To complete my setup, once I deployed all my virtual machines in the previous articles, I also need a S3 bucket to be later used in Veeam as an object storage. And obviously, I can also automated this part.
For this project, I will use AWS S3. In AWS I need a user that can create and manage the buckets. Keep in mind to select Programmatic access in Access type to get Access Key ID and Secret Key:
then, we grab its access key, and we use them in our Terraform project. In the Terraform project folder, I create the file variables.tf:
variable "aws_access_key" { default = "XXXXXXXXXXXXXX" } variable "aws_secret_key" { default = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" } variable "region" { default = "eu-south-1" } variable "bucket_name" { default = "veeam-iac-demo" }
and I edit the default values with my own data. Then, I define the project in the usual file main.tf:
# 1. we load the AWS provider, and define the variables for region and access credentials provider "aws" { access_key = "${var.aws_access_key}" secret_key = "${var.aws_secret_key}" region = "${var.region}" } # 2. we create the new S3 bucket resource "aws_s3_bucket" "veeam-iac-demo" { bucket = "${var.bucket_name}" object_lock_enabled = true } # 3. we define the ownership of the bucket resource "aws_s3_bucket_ownership_controls" "veeam-iac-demo" { bucket = aws_s3_bucket.veeam-iac-demo.id rule { object_ownership = "BucketOwnerPreferred" } } # 4. we set the ACL for the bucket to be private resource "aws_s3_bucket_acl" "veeam-iac-demo" { depends_on = [aws_s3_bucket_ownership_controls.veeam-iac-demo] bucket = aws_s3_bucket.veeam-iac-demo.id acl = "private" } # 5. we configure Object Lock for the bucket resource "aws_s3_bucket_object_lock_configuration" "veeam-iac-demo" { bucket = aws_s3_bucket.veeam-iac-demo.id rule { default_retention { mode = "COMPLIANCE" days = 5 } } }
The file has five steps, described directly in the comments.
Then, as always, I initialize Terraform, that will read the information about the needed provider and prepare Terraform.
and, if all is fine, I execute it with terraform apply
If I go into my AWS console I can see my new bucket up and ready!
Scrolling down in the properties, I can check that Object Lock is enabled with the parameters I’ve defined.