feat: portfolio terraform
This commit is contained in:
59
terraform/main.tf
Normal file
59
terraform/main.tf
Normal file
@@ -0,0 +1,59 @@
|
|||||||
|
# Create the S3 bucket.
|
||||||
|
|
||||||
|
resource "aws_s3_bucket" "portfolio_bucket" {
|
||||||
|
bucket = var.bucket_name
|
||||||
|
|
||||||
|
tags = {
|
||||||
|
Name = "Portfolio Bucket"
|
||||||
|
Environment = "Production"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "aws_s3_bucket_public_access_block" "portfolio_bucket_access" {
|
||||||
|
bucket = aws_s3_bucket.portfolio_bucket.id
|
||||||
|
|
||||||
|
block_public_acls = false
|
||||||
|
block_public_policy = false
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "aws_s3_bucket_versioning" "portfolio_bucket_access_versioning" {
|
||||||
|
bucket = aws_s3_bucket.portfolio_bucket.id
|
||||||
|
|
||||||
|
versioning_configuration {
|
||||||
|
status = "Disabled"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
#------------------------------------------------------------------------------#
|
||||||
|
|
||||||
|
# Give a user access.
|
||||||
|
|
||||||
|
data "aws_iam_policy_document" "portfolio_bucket_policy_doc" {
|
||||||
|
statement {
|
||||||
|
effect = "Allow"
|
||||||
|
actions = ["s3:*", "s3-object-lambda:*"]
|
||||||
|
resources = [
|
||||||
|
"${aws_s3_bucket.portfolio_bucket.arn}/*",
|
||||||
|
"${aws_s3_bucket.portfolio_bucket.arn}"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "aws_iam_policy" "portfolio_bucket_policy" {
|
||||||
|
name = "${var.role_name}Policy"
|
||||||
|
description = "The policy that manages the Portfolio Bucket."
|
||||||
|
policy = data.aws_iam_policy_document.portfolio_bucket_policy_doc.json
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "aws_iam_user" "portfolio_bucket_user" {
|
||||||
|
name = "${var.role_name}User"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "aws_iam_user_policy_attachment" "portfolio_bucket_attachment" {
|
||||||
|
user = aws_iam_user.portfolio_bucket_user.name
|
||||||
|
policy_arn = aws_iam_policy.portfolio_bucket_policy.arn
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "aws_iam_access_key" "portfolio_bucket_key" {
|
||||||
|
user = aws_iam_user.portfolio_bucket_user.name
|
||||||
|
}
|
||||||
16
terraform/outputs.tf
Normal file
16
terraform/outputs.tf
Normal file
@@ -0,0 +1,16 @@
|
|||||||
|
output "access_region" {
|
||||||
|
value = aws_s3_bucket.portfolio_bucket.region
|
||||||
|
description = "This is the region of the bucket."
|
||||||
|
}
|
||||||
|
|
||||||
|
output "access_id" {
|
||||||
|
value = aws_iam_access_key.portfolio_bucket_key.id
|
||||||
|
description = "This is the access ID to modify the bucket."
|
||||||
|
sensitive = true
|
||||||
|
}
|
||||||
|
|
||||||
|
output "access_secret" {
|
||||||
|
value = aws_iam_access_key.portfolio_bucket_key.secret
|
||||||
|
description = "This is the access secret to modify the bucket."
|
||||||
|
sensitive = true
|
||||||
|
}
|
||||||
9
terraform/variables.tf
Normal file
9
terraform/variables.tf
Normal file
@@ -0,0 +1,9 @@
|
|||||||
|
variable "bucket_name" {
|
||||||
|
type = string
|
||||||
|
description = "The name of the bucket to create."
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "role_name" {
|
||||||
|
type = string
|
||||||
|
description = "The base name for the role to modify the bucket."
|
||||||
|
}
|
||||||
Reference in New Issue
Block a user