Opinionated S3 bucket module
This commit is contained in:
parent
baf7470cb0
commit
977f402af2
GPG key ID:
DDB392AE64B32D89
5 changed files with 85 additions and 0 deletions
cloud/aws/s3_bucket
4
cloud/aws/s3_bucket/bucket.tf
Normal file
4
cloud/aws/s3_bucket/bucket.tf
Normal file
|
|
@ -0,0 +1,4 @@
|
|||
resource "aws_s3_bucket" "bucket" {
|
||||
bucket_prefix = var.bucket_name_prefix
|
||||
tags = local.tags
|
||||
}
|
||||
29
cloud/aws/s3_bucket/iam.tf
Normal file
29
cloud/aws/s3_bucket/iam.tf
Normal file
|
|
@ -0,0 +1,29 @@
|
|||
resource "aws_iam_user" "db_storage" {
|
||||
for_each = toset(var.users)
|
||||
name = each.value
|
||||
}
|
||||
|
||||
resource "aws_iam_user_policy" "db_storage" {
|
||||
for_each = toset(var.users)
|
||||
name = "s3_policy_${each.value}_to_${aws_s3_bucket.bucket.bucket}"
|
||||
user = aws_iam_user.db_storage[each.key].name
|
||||
policy = jsonencode({
|
||||
Version = "2012-10-17"
|
||||
Statement = [
|
||||
{
|
||||
Action = [
|
||||
"s3:*"
|
||||
]
|
||||
Effect = "Allow"
|
||||
Resource = [
|
||||
aws_s3_bucket.bucket.arn,
|
||||
"${aws_s3_bucket.bucket.arn}/*"
|
||||
]
|
||||
}
|
||||
]
|
||||
})
|
||||
}
|
||||
resource "aws_iam_access_key" "db_storage" {
|
||||
for_each = toset(var.users)
|
||||
user = aws_iam_user.db_storage[each.key].name
|
||||
}
|
||||
20
cloud/aws/s3_bucket/inputs.tf
Normal file
20
cloud/aws/s3_bucket/inputs.tf
Normal file
|
|
@ -0,0 +1,20 @@
|
|||
variable "bucket_name_prefix" {
|
||||
type = string
|
||||
description = "The prefix for the bucket name"
|
||||
}
|
||||
|
||||
variable "tags" {
|
||||
type = map(string)
|
||||
default = {}
|
||||
description = "AWS Resource Tags to apply to this bucket"
|
||||
}
|
||||
locals {
|
||||
tags = merge({
|
||||
|
||||
}, var.tags)
|
||||
}
|
||||
variable "users" {
|
||||
type = list(string)
|
||||
default = []
|
||||
description = "List of users to generate S3 API keys for. Will be used as the IAM name."
|
||||
}
|
||||
14
cloud/aws/s3_bucket/outputs.tf
Normal file
14
cloud/aws/s3_bucket/outputs.tf
Normal file
|
|
@ -0,0 +1,14 @@
|
|||
output "users" {
|
||||
value = {
|
||||
for user in var.users : user => { name = user, access_key = aws_iam_access_key.db_storage[user].id, secret_key = aws_iam_access_key.db_storage[user].secret }
|
||||
}
|
||||
}
|
||||
output "bucket" {
|
||||
value = aws_s3_bucket.bucket.bucket
|
||||
}
|
||||
output "arn" {
|
||||
value = aws_s3_bucket.bucket.arn
|
||||
}
|
||||
output "region" {
|
||||
value = aws_s3_bucket.bucket.region
|
||||
}
|
||||
18
cloud/aws/s3_bucket/terraform.tf
Normal file
18
cloud/aws/s3_bucket/terraform.tf
Normal file
|
|
@ -0,0 +1,18 @@
|
|||
terraform {
|
||||
required_version = "~> 1.6"
|
||||
|
||||
required_providers {
|
||||
aws = {
|
||||
source = "hashicorp/aws"
|
||||
version = "~> 5.0"
|
||||
}
|
||||
null = {
|
||||
source = "hashicorp/null"
|
||||
version = "~> 3.2"
|
||||
}
|
||||
random = {
|
||||
source = "hashicorp/random"
|
||||
version = "3.6.2"
|
||||
}
|
||||
}
|
||||
}
|
||||
Loading…
Reference in a new issue