NRL-1188 athena set up

Author: jackleary

terraform/account-wide-infrastructure/modules/athena/athena.tf

@@ -0,0 +1,32 @@
+resource "aws_athena_database" "reporting-db" {
+  name = var.database
+
+  bucket = aws_s3_bucket.target-data-bucket.bucket
+
+#   encryption_configuration {
+#     encryption_option = var.encryption_option
+#     kms_key           = var.kms_key_arn
+#   }
+
+  force_destroy = true
+}
+
+resource "aws_athena_workgroup" "athena" {
+  name = var.name_prefix
+
+  configuration {
+    enforce_workgroup_configuration    = true
+    publish_cloudwatch_metrics_enabled = true
+
+    result_configuration {
+      output_location = "s3://{aws_s3_bucket.example.bucket}/output/"
+
+      encryption_configuration {
+        encryption_option = "SSE_KMS"
+        kms_key_arn       = var.kms_key_arn
+      }
+    }
+  }
+
+  tags = var.common_tags
+}

terraform/account-wide-infrastructure/modules/athena/outputs.tf

@@ -0,0 +1,11 @@
+output "workgroup" {
+  value = aws_athena_workgroup.athena
+}
+
+output "bucket" {
+  value = aws_s3_bucket.athena
+}
+
+output "database" {
+  value = aws_athena_database.reporting-db
+}

terraform/account-wide-infrastructure/modules/athena/s3.tf

@@ -0,0 +1,15 @@
+resource "aws_s3_bucket" "athena" {
+  bucket = "athena"
+}
+
+
+resource "aws_s3_bucket_server_side_encryption_configuration" "athena" {
+  bucket = aws_s3_bucket.athena.bucket
+  rule {
+    apply_server_side_encryption_by_default {
+      sse_algorithm     = "aws:kms"
+      kms_master_key_id = var.kms_key_arn
+    }
+  }
+
+}

terraform/account-wide-infrastructure/modules/athena/vars.tf

@@ -0,0 +1,9 @@
+variable "database" {
+    description = "What the db will be called"
+    default     = "NRL-Reporting"
+}
+
+variable "name_prefix" {
+  type        = string
+  description = "The prefix to apply to all resources in the module."
+}