erik/masto-aio
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

How did we not add permissions to the s3 bucket before?

Browse source
This commit is contained in:
Erik Stambaugh 2024-02-09 05:30:30 -08:00
parent 566b163e79
commit 259636b909
1 changed files with 20 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
terraform/s3.tf
View file

@ -3,22 +3,11 @@ module "s3_bucket" {
source = "terraform-aws-modules/s3-bucket/aws" source = "terraform-aws-modules/s3-bucket/aws"
bucket = "mastodon-${random_pet.name.id}" bucket = "mastodon-${random_pet.name.id}"
# acl = "private"
versioning = { versioning = {
enabled = false enabled = false
} }
# server_side_encryption_configuration = {
# rule = {
# apply_server_side_encryption_by_default = {
# sse_algorithm = "AES256"
# }
#
# bucket_key_enabled = true
# }
# }
} }
resource "aws_iam_access_key" "s3" { resource "aws_iam_access_key" "s3" {
@ -30,6 +19,26 @@ resource "aws_iam_user" "s3" {
path = "/system/" path = "/system/"
} }
resource "aws_iam_user_policy" "s3" {
name = "${module.s3_bucket.s3_bucket_id}-access"
user = aws_iam_user.s3.name
policy = data.aws_iam_policy_document.s3.json
}
data "aws_iam_policy_document" "s3" {
statement {
actions = [
"s3:*"
]
resources = [
module.s3_bucket.s3_bucket_arn,
"${module.s3_bucket.s3_bucket_arn}/*"
]
}
}
resource "local_file" "s3_secret" { resource "local_file" "s3_secret" {
filename = ".s3_secret" filename = ".s3_secret"
content = "${aws_iam_access_key.s3.secret}\n" content = "${aws_iam_access_key.s3.secret}\n"