AWSTemplateFormatVersion: 2010-09-09
Description: Terraform backend - versioned, encrypted state storage and locking table
Resources:
  TerraformStateBucket:
    Type: AWS::S3::Bucket
    Properties:
      AccessControl: Private
      BucketEncryption:
        ServerSideEncryptionConfiguration:
        - ServerSideEncryptionByDefault:
            SSEAlgorithm: AES256
      BucketName: !Ref AWS::StackName
      VersioningConfiguration:
        Status: Enabled
  TerraformStateTable:
    Type: AWS::DynamoDB::Table
    Properties:
      AttributeDefinitions:
        - AttributeName: LockID
          AttributeType: S
      KeySchema:
        - AttributeName: LockID
          KeyType: HASH
      ProvisionedThroughput:
        ReadCapacityUnits: 5
        WriteCapacityUnits: 5
      TableName: !Ref AWS::StackName
Outputs:
  TerraformStateBucketOutput:
    Description: Bucket used to store Terraform remote state file
    Value: !Ref TerraformStateBucket
  TerraformStateTableOutput:
    Description: DynamoDB table used for Terraform state locking functionality
    Value: !Ref TerraformStateTable