From d943097c90ddc5b76227fe8e5663765f394ae4e8 Mon Sep 17 00:00:00 2001 From: Nick Dumas Date: Tue, 31 Jan 2023 01:20:19 +0000 Subject: [PATCH] First draft for the blog hosting infra --- tform/blog/main.tf | 40 ++++++++++++++++++++++++++++++++++++++++ tform/blog/output.tf | 8 ++++++++ 2 files changed, 48 insertions(+) create mode 100644 tform/blog/output.tf diff --git a/tform/blog/main.tf b/tform/blog/main.tf index 2abbd0e..ca6d5ea 100644 --- a/tform/blog/main.tf +++ b/tform/blog/main.tf @@ -1,5 +1,6 @@ resource "aws_s3_bucket" "blog" { bucket = "ndumas-blog" + force_destroy = true } @@ -7,3 +8,42 @@ resource "aws_s3_bucket_acl" "example" { bucket = aws_s3_bucket.blog.id acl = "public-read" } + +resource "aws_iam_user" "blog_uploader" { + name = "blog-uploader" +} + +resource "aws_iam_user_policy_attachment" "blog_uploader_policy_attach" { + user = aws_iam_user.blog_uploader.name + policy_arn = aws_iam_policy.blog_bucket_policy.arn +} + +resource "aws_iam_policy" "blog_bucket_policy" { + name = "blog-bucket-policy" + path = "/" + description = "Allow " + + policy = jsonencode({ + "Version" : "2012-10-17", + "Statement" : [ + { + "Sid" : "VisualEditor0", + "Effect" : "Allow", + "Action" : [ + "s3:PutObject", + "s3:GetObject", + "s3:ListBucket", + "s3:DeleteObject" + ], + "Resource" : [ + "arn:aws:s3:::*/*", + "arn:aws:s3:::ndumas-blog" + ] + } + ] + }) +} + +resource "aws_iam_access_key" "blog_upload_key" { + user = aws_iam_user.blog_uploader.name +} diff --git a/tform/blog/output.tf b/tform/blog/output.tf new file mode 100644 index 0000000..4a24bf4 --- /dev/null +++ b/tform/blog/output.tf @@ -0,0 +1,8 @@ +output "id" { + value = aws_iam_access_key.blog_upload_key.id + sensitive = true +} +output "secret" { + sensitive = true + value = aws_iam_access_key.blog_upload_key.secret +}