feat: initial commit
This commit is contained in:
commit
86981a13e3
GPG key ID:
C6827B976F17240D
6 changed files with 293 additions and 0 deletions
214
main.tf
Normal file
214
main.tf
Normal file
|
|
@ -0,0 +1,214 @@
|
|||
# local development
|
||||
resource "aws_s3_bucket" "strapi_uploads_local" {
|
||||
bucket = "mareshq-strapi-uploads-local"
|
||||
|
||||
tags = {
|
||||
Name = "mareshq-strapi-uploads-local"
|
||||
Environment = "local"
|
||||
ManagedBy = "Terraform"
|
||||
For = "cms.mareshq.com"
|
||||
}
|
||||
}
|
||||
|
||||
resource "aws_s3_bucket_ownership_controls" "strapi_uploads_local" {
|
||||
bucket = aws_s3_bucket.strapi_uploads_local.id
|
||||
|
||||
rule {
|
||||
object_ownership = "BucketOwnerPreferred"
|
||||
}
|
||||
}
|
||||
|
||||
resource "aws_s3_bucket_public_access_block" "strapi_uploads_local" {
|
||||
bucket = aws_s3_bucket.strapi_uploads_local.id
|
||||
|
||||
block_public_acls = false
|
||||
block_public_policy = true
|
||||
ignore_public_acls = false
|
||||
restrict_public_buckets = true
|
||||
}
|
||||
|
||||
resource "aws_s3_bucket_cors_configuration" "strapi_uploads_local" {
|
||||
bucket = aws_s3_bucket.strapi_uploads_local.id
|
||||
|
||||
cors_rule {
|
||||
allowed_headers = ["*"]
|
||||
allowed_methods = ["GET"]
|
||||
allowed_origins = ["*"]
|
||||
expose_headers = []
|
||||
max_age_seconds = 3000
|
||||
}
|
||||
}
|
||||
|
||||
resource "aws_iam_user" "strapi_uploads_local" {
|
||||
name = "mareshq-strapi-uploads-local"
|
||||
|
||||
tags = {
|
||||
Name = "gitlab-backup"
|
||||
Environment = "production"
|
||||
ManagedBy = "Terraform"
|
||||
For = "cms.mareshq.com"
|
||||
}
|
||||
}
|
||||
|
||||
resource "aws_iam_user_policy" "strapi_uploads_local" {
|
||||
name = "mareshq-strapi-uploads-local"
|
||||
user = aws_iam_user.strapi_uploads_local.name
|
||||
|
||||
policy = data.aws_iam_policy_document.strapi_uploads_local.json
|
||||
}
|
||||
|
||||
resource "aws_iam_access_key" "strapi_uploads_local" {
|
||||
user = aws_iam_user.strapi_uploads_local.name
|
||||
}
|
||||
|
||||
output "strapi_uploads_local_credentials" {
|
||||
value = {
|
||||
access_key = aws_iam_access_key.strapi_uploads_local.id
|
||||
secret_key = aws_iam_access_key.strapi_uploads_local.secret
|
||||
}
|
||||
sensitive = true
|
||||
}
|
||||
|
||||
data "aws_iam_policy_document" "strapi_uploads_local" {
|
||||
version = "2012-10-17"
|
||||
|
||||
statement {
|
||||
effect = "Allow"
|
||||
actions = [
|
||||
"s3:AbortMultipartUpload",
|
||||
"s3:GetBucketAcl",
|
||||
"s3:GetBucketLocation",
|
||||
"s3:GetObject",
|
||||
"s3:GetObjectAcl",
|
||||
"s3:ListBucketMultipartUploads",
|
||||
"s3:PutObject",
|
||||
"s3:PutObjectAcl"
|
||||
]
|
||||
resources = ["arn:aws:s3:::mareshq-strapi-uploads-local/*"]
|
||||
}
|
||||
|
||||
statement {
|
||||
effect = "Allow"
|
||||
actions = [
|
||||
"s3:GetBucketLocation",
|
||||
"s3:ListAllMyBuckets"
|
||||
]
|
||||
resources = ["*"]
|
||||
}
|
||||
|
||||
statement {
|
||||
effect = "Allow"
|
||||
actions = [
|
||||
"s3:ListBucket"
|
||||
]
|
||||
resources = ["arn:aws:s3:::mareshq-strapi-uploads-local"]
|
||||
}
|
||||
}
|
||||
|
||||
# live environment
|
||||
|
||||
resource "aws_s3_bucket" "strapi_uploads_live" {
|
||||
bucket = "mareshq-strapi-uploads-live"
|
||||
|
||||
tags = {
|
||||
Name = "mareshq-strapi-uploads-live"
|
||||
Environment = "live"
|
||||
ManagedBy = "Terraform"
|
||||
For = "cms.mareshq.com"
|
||||
}
|
||||
}
|
||||
|
||||
resource "aws_s3_bucket_ownership_controls" "strapi_uploads_live" {
|
||||
bucket = aws_s3_bucket.strapi_uploads_live.id
|
||||
|
||||
rule {
|
||||
object_ownership = "BucketOwnerPreferred"
|
||||
}
|
||||
}
|
||||
|
||||
resource "aws_s3_bucket_public_access_block" "strapi_uploads_live" {
|
||||
bucket = aws_s3_bucket.strapi_uploads_live.id
|
||||
|
||||
block_public_acls = false
|
||||
block_public_policy = true
|
||||
ignore_public_acls = false
|
||||
restrict_public_buckets = true
|
||||
}
|
||||
|
||||
resource "aws_s3_bucket_cors_configuration" "strapi_uploads_live" {
|
||||
bucket = aws_s3_bucket.strapi_uploads_live.id
|
||||
|
||||
cors_rule {
|
||||
allowed_headers = ["*"]
|
||||
allowed_methods = ["GET"]
|
||||
allowed_origins = ["*"]
|
||||
expose_headers = []
|
||||
max_age_seconds = 3000
|
||||
}
|
||||
}
|
||||
|
||||
resource "aws_iam_user" "strapi_uploads_live" {
|
||||
name = "mareshq-strapi-uploads-live"
|
||||
|
||||
tags = {
|
||||
Name = "gitlab-backup"
|
||||
Environment = "production"
|
||||
ManagedBy = "Terraform"
|
||||
For = "cms.mareshq.com"
|
||||
}
|
||||
}
|
||||
|
||||
resource "aws_iam_user_policy" "strapi_uploads_live" {
|
||||
name = "mareshq-strapi-uploads-live"
|
||||
user = aws_iam_user.strapi_uploads_live.name
|
||||
|
||||
policy = data.aws_iam_policy_document.strapi_uploads_live.json
|
||||
}
|
||||
|
||||
resource "aws_iam_access_key" "strapi_uploads_live" {
|
||||
user = aws_iam_user.strapi_uploads_live.name
|
||||
}
|
||||
|
||||
output "strapi_uploads_live_credentials" {
|
||||
value = {
|
||||
access_key = aws_iam_access_key.strapi_uploads_live.id
|
||||
secret_key = aws_iam_access_key.strapi_uploads_live.secret
|
||||
}
|
||||
sensitive = true
|
||||
}
|
||||
|
||||
data "aws_iam_policy_document" "strapi_uploads_live" {
|
||||
version = "2012-10-17"
|
||||
|
||||
statement {
|
||||
effect = "Allow"
|
||||
actions = [
|
||||
"s3:AbortMultipartUpload",
|
||||
"s3:GetBucketAcl",
|
||||
"s3:GetBucketLocation",
|
||||
"s3:GetObject",
|
||||
"s3:GetObjectAcl",
|
||||
"s3:ListBucketMultipartUploads",
|
||||
"s3:PutObject",
|
||||
"s3:PutObjectAcl"
|
||||
]
|
||||
resources = ["arn:aws:s3:::mareshq-strapi-uploads-live/*"]
|
||||
}
|
||||
|
||||
statement {
|
||||
effect = "Allow"
|
||||
actions = [
|
||||
"s3:GetBucketLocation",
|
||||
"s3:ListAllMyBuckets"
|
||||
]
|
||||
resources = ["*"]
|
||||
}
|
||||
|
||||
statement {
|
||||
effect = "Allow"
|
||||
actions = [
|
||||
"s3:ListBucket"
|
||||
]
|
||||
resources = ["arn:aws:s3:::mareshq-strapi-uploads-live"]
|
||||
}
|
||||
}
|
||||
Reference in a new issue