Skip to content

VED-759-Data Quality Reports #885

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Akol125 merged 8 commits into from
Oct 9, 2025
Merged

VED-759-Data Quality Reports #885

Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
01c51fc
create data quality s3 buckets
Akol125 Oct 8, 2025
60db91d
add s3 lifecycle and policies
Akol125 Oct 8, 2025
18f1834
gen validation error
Akol125 Oct 8, 2025
15f2fff
change lifecycle name
Akol125 Oct 8, 2025
cd42ee6
Merge branch 'master' into VED-795-Data-Quality-Report
Akol125 Oct 8, 2025
80c3384
rename bucket
Akol125 Oct 8, 2025
dd696df
Merge remote branch into VED-795-Data-Quality-Report
Akol125 Oct 8, 2025
b84a577
VED-795: Add deny rules for DQ Report
Akol125 Oct 9, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
88 changes: 88 additions & 0 deletions terraform/s3_dq_reports.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,88 @@
# Create s3 Bucket with conditional destroy for pr environments
resource "aws_s3_bucket" "data_quality_reports_bucket" {
bucket = "imms-${local.resource_scope}-data-quality-reports"
force_destroy = local.is_temp

}

# Block public access to the bucket
resource "aws_s3_bucket_public_access_block" "data_quality_reports_bucket_public_access_block" {
bucket = aws_s3_bucket.data_quality_reports_bucket.id

block_public_acls = true
block_public_policy = true
ignore_public_acls = true
restrict_public_buckets = true
}

resource "aws_s3_bucket_lifecycle_configuration" "data_quality_reports" {
bucket = aws_s3_bucket.data_quality_reports_bucket.id

rule {
id = "GenericValidationReports"
status = "Enabled"

filter {
}

expiration {
days = 14
}
}
}


# Add versioning to prevent against accidental deletes
resource "aws_s3_bucket_versioning" "dq_source_versioning" {
bucket = aws_s3_bucket.data_quality_reports_bucket.bucket
versioning_configuration {
status = "Enabled"
}
}


# If used should attach to lambda or any aws service that needs to perform any operation
resource "aws_iam_policy" "s3_dq_access" {
policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Effect = "Allow"
Action = ["s3:PutObject"]
Resource = [
aws_s3_bucket.data_quality_reports_bucket.arn,
"${aws_s3_bucket.data_quality_reports_bucket.arn}/*"
]
}
]
})
}


resource "aws_s3_bucket_policy" "data_quality_bucket_policy" {
bucket = aws_s3_bucket.data_quality_reports_bucket.id

policy = jsonencode({
Version = "2012-10-17"
Id = "data_quality_bucket_policy"
Statement = [
{
Sid = "HTTPSOnly"
Effect = "Deny"
Principal = {
AWS = "*"
}
Action = "s3:*"
Resource = [
aws_s3_bucket.data_quality_reports_bucket.arn,
"${aws_s3_bucket.data_quality_reports_bucket.arn}/*"
]
Condition = {
Bool = {
"aws:SecureTransport" = "false"
}
}
},
]
})
}
Loading