[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
02/02: cdn: Enable locking in the S3 backend.
From: |
Chris Marusich |
Subject: |
02/02: cdn: Enable locking in the S3 backend. |
Date: |
Sat, 29 Dec 2018 22:30:32 -0500 (EST) |
marusich pushed a commit to branch master
in repository maintenance.
commit 75aa4ee1d4e48500a013ec16ac16e8c9e18ca2b6
Author: Chris Marusich <address@hidden>
Date: Sat Dec 29 19:19:29 2018 -0800
cdn: Enable locking in the S3 backend.
* cdn/terraform/main.tf (terraform-locking): New table.
(terraform) <dynamodb_table>: Use it to perform locking.
---
cdn/terraform/main.tf | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/cdn/terraform/main.tf b/cdn/terraform/main.tf
index 8551918..08617bb 100644
--- a/cdn/terraform/main.tf
+++ b/cdn/terraform/main.tf
@@ -7,6 +7,8 @@ terraform {
bucket = "guix-terraform-state"
key = "state"
region = "us-east-1"
+ # Locking will not work if you delete the corresponding table.
+ dynamodb_table = "terraform-locking"
}
}
@@ -439,3 +441,25 @@ resource "aws_cloudwatch_metric_alarm"
"alarm-free-tier-exceeded" {
Currency = "USD"
}
}
+
+# DynamoDB
+
+# DO NOT DELETE THIS TABLE! It contains the Terraform locking state,
+# shared by all Terraform users in the Guix project. In addition, the
+# s3 backend's locking feature will not function without it.
+resource "aws_dynamodb_table" "terraform-locking" {
+ name = "terraform-locking"
+ # This table will not receive a steady, predictable rate of
+ # requests. In addition, the absolute number of requests will be
+ # low. Therefore, pay-per-request will be the most cost-effective.
+ billing_mode = "PAY_PER_REQUEST"
+ hash_key = "LockID"
+ attribute {
+ name = "LockID"
+ type = "S"
+ }
+ # Always encrypt data at rest.
+ server_side_encryption {
+ enabled = true
+ }
+}