resource "aws_s3_bucket" "blog" {
	bucket = "ndumas-blog"
	force_destroy = true
}


resource "aws_s3_bucket_acl" "example" {
	bucket = aws_s3_bucket.blog.id
	acl = "public-read"
}

resource "aws_iam_user" "blog_uploader" {
	name = "blog-uploader"
}

resource "aws_iam_user_policy_attachment" "blog_uploader_policy_attach" {
	user = aws_iam_user.blog_uploader.name
	policy_arn = aws_iam_policy.blog_bucket_policy.arn
}

resource "aws_iam_policy" "blog_bucket_policy" {
  name        = "blog-bucket-policy"
  path        = "/"
  description = "Allow "

  policy = jsonencode({
    "Version" : "2012-10-17",
    "Statement" : [
      {
        "Sid" : "VisualEditor0",
        "Effect" : "Allow",
        "Action" : [
          "s3:PutObject",
          "s3:GetObject",
          "s3:ListBucket",
          "s3:DeleteObject"
        ],
        "Resource" : [
          "arn:aws:s3:::*/*",
          "arn:aws:s3:::ndumas-blog"
        ]
      }
    ]
  })
}

resource "aws_iam_access_key" "blog_upload_key" {
	user = aws_iam_user.blog_uploader.name
}