Merge pull request #580 from bheesham/import-cis-to-terraform

Import CIS to Terraform; fixup incorrectly named indices in staging

Author: bheesham

terraform/infra/dev/dynamo.tf

@@ -0,0 +1,68 @@
+resource "aws_dynamodb_table" "dynamo" {
+  name                        = "${var.environment}-identity-vault"
+  billing_mode                = "PAY_PER_REQUEST"
+  deletion_protection_enabled = false
+  hash_key                    = "id"
+  region                      = "us-west-2"
+  stream_enabled              = true
+  stream_view_type            = "KEYS_ONLY"
+  table_class                 = "STANDARD"
+  attribute {
+    name = "id"
+    type = "S"
+  }
+  attribute {
+    name = "primary_email"
+    type = "S"
+  }
+  attribute {
+    name = "primary_username"
+    type = "S"
+  }
+  attribute {
+    name = "sequence_number"
+    type = "S"
+  }
+  attribute {
+    name = "user_uuid"
+    type = "S"
+  }
+  global_secondary_index {
+    hash_key           = "primary_email"
+    name               = "${var.environment}-identity-vault-primary_email"
+    non_key_attributes = []
+    projection_type    = "ALL"
+    range_key          = "id"
+  }
+  global_secondary_index {
+    hash_key           = "primary_username"
+    name               = "${var.environment}-identity-vault-primary_username"
+    non_key_attributes = []
+    projection_type    = "ALL"
+    range_key          = "id"
+  }
+  global_secondary_index {
+    hash_key           = "sequence_number"
+    name               = "${var.environment}-identity-vault-sequence_number"
+    non_key_attributes = []
+    projection_type    = "ALL"
+    range_key          = null
+  }
+  global_secondary_index {
+    hash_key           = "user_uuid"
+    name               = "${var.environment}-identity-vault-user_uuid"
+    non_key_attributes = []
+    projection_type    = "ALL"
+    range_key          = "id"
+  }
+  point_in_time_recovery {
+    enabled = false
+  }
+  ttl {
+    enabled = false
+  }
+  tags = {
+    application     = "identity-vault"
+    cis_environment = "development"
+  }
+}

terraform/infra/dev/imports.tf

@@ -0,0 +1,4 @@
+import {
+  id = "development-identity-vault"
+  to = aws_dynamodb_table.dynamo
+}

terraform/infra/dev/provider.tf

@@ -26,6 +26,7 @@ provider "aws" {
       Owner          = "IAM"
       Repository     = "github.com/mozilla-iam/cis"
       Environment    = var.environment
+      ManagedBy      = "Terraform"
     }
   }
 }

terraform/infra/prod/.terraform.lock.hcl

@@ -0,0 +1 @@
+environment = "production"

terraform/infra/prod/defaults.auto.tfvars

@@ -0,0 +1,68 @@
+resource "aws_dynamodb_table" "dynamo" {
+  billing_mode                = "PAY_PER_REQUEST"
+  deletion_protection_enabled = false
+  hash_key                    = "id"
+  name                        = "${var.environment}-identity-vault"
+  region                      = "us-west-2"
+  stream_enabled              = true
+  stream_view_type            = "KEYS_ONLY"
+  table_class                 = "STANDARD"
+  attribute {
+    name = "id"
+    type = "S"
+  }
+  attribute {
+    name = "primary_email"
+    type = "S"
+  }
+  attribute {
+    name = "primary_username"
+    type = "S"
+  }
+  attribute {
+    name = "sequence_number"
+    type = "S"
+  }
+  attribute {
+    name = "user_uuid"
+    type = "S"
+  }
+  global_secondary_index {
+    hash_key           = "primary_email"
+    name               = "${var.environment}-identity-vault-primary_email"
+    non_key_attributes = []
+    projection_type    = "ALL"
+    range_key          = "id"
+  }
+  global_secondary_index {
+    hash_key           = "primary_username"
+    name               = "${var.environment}-identity-vault-primary_username"
+    non_key_attributes = []
+    projection_type    = "ALL"
+    range_key          = "id"
+  }
+  global_secondary_index {
+    hash_key           = "sequence_number"
+    name               = "${var.environment}-identity-vault-sequence_number"
+    non_key_attributes = []
+    projection_type    = "ALL"
+  }
+  global_secondary_index {
+    hash_key           = "user_uuid"
+    name               = "${var.environment}-identity-vault-user_uuid"
+    non_key_attributes = []
+    projection_type    = "ALL"
+    range_key          = "id"
+  }
+  point_in_time_recovery {
+    enabled                 = true
+    recovery_period_in_days = 35
+  }
+  ttl {
+    enabled        = false
+  }
+  tags = {
+    application     = "identity-vault"
+    cis_environment = "production"
+  }
+}

terraform/infra/prod/dynamo.tf

@@ -0,0 +1,4 @@
+import {
+  id = "production-identity-vault"
+  to = aws_dynamodb_table.dynamo
+}

terraform/infra/prod/imports.tf

@@ -0,0 +1,32 @@
+# Locked with:
+# terraform providers lock -platform darwin_amd64 -platform darwin_arm64 -platform linux_amd64 -platform linux_arm64
+terraform {
+  required_version = ">= 1.5.0"
+  backend "s3" {
+    # Re-using the one from mozilla-iam/iam-infra, to save having multiple
+    # places to audit.
+    bucket = "eks-terraform-shared-state"
+    key    = "cis/terraform/infra/prod/terraform.tfstate"
+    region = "us-west-2"
+  }
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 6.0"
+    }
+  }
+}
+
+provider "aws" {
+  region = "us-west-2"
+  default_tags {
+    tags = {
+      Component      = "CIS"
+      FunctionalArea = "SSO"
+      Owner          = "IAM"
+      Repository     = "github.com/mozilla-iam/cis"
+      Environment    = var.environment
+      ManagedBy      = "Terraform"
+    }
+  }
+}

terraform/infra/prod/provider.tf

@@ -0,0 +1,3 @@
+variable "environment" {
+  type = string
+}