50 lines
931 B
HCL
50 lines
931 B
HCL
|
|
module "s3_bucket" {
|
|
source = "terraform-aws-modules/s3-bucket/aws"
|
|
|
|
bucket = "mastodon-${random_pet.name.id}"
|
|
|
|
versioning = {
|
|
enabled = false
|
|
}
|
|
|
|
}
|
|
|
|
resource "aws_iam_access_key" "s3" {
|
|
user = aws_iam_user.s3.name
|
|
}
|
|
|
|
resource "aws_iam_user" "s3" {
|
|
name = "mastodon-s3-${random_pet.name.id}"
|
|
path = "/system/"
|
|
}
|
|
|
|
resource "aws_iam_user_policy" "s3" {
|
|
name = "${module.s3_bucket.s3_bucket_id}-access"
|
|
user = aws_iam_user.s3.name
|
|
|
|
policy = data.aws_iam_policy_document.s3.json
|
|
}
|
|
|
|
data "aws_iam_policy_document" "s3" {
|
|
statement {
|
|
actions = [
|
|
"s3:*"
|
|
]
|
|
resources = [
|
|
"${module.s3_bucket.s3_bucket_arn}",
|
|
"${module.s3_bucket.s3_bucket_arn}/*"
|
|
]
|
|
}
|
|
}
|
|
|
|
resource "local_file" "s3_secret" {
|
|
filename = ".s3_secret"
|
|
content = "${aws_iam_access_key.s3.secret}\n"
|
|
}
|
|
|
|
resource "local_file" "s3_id" {
|
|
filename = ".s3_id"
|
|
content = "${aws_iam_access_key.s3.id}\n"
|
|
}
|
|
|