description             = "Athena KMS Key"
+}
+
+resource "aws_kms_key" "athena_result_encryption" {
+  count               = var.encrypt_query_results && var.query_results_encryption_option != "SSE_S3" ? 1 : 0
+  description         = "Custom KMS key for Athena query result encryption."
+  enable_key_rotation = true
+}
+
+# workgroup resource
+resource "aws_athena_workgroup" "this" {
+  name          = var.workgroup_name
+  description   = var.workgroup_description
+  state         = var.workgroup_state
+  force_destroy = var.workgroup_force_destroy
+  tags          = var.tags
+
+  configuration {
+    bytes_scanned_cutoff_per_query = var.bytes_scanned_cutoff_per_query
+    engine_version {
+      selected_engine_version = var.athena_engine_version
+    }
+    result_configuration {
+      dynamic "encryption_configuration" {
+        for_each = var.encrypt_query_results ? [1] : []
+        content {
+          encryption_option = var.query_results_encryption_option
+          kms_key_arn       = aws_kms_key.athena_result_encryption[0].arn
+        }
+      }
+      dynamic "acl_configuration" {
+        for_each = var.set_acl_configuration ? [1] : []
+        content {
+          s3_acl_option = "BUCKET_OWNER_FULL_CONTROL"
+        }
+      }
+      output_location = var.result_output_location
+    }
+  }
+}
+
+
+
+
+
+

sales-demo-dharani/terraform/modules/aws_athena/outputs.tf.json

@@ -0,0 +1,19 @@
+{
+  "output": {
+    "arn": {
+      "description": "The value of the wg_arn output",
+      "sensitive": false,
+      "value": "${aws_athena_workgroup.this.arn}"
+    },
+    "database_id": {
+      "description": "The value of the database_id output",
+      "sensitive": false,
+      "value": "${aws_athena_database.this.id}"
+    },
+    "query_id": {
+      "description": "The value of the query_id output",
+      "sensitive": false,
+      "value": "${aws_athena_named_query.this.id}"
+    }
+  }
+}

sales-demo-dharani/terraform/modules/aws_athena/variables.tf.json

@@ -0,0 +1,161 @@
+{
+    "variable": {
+        "athena_engine_version": [
+            {
+                "default": "AUTO",
+                "description": "Requested Athena engine version.",
+                "nullable": false,
+                "type": "string"
+            }
+        ],
+        "bucket_name": [
+            {
+                "description": "Name of S3 bucket to save the results of the query execution.",
+                "nullable": false,
+                "type": "string"
+            }
+        ],
+        "bytes_scanned_cutoff_per_query": [
+            {
+                "default": 10485760,
+                "description": "The upper data usage limit (cutoff) for the amount of bytes a single query in a workgroup is allowed to scan.",
+                "nullable": false,
+                "type": "number"
+            }
+        ],
+        "database_force_destroy": [
+            {
+                "default": false,
+                "description": "Whether to destroy all tables in the database when destroying the database resource.",
+                "nullable": false,
+                "type": "bool"
+            }
+        ],
+        "database_name": [
+            {
+                "description": "Name of the database to create.",
+                "nullable": false,
+                "type": "string"
+            }
+        ],
+        "encrypt_query_results": [
+            {
+                "default": true,
+                "description": "Specifies whether query results must be encrypted, for all queries that run in this workgroup.",
+                "nullable": false,
+                "type": "bool"
+            }
+        ],
+        "encryption_option": [
+            {
+                "default": "SSE_KMS",
+                "description": "Type of key.",
+                "nullable": false,
+                "type": "string"
+            }
+        ],
+        "expected_bucket_owner": [
+            {
+                "description": "AWS account ID that you expect to be the owner of the Amazon S3 bucket.",
+                "nullable": true,
+                "type": "string"
+            }
+        ],
+        "kms_key": [
+            {
+                "description": "The ARN of the KMS key to be used to decrypt the data in S3.",
+                "nullable": true,
+                "type": "string"
+            }
+        ],
+        "query": [
+            {
+                "description": "The query string.",
+                "nullable": false,
+                "type": "string"
+            }
+        ],
+        "query_description": [
+            {
+                "description": "The description for the named query.",
+                "nullable": true,
+                "type": "string"
+            }
+        ],
+        "query_name": [
+            {
+                "description": "The name of the query.",
+                "type": "string"
+            }
+        ],
+        "query_results_encryption_option": [
+            {
+                "default": "SSE_KMS",
+                "description": "Type of encryption.",
+                "nullable": false,
+                "type": "string"
+            }
+        ],
+        "require_encryption_configuration": [
+            {
+                "default": false,
+                "description": "Encryption key block AWS Athena uses to decrypt the data in S3.",
+                "nullable": false,
+                "type": "bool"
+            }
+        ],
+        "result_output_location": [
+            {
+                "description": "The location in Amazon S3 where your query results are stored, such as s3://path/to/query/bucket/.",
+                "nullable": true,
+                "type": "string"
+            }
+        ],
+        "set_acl_configuration": [
+            {
+                "default": false,
+                "description": "Should an Amazon S3 canned ACL be set to control ownership of stored query results.",
+                "nullable": false,
+                "type": "bool"
+            }
+        ],
+        "workgroup_description": [
+            {
+                "description": "The description of the workgroup.",
+                "nullable": true,
+                "type": "string"
+            }
+        ],
+        "workgroup_force_destroy": [
+            {
+                "default": false,
+                "description": "Option to delete the workgroup and its contents even if the workgroup contains any named queries.",
+                "nullable": false,
+                "type": "bool"
+            }
+        ],
+        "workgroup_name": [
+            {
+                "description": "The name of the workgroup.",
+                "nullable": false,
+                "type": "string"
+            }
+        ],
+        "workgroup_state": [
+            {
+                "default": "ENABLED",
+                "description": "The state of the workgroup.",
+                "nullable": false,
+                "type": "string"
+            }
+        ],
+        "tags": [
+            {
+                "default": {},
+                "description": "A map of tags to apply to the resources",
+                "type": "map(string)",
+                "nullable":true
+            }
+        ]
+    }
+}