CMSgov · juliareynolds-nava · Apr 17, 2025 · Apr 10, 2025 · Apr 14, 2025 · Apr 14, 2025
@@ -1 +1 @@
-1.5.5
+1.10.5
@@ -0,0 +1,2 @@
+bucket       = "ab2d-dev-tfstate-20250409213758051700000001"
+use_lockfile = true
@@ -0,0 +1,2 @@
+bucket       = "ab2d-prod-tfstate-20250411202936776600000001"
+use_lockfile = true
@@ -0,0 +1,2 @@
+bucket       = "ab2d-sandbox-tfstate-20250416200059224300000001"
+use_lockfile = true
@@ -0,0 +1,2 @@
+bucket       = "ab2d-test-tfstate-20250410134820763500000001"
+use_lockfile = true
@@ -0,0 +1,2 @@
+bucket       = "bcda-dev-tfstate-20250409202710600700000001"
+use_lockfile = true
@@ -0,0 +1,2 @@
+bucket       = "bcda-prod-tfstate-20250411203841436200000001"
+use_lockfile = true
@@ -0,0 +1,2 @@
+bucket       = "bcda-sandbox-tfstate-20250416201512973800000001"
+use_lockfile = true
@@ -0,0 +1,2 @@
+bucket       = "bcda-test-tfstate-20250409171646342600000001"
+use_lockfile = true
@@ -0,0 +1,2 @@
+bucket       = "cdap-mgmt-tfstate-20250416203557378600000001"
+use_lockfile = true
@@ -0,0 +1,2 @@
+bucket       = "dpc-dev-tfstate-20250409165915907400000001"
+use_lockfile = true
@@ -0,0 +1,2 @@
+bucket       = "dpc-prod-tfstate-20250411204900543700000001"
+use_lockfile = true
@@ -0,0 +1,2 @@
+bucket       = "dpc-sandbox-tfstate-20250416202240532700000001"
+use_lockfile = true
@@ -0,0 +1,2 @@
+bucket       = "dpc-test-tfstate-20250410145524530000000001"
+use_lockfile = true
@@ -9,7 +9,7 @@ module "bucket_key" {
 
 resource "aws_s3_bucket" "this" {
   bucket        = var.legacy == true ? var.name : null
-  bucket_prefix = var.legacy == false ? var.name : null
+  bucket_prefix = var.legacy == false ? "${var.name}-" : null
   force_destroy = true
 }
 
@@ -88,12 +88,18 @@ resource "aws_s3_bucket_server_side_encryption_configuration" "this" {
     }
   }
 }
+
+data "aws_iam_account_alias" "current" {}
+
 data "aws_s3_bucket" "bucket_access_logs" {
-  bucket = "${data.aws_caller_identity.current.account_id}-bucket-access-logs"
+  bucket = (var.legacy == true ? "${data.aws_caller_identity.current.account_id}-bucket-access-logs" :
+    data.aws_iam_account_alias.current.account_alias == "aws-cms-oeda-bcda-prod" ? "bucket-access-logs-20250411172631068600000001" :
+      "bucket-access-logs-20250409172631068600000001")
 }
+
 resource "aws_s3_bucket_logging" "this" {
-  bucket = aws_s3_bucket.this.id
+  bucket = aws_s3_bucket.this.bucket
 
-  target_bucket = data.aws_s3_bucket.bucket_access_logs.id
+  target_bucket = data.aws_s3_bucket.bucket_access_logs.bucket
   target_prefix = "${var.name}/"
 }
@@ -4,5 +4,4 @@ terraform {
       source = "hashicorp/aws"
     }
   }
-  required_version = "~> 1.5.5"
 }
@@ -5,5 +5,4 @@ terraform {
       version = "~> 5.8.0"
     }
   }
-  required_version = "~> 1.5.5"
 }
@@ -5,5 +5,4 @@ terraform {
       version = "~> 5.8.0"
     }
   }
-  required_version = "~> 1.5.5"
 }
@@ -1,7 +1,8 @@
 data "aws_caller_identity" "current" {}
 
 resource "aws_s3_bucket" "bucket_access_logs" {
-  bucket        = "${data.aws_caller_identity.current.account_id}-bucket-access-logs"
+  bucket        = var.legacy == true ? "${data.aws_caller_identity.current.account_id}-bucket-access-logs" : null
+  bucket_prefix = var.legacy == false ? "bucket-access-logs-" : null
   force_destroy = true
 }
 

@@ -0,0 +1,5 @@
+variable "legacy" {
+  description = "Is this deployment in the greenfield environment (false)?"
+  type        = bool
+  default     = true
+}
@@ -13,5 +13,4 @@ terraform {
   backend "s3" {
     key = "github-actions/terraform.tfstate"
   }
-  required_version = "~> 1.5.5"
 }
@@ -1,6 +1,6 @@
 # Terraform for initializing tfstate resources
 
-This terraform creates the S3 buckets and DynamoDB table for storing terraform state in AWS.
+This terraform creates the S3 buckets for storing terraform state in AWS.
 
 To create the resources with the first run of `terraform init`, comment out the backend block in terraform.tf. This will create a local terraform.tfstate file.
 

@@ -11,4 +11,5 @@ module "tfstate_bucket" {
 module "tfstate_table" {
   source = "../../modules/table"
   name   = local.name
+  count  = var.legacy == true ? 1 : 0
 }
diff --git a/terraform/services/tfstate/terraform.tf b/terraform/services/tfstate/terraform.tf
@@ -9,7 +9,7 @@ provider "aws" {
 }
 
 terraform {
-  # Comment out backend block and init without -backend-config for initial creation of resources
+  # # Comment out backend block and init without -backend-config for initial creation of resources
-  # # Comment out backend block and init without -backend-config for initial creation of resources
+  # Comment out backend block and init without -backend-config for initial creation of resources
-  # # Comment out backend block and init without -backend-config for initial creation of resources
+  # Comment out backend block and init without -backend-config for initial creation of resources
   backend "s3" {
     key = "tfstate/terraform.tfstate"
   }

@@ -1,18 +1,18 @@
 variable "app" {
-  description = "The application name (ab2d, bcda, dpc)"
+  description = "The application name (ab2d, bcda, dpc, cdap)"
   type        = string
   validation {
-    condition     = contains(["ab2d", "bcda", "dpc"], var.app)
-    error_message = "Valid value for app is ab2d, bcda, or dpc."
+    condition     = contains(["ab2d", "bcda", "dpc", "cdap"], var.app)
+    error_message = "Valid value for app is ab2d, bcda, dpc, or cdap."
   }
 }
 
 variable "env" {
-  description = "The application environment (dev, test, sbx, prod, mgmt)"
+  description = "The application environment (dev, test, sbx, sandbox, prod, mgmt)"
   type        = string
   validation {
-    condition     = contains(["dev", "test", "sbx", "prod", "mgmt"], var.env)
-    error_message = "Valid value for env is dev, test, sbx, prod, or mgmt."
+    condition     = contains(["dev", "test", "sbx", "sandbox", "prod", "mgmt"], var.env)
+    error_message = "Valid value for env is dev, test, sbx, sandbox, mgmt, or prod."
   }
 }
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		bucket = "ab2d-dev-tfstate-20250409213758051700000001"
		use_lockfile = true
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		bucket = "ab2d-prod-tfstate-20250411202936776600000001"
		use_lockfile = true
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		bucket = "ab2d-sandbox-tfstate-20250416200059224300000001"
		use_lockfile = true
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		bucket = "ab2d-test-tfstate-20250410134820763500000001"
		use_lockfile = true
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		bucket = "bcda-dev-tfstate-20250409202710600700000001"
		use_lockfile = true
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		bucket = "bcda-prod-tfstate-20250411203841436200000001"
		use_lockfile = true
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		bucket = "bcda-sandbox-tfstate-20250416201512973800000001"
		use_lockfile = true
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		bucket = "bcda-test-tfstate-20250409171646342600000001"
		use_lockfile = true
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		bucket = "cdap-mgmt-tfstate-20250416203557378600000001"
		use_lockfile = true
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		bucket = "dpc-dev-tfstate-20250409165915907400000001"
		use_lockfile = true