dap-ps/infra-dapps
1
0
Fork 0
mirror of https://github.com/dap-ps/infra-dapps.git synced 2025-02-23 17:38:13 +00:00
Code Issues Projects Releases Wiki Activity
infra-dapps/modules/aws-s3-bucket/main.tf
Jakub Sokołowski 50a14d330a
apply access policy to user, not bucket 
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2019-08-05 14:00:53 -04:00

45 lines
766 B
HCL
Raw Blame History

resource "aws_iam_user" "main" {
name = var.bucket_name
tags = {
Description = "User for ${var.bucket_name} S3 bucket"
}
}
resource "aws_iam_access_key" "main" {
user = aws_iam_user.main.name
pgp_key = file("files/support@dap.ps.gpg")
}
resource "aws_s3_bucket" "main" {
bucket = var.bucket_name
acl = "private"
tags = {
Name = var.bucket_name
Desc = var.description
}
lifecycle {
prevent_destroy = true
}
}
resource "aws_iam_user_policy" "main" {
name = "${var.bucket_name}-access"
user = "${aws_iam_user.main.name}"
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": ["s3:*"],
"Resource":["arn:aws:s3:::${var.bucket_name}/*"]
}
]
}
EOF
}
Reference in New Issue View Git Blame Copy Permalink