# Create the S3 bucket.

resource "aws_s3_bucket" "portfolio_bucket" {
  bucket = var.bucket_name

  tags = {
    Name        = "Portfolio Bucket"
    Environment = "Production"
  }
}

resource "aws_s3_bucket_public_access_block" "portfolio_bucket_access" {
  bucket = aws_s3_bucket.portfolio_bucket.id

  block_public_acls   = false
  block_public_policy = false
}

resource "aws_s3_bucket_versioning" "portfolio_bucket_access_versioning" {
  bucket = aws_s3_bucket.portfolio_bucket.id

  versioning_configuration {
    status = "Disabled"
  }
}

#------------------------------------------------------------------------------#

# Give a user access.

data "aws_iam_policy_document" "portfolio_bucket_policy_doc" {
  statement {
    effect  = "Allow"
    actions = ["s3:*", "s3-object-lambda:*"]
    resources = [
      "${aws_s3_bucket.portfolio_bucket.arn}/*",
      "${aws_s3_bucket.portfolio_bucket.arn}"
    ]
  }
}

resource "aws_iam_policy" "portfolio_bucket_policy" {
  name        = "${var.role_name}Policy"
  description = "The policy that manages the Portfolio Bucket."
  policy      = data.aws_iam_policy_document.portfolio_bucket_policy_doc.json
}

resource "aws_iam_user" "portfolio_bucket_user" {
  name = "${var.role_name}User"
}

resource "aws_iam_user_policy_attachment" "portfolio_bucket_attachment" {
  user       = aws_iam_user.portfolio_bucket_user.name
  policy_arn = aws_iam_policy.portfolio_bucket_policy.arn
}

resource "aws_iam_access_key" "portfolio_bucket_key" {
  user = aws_iam_user.portfolio_bucket_user.name
}