masto-aio/terraform/s3-private.tf

37 lines
805 B
HCL

module "private_s3_bucket" {
source = "terraform-aws-modules/s3-bucket/aws"
bucket = "mastodon-private-${random_pet.name.id}"
versioning = {
enabled = false
}
}
data "aws_iam_policy_document" "private_s3" {
statement {
actions = [
"s3:*"
]
resources = [
"${module.private_s3_bucket.s3_bucket_arn}",
"${module.private_s3_bucket.s3_bucket_arn}/*"
]
}
}
resource "aws_iam_policy" "private_s3" {
name = "${module.private_s3_bucket.s3_bucket_id}-access"
policy = data.aws_iam_policy_document.private_s3.json
path = "/"
description = "permissions for mastodon private s3 bucket"
}
resource "aws_iam_role_policy_attachment" "private_s3" {
role = aws_iam_role.social.name
policy_arn = aws_iam_policy.private_s3.arn
}