First draft for the blog hosting infra

tform/blog/main.tf

@@ -1,5 +1,6 @@
 resource "aws_s3_bucket" "blog" {
 	bucket = "ndumas-blog"
+	force_destroy = true
 }
 
 
@@ -7,3 +8,42 @@ resource "aws_s3_bucket_acl" "example" {
 	bucket = aws_s3_bucket.blog.id
 	acl = "public-read"
 }
+
+resource "aws_iam_user" "blog_uploader" {
+	name = "blog-uploader"
+}
+
+resource "aws_iam_user_policy_attachment" "blog_uploader_policy_attach" {
+	user = aws_iam_user.blog_uploader.name
+	policy_arn = aws_iam_policy.blog_bucket_policy.arn
+}
+
+resource "aws_iam_policy" "blog_bucket_policy" {
+  name        = "blog-bucket-policy"
+  path        = "/"
+  description = "Allow "
+
+  policy = jsonencode({
+    "Version" : "2012-10-17",
+    "Statement" : [
+      {
+        "Sid" : "VisualEditor0",
+        "Effect" : "Allow",
+        "Action" : [
+          "s3:PutObject",
+          "s3:GetObject",
+          "s3:ListBucket",
+          "s3:DeleteObject"
+        ],
+        "Resource" : [
+          "arn:aws:s3:::*/*",
+          "arn:aws:s3:::ndumas-blog"
+        ]
+      }
+    ]
+  })
+}
+
+resource "aws_iam_access_key" "blog_upload_key" {
+	user = aws_iam_user.blog_uploader.name
+}

tform/blog/output.tf

@@ -0,0 +1,8 @@
+output "id" {
+	value = aws_iam_access_key.blog_upload_key.id
+	sensitive = true
+}
+output "secret" {
+	sensitive = true
+	value = aws_iam_access_key.blog_upload_key.secret
+}