From 259636b909b3a4e9a1b9076b80978844e8d4e044 Mon Sep 17 00:00:00 2001 From: Erik Stambaugh Date: Fri, 9 Feb 2024 05:30:30 -0800 Subject: [PATCH] How did we not add permissions to the s3 bucket before? --- terraform/s3.tf | 31 ++++++++++++++++++++----------- 1 file changed, 20 insertions(+), 11 deletions(-) diff --git a/terraform/s3.tf b/terraform/s3.tf index 4f72635..dc26a0d 100644 --- a/terraform/s3.tf +++ b/terraform/s3.tf @@ -3,22 +3,11 @@ module "s3_bucket" { source = "terraform-aws-modules/s3-bucket/aws" bucket = "mastodon-${random_pet.name.id}" -# acl = "private" versioning = { enabled = false } -# server_side_encryption_configuration = { -# rule = { -# apply_server_side_encryption_by_default = { -# sse_algorithm = "AES256" -# } -# -# bucket_key_enabled = true -# } -# } - } resource "aws_iam_access_key" "s3" { @@ -30,6 +19,26 @@ resource "aws_iam_user" "s3" { path = "/system/" } +resource "aws_iam_user_policy" "s3" { + name = "${module.s3_bucket.s3_bucket_id}-access" + user = aws_iam_user.s3.name + + policy = data.aws_iam_policy_document.s3.json +} + +data "aws_iam_policy_document" "s3" { + statement { + actions = [ + "s3:*" + ] + resources = [ + module.s3_bucket.s3_bucket_arn, + "${module.s3_bucket.s3_bucket_arn}/*" + ] + } +} + + resource "local_file" "s3_secret" { filename = ".s3_secret" content = "${aws_iam_access_key.s3.secret}\n"