69 lines
1.4 KiB
HCL
69 lines
1.4 KiB
HCL
|
|
resource "aws_s3_bucket" "s3_bucket" {
|
|
bucket = "mastodon-${random_pet.name.id}"
|
|
}
|
|
|
|
resource "aws_s3_bucket_ownership_controls" "s3_bucket" {
|
|
bucket = aws_s3_bucket.s3_bucket.id
|
|
rule {
|
|
object_ownership = "BucketOwnerPreferred"
|
|
}
|
|
}
|
|
|
|
resource "aws_s3_bucket_public_access_block" "s3_bucket" {
|
|
bucket = aws_s3_bucket.s3_bucket.id
|
|
|
|
block_public_acls = false
|
|
block_public_policy = false
|
|
ignore_public_acls = false
|
|
restrict_public_buckets = false
|
|
}
|
|
|
|
resource "aws_s3_bucket_acl" "s3_bucket" {
|
|
depends_on = [
|
|
aws_s3_bucket_public_access_block.s3_bucket,
|
|
aws_s3_bucket_ownership_controls.s3_bucket,
|
|
]
|
|
|
|
bucket = aws_s3_bucket.s3_bucket.id
|
|
acl = "public-read"
|
|
}
|
|
|
|
resource "aws_iam_access_key" "s3" {
|
|
user = aws_iam_user.s3.name
|
|
}
|
|
|
|
resource "aws_iam_user" "s3" {
|
|
name = "mastodon-s3-${random_pet.name.id}"
|
|
path = "/system/"
|
|
}
|
|
|
|
resource "aws_iam_user_policy" "s3" {
|
|
name = "${aws_s3_bucket.s3_bucket.id}-access"
|
|
user = aws_iam_user.s3.name
|
|
|
|
policy = data.aws_iam_policy_document.s3.json
|
|
}
|
|
|
|
data "aws_iam_policy_document" "s3" {
|
|
statement {
|
|
actions = [
|
|
"s3:*"
|
|
]
|
|
resources = [
|
|
"${aws_s3_bucket.s3_bucket.arn}",
|
|
"${aws_s3_bucket.s3_bucket.arn}/*"
|
|
]
|
|
}
|
|
}
|
|
|
|
resource "local_file" "s3_secret" {
|
|
filename = ".s3_secret"
|
|
content = "${aws_iam_access_key.s3.secret}\n"
|
|
}
|
|
|
|
resource "local_file" "s3_id" {
|
|
filename = ".s3_id"
|
|
content = "${aws_iam_access_key.s3.id}\n"
|
|
}
|
|
|