module "s3_bucket" {
  source = "terraform-aws-modules/s3-bucket/aws"

  bucket = "mastodon-${random_pet.name.id}"

  versioning = {
    enabled = false
  }

}

resource "aws_iam_access_key" "s3" {
  user    = aws_iam_user.s3.name
}

resource "aws_iam_user" "s3" {
  name = "mastodon-s3-${random_pet.name.id}"
  path = "/system/"
}

resource "aws_iam_user_policy" "s3" {
  name = "${module.s3_bucket.s3_bucket_id}-access"
  user = aws_iam_user.s3.name

  policy      = data.aws_iam_policy_document.s3.json
}

data "aws_iam_policy_document" "s3" {
  statement {
    actions = [
      "s3:*"
    ]
    resources = [
      "${module.s3_bucket.s3_bucket_arn}",
      "${module.s3_bucket.s3_bucket_arn}/*"
    ]
  }
}

resource "local_file" "s3_secret" {
  filename = ".s3_secret"
  content  = "${aws_iam_access_key.s3.secret}\n"
}

resource "local_file" "s3_id" {
  filename = ".s3_id"
  content  = "${aws_iam_access_key.s3.id}\n"
}