How did we not add permissions to the s3 bucket before?

2024-02-09 05:30:30 -08:00 · 2024-02-09 05:30:30 -08:00 · 259636b909
commit 259636b909
parent 566b163e79
1 changed files with 20 additions and 11 deletions
--- a/terraform/s3.tf
+++ b/terraform/s3.tf
@ -3,22 +3,11 @@ module "s3_bucket" {
  source = "terraform-aws-modules/s3-bucket/aws"

  bucket = "mastodon-${random_pet.name.id}"
-#  acl    = "private"

  versioning = {
    enabled = false
  }

-#  server_side_encryption_configuration = {
-#    rule = {
-#      apply_server_side_encryption_by_default = {
-#        sse_algorithm = "AES256"
-#      }
-#
-#      bucket_key_enabled = true
-#    }
-#  }
-
 }

 resource "aws_iam_access_key" "s3" {
@ -30,6 +19,26 @@ resource "aws_iam_user" "s3" {
  path = "/system/"
 }

+resource "aws_iam_user_policy" "s3" {
+  name = "${module.s3_bucket.s3_bucket_id}-access"
+  user = aws_iam_user.s3.name
+
+  policy      = data.aws_iam_policy_document.s3.json
+}
+
+data "aws_iam_policy_document" "s3" {
+  statement {
+    actions = [
+      "s3:*"
+    ]
+    resources = [
+      module.s3_bucket.s3_bucket_arn,
+      "${module.s3_bucket.s3_bucket_arn}/*"
+    ]
+  }
+}
+
+
 resource "local_file" "s3_secret" {
  filename = ".s3_secret"
  content  = "${aws_iam_access_key.s3.secret}\n"