38 lines
805 B
Terraform
38 lines
805 B
Terraform
|
|
||
|
module "private_s3_bucket" {
|
||
|
source = "terraform-aws-modules/s3-bucket/aws"
|
||
|
|
||
|
bucket = "mastodon-private-${random_pet.name.id}"
|
||
|
|
||
|
versioning = {
|
||
|
enabled = false
|
||
|
}
|
||
|
|
||
|
}
|
||
|
|
||
|
data "aws_iam_policy_document" "private_s3" {
|
||
|
statement {
|
||
|
actions = [
|
||
|
"s3:*"
|
||
|
]
|
||
|
resources = [
|
||
|
"${module.private_s3_bucket.s3_bucket_arn}",
|
||
|
"${module.private_s3_bucket.s3_bucket_arn}/*"
|
||
|
]
|
||
|
}
|
||
|
}
|
||
|
|
||
|
resource "aws_iam_policy" "private_s3" {
|
||
|
name = "${module.private_s3_bucket.s3_bucket_id}-access"
|
||
|
policy = data.aws_iam_policy_document.private_s3.json
|
||
|
path = "/"
|
||
|
description = "permissions for mastodon private s3 bucket"
|
||
|
}
|
||
|
|
||
|
resource "aws_iam_role_policy_attachment" "private_s3" {
|
||
|
role = aws_iam_role.social.name
|
||
|
policy_arn = aws_iam_policy.private_s3.arn
|
||
|
}
|
||
|
|
||
|
|