From 454bd71b6a28731d9b5baf93cb2c01f8d6d5cca9 Mon Sep 17 00:00:00 2001 From: Abby Ng Date: Wed, 6 Mar 2024 13:05:50 +0800 Subject: [PATCH] configurable vault s3 bucket versioning --- modules/core/variables.tf | 5 +++++ modules/core/vault.tf | 10 ++++++---- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/modules/core/variables.tf b/modules/core/variables.tf index 386e3037..93341713 100644 --- a/modules/core/variables.tf +++ b/modules/core/variables.tf @@ -400,6 +400,11 @@ variable "vault_s3_bucket_name" { default = "" } +variable "vault_enable_s3_bucket_versioning" { + description = "Whether to enable bucket versioning for the S3 bucket for Vault." + default = false +} + variable "vault_enable_auto_unseal" { description = "Enable auto unseal of the Vault cluster" default = false diff --git a/modules/core/vault.tf b/modules/core/vault.tf index 55da387d..4386234f 100644 --- a/modules/core/vault.tf +++ b/modules/core/vault.tf @@ -44,8 +44,9 @@ module "vault" { allowed_ssh_cidr_blocks = concat([data.aws_vpc.this.cidr_block], var.allowed_ssh_cidr_blocks) associate_public_ip_address = var.associate_public_ip_address - enable_s3_backend = var.vault_enable_s3_backend - s3_bucket_name = var.vault_s3_bucket_name + enable_s3_backend = var.vault_enable_s3_backend + s3_bucket_name = var.vault_s3_bucket_name + enable_s3_bucket_versioning = var.vault_enable_s3_bucket_versioning enable_auto_unseal = var.vault_enable_auto_unseal auto_unseal_kms_key_arn = var.vault_auto_unseal_kms_key_arn @@ -91,8 +92,9 @@ data "template_file" "user_data_vault_cluster" { kms_aes_root = "/opt/aes-kms" # S3 Variables - enable_s3_backend = var.vault_enable_s3_backend ? "true" : "false" - s3_bucket_name = var.vault_s3_bucket_name + enable_s3_backend = var.vault_enable_s3_backend ? "true" : "false" + s3_bucket_name = var.vault_s3_bucket_name + enable_s3_bucket_versioning = var.vault_enable_s3_bucket_versioning consul_prefix = var.integration_consul_prefix