How did we not add permissions to the s3 bucket before?

This commit is contained in:
Erik Stambaugh 2024-02-09 05:30:30 -08:00
parent 566b163e79
commit 259636b909

View file

@ -3,22 +3,11 @@ module "s3_bucket" {
source = "terraform-aws-modules/s3-bucket/aws"
bucket = "mastodon-${random_pet.name.id}"
# acl = "private"
versioning = {
enabled = false
}
# server_side_encryption_configuration = {
# rule = {
# apply_server_side_encryption_by_default = {
# sse_algorithm = "AES256"
# }
#
# bucket_key_enabled = true
# }
# }
}
resource "aws_iam_access_key" "s3" {
@ -30,6 +19,26 @@ resource "aws_iam_user" "s3" {
path = "/system/"
}
resource "aws_iam_user_policy" "s3" {
name = "${module.s3_bucket.s3_bucket_id}-access"
user = aws_iam_user.s3.name
policy = data.aws_iam_policy_document.s3.json
}
data "aws_iam_policy_document" "s3" {
statement {
actions = [
"s3:*"
]
resources = [
module.s3_bucket.s3_bucket_arn,
"${module.s3_bucket.s3_bucket_arn}/*"
]
}
}
resource "local_file" "s3_secret" {
filename = ".s3_secret"
content = "${aws_iam_access_key.s3.secret}\n"