Skip to content
This repository has been archived by the owner on Jan 25, 2023. It is now read-only.

When using S3 bucket for vault backend, can we destroy this module without destroying the bucket? #236

Open
queglay opened this issue Mar 30, 2021 · 1 comment

Comments

@queglay
Copy link
Contributor

queglay commented Mar 30, 2021

In using the S3 backend option, I found that it was problematic to create the S3 bucket as part of this module.

Once using a backend like S3, it becomes possible to destroy and deploy vault on a daily basis, but I don't want to destroy the bucket. Would you accept a PR to use an existing bucket instead of creating one as the default workflow?

I'm suggesting it as a default just because I think it defeats the purpose of using the S3 backend and putting it in this module, since a terraform destroy on this module would be just like having no S3 backend at all.

Alternatively if this current implementation does have value the way it is for reasons I haven't considered... then could we use an optional var like 'use_existing_bucket=true' to utilise a data module to aquire an existing bucket instead of creating one?

@queglay queglay changed the title When using S3 bucket for vault backend, can we destroy vault without destroying the bucket? When using S3 bucket for vault backend, can we destroy this module without destroying the bucket? Mar 30, 2021
@brikis98
Copy link
Collaborator

brikis98 commented Apr 1, 2021

Running destroy on a Vault cluster on a regular basis is not a normal use case, so I think the default as-is works fine. That said, a PR to allow providing an external S3 bucket is a reasonable alternative use case, and a PR to add that is welcome!

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

2 participants