216 lines
4.9 KiB
HCL
216 lines
4.9 KiB
HCL
# local development
|
|
resource "aws_s3_bucket" "strapi_uploads_local" {
|
|
bucket = "mareshq-strapi-uploads-local"
|
|
|
|
tags = {
|
|
Name = "mareshq-strapi-uploads-local"
|
|
Environment = "local"
|
|
ManagedBy = "Terraform"
|
|
For = "cms.mareshq.com"
|
|
}
|
|
}
|
|
|
|
resource "aws_s3_bucket_ownership_controls" "strapi_uploads_local" {
|
|
bucket = aws_s3_bucket.strapi_uploads_local.id
|
|
|
|
rule {
|
|
object_ownership = "BucketOwnerPreferred"
|
|
}
|
|
}
|
|
|
|
resource "aws_s3_bucket_public_access_block" "strapi_uploads_local" {
|
|
bucket = aws_s3_bucket.strapi_uploads_local.id
|
|
|
|
block_public_acls = false
|
|
block_public_policy = true
|
|
ignore_public_acls = false
|
|
restrict_public_buckets = true
|
|
}
|
|
|
|
resource "aws_s3_bucket_cors_configuration" "strapi_uploads_local" {
|
|
bucket = aws_s3_bucket.strapi_uploads_local.id
|
|
|
|
cors_rule {
|
|
allowed_headers = ["*"]
|
|
allowed_methods = ["GET"]
|
|
allowed_origins = ["*"]
|
|
expose_headers = []
|
|
max_age_seconds = 3000
|
|
}
|
|
}
|
|
|
|
resource "aws_iam_user" "strapi_uploads_local" {
|
|
name = "mareshq-strapi-uploads-local"
|
|
|
|
tags = {
|
|
Name = "gitlab-backup"
|
|
Environment = "production"
|
|
ManagedBy = "Terraform"
|
|
For = "cms.mareshq.com"
|
|
}
|
|
}
|
|
|
|
resource "aws_iam_user_policy" "strapi_uploads_local" {
|
|
name = "mareshq-strapi-uploads-local"
|
|
user = aws_iam_user.strapi_uploads_local.name
|
|
|
|
policy = data.aws_iam_policy_document.strapi_uploads_local.json
|
|
}
|
|
|
|
resource "aws_iam_access_key" "strapi_uploads_local" {
|
|
user = aws_iam_user.strapi_uploads_local.name
|
|
}
|
|
|
|
output "strapi_uploads_local_credentials" {
|
|
value = {
|
|
access_key = aws_iam_access_key.strapi_uploads_local.id
|
|
secret_key = aws_iam_access_key.strapi_uploads_local.secret
|
|
}
|
|
sensitive = true
|
|
}
|
|
|
|
data "aws_iam_policy_document" "strapi_uploads_local" {
|
|
version = "2012-10-17"
|
|
|
|
statement {
|
|
effect = "Allow"
|
|
actions = [
|
|
"s3:AbortMultipartUpload",
|
|
"s3:GetBucketAcl",
|
|
"s3:GetBucketLocation",
|
|
"s3:GetObject",
|
|
"s3:GetObjectAcl",
|
|
"s3:ListBucketMultipartUploads",
|
|
"s3:PutObject",
|
|
"s3:PutObjectAcl",
|
|
"s3:DeleteObject",
|
|
]
|
|
resources = ["arn:aws:s3:::mareshq-strapi-uploads-local/*"]
|
|
}
|
|
|
|
statement {
|
|
effect = "Allow"
|
|
actions = [
|
|
"s3:GetBucketLocation",
|
|
"s3:ListAllMyBuckets"
|
|
]
|
|
resources = ["*"]
|
|
}
|
|
|
|
statement {
|
|
effect = "Allow"
|
|
actions = [
|
|
"s3:ListBucket"
|
|
]
|
|
resources = ["arn:aws:s3:::mareshq-strapi-uploads-local"]
|
|
}
|
|
}
|
|
|
|
# live environment
|
|
|
|
resource "aws_s3_bucket" "strapi_uploads_live" {
|
|
bucket = "mareshq-strapi-uploads-live"
|
|
|
|
tags = {
|
|
Name = "mareshq-strapi-uploads-live"
|
|
Environment = "live"
|
|
ManagedBy = "Terraform"
|
|
For = "cms.mareshq.com"
|
|
}
|
|
}
|
|
|
|
resource "aws_s3_bucket_ownership_controls" "strapi_uploads_live" {
|
|
bucket = aws_s3_bucket.strapi_uploads_live.id
|
|
|
|
rule {
|
|
object_ownership = "BucketOwnerPreferred"
|
|
}
|
|
}
|
|
|
|
resource "aws_s3_bucket_public_access_block" "strapi_uploads_live" {
|
|
bucket = aws_s3_bucket.strapi_uploads_live.id
|
|
|
|
block_public_acls = false
|
|
block_public_policy = true
|
|
ignore_public_acls = false
|
|
restrict_public_buckets = true
|
|
}
|
|
|
|
resource "aws_s3_bucket_cors_configuration" "strapi_uploads_live" {
|
|
bucket = aws_s3_bucket.strapi_uploads_live.id
|
|
|
|
cors_rule {
|
|
allowed_headers = ["*"]
|
|
allowed_methods = ["GET"]
|
|
allowed_origins = ["*"]
|
|
expose_headers = []
|
|
max_age_seconds = 3000
|
|
}
|
|
}
|
|
|
|
resource "aws_iam_user" "strapi_uploads_live" {
|
|
name = "mareshq-strapi-uploads-live"
|
|
|
|
tags = {
|
|
Name = "gitlab-backup"
|
|
Environment = "production"
|
|
ManagedBy = "Terraform"
|
|
For = "cms.mareshq.com"
|
|
}
|
|
}
|
|
|
|
resource "aws_iam_user_policy" "strapi_uploads_live" {
|
|
name = "mareshq-strapi-uploads-live"
|
|
user = aws_iam_user.strapi_uploads_live.name
|
|
|
|
policy = data.aws_iam_policy_document.strapi_uploads_live.json
|
|
}
|
|
|
|
resource "aws_iam_access_key" "strapi_uploads_live" {
|
|
user = aws_iam_user.strapi_uploads_live.name
|
|
}
|
|
|
|
output "strapi_uploads_live_credentials" {
|
|
value = {
|
|
access_key = aws_iam_access_key.strapi_uploads_live.id
|
|
secret_key = aws_iam_access_key.strapi_uploads_live.secret
|
|
}
|
|
sensitive = true
|
|
}
|
|
|
|
data "aws_iam_policy_document" "strapi_uploads_live" {
|
|
version = "2012-10-17"
|
|
|
|
statement {
|
|
effect = "Allow"
|
|
actions = [
|
|
"s3:AbortMultipartUpload",
|
|
"s3:GetBucketAcl",
|
|
"s3:GetBucketLocation",
|
|
"s3:GetObject",
|
|
"s3:GetObjectAcl",
|
|
"s3:ListBucketMultipartUploads",
|
|
"s3:PutObject",
|
|
"s3:PutObjectAcl",
|
|
"s3:DeleteObject",
|
|
]
|
|
resources = ["arn:aws:s3:::mareshq-strapi-uploads-live/*"]
|
|
}
|
|
|
|
statement {
|
|
effect = "Allow"
|
|
actions = [
|
|
"s3:GetBucketLocation",
|
|
"s3:ListAllMyBuckets"
|
|
]
|
|
resources = ["*"]
|
|
}
|
|
|
|
statement {
|
|
effect = "Allow"
|
|
actions = [
|
|
"s3:ListBucket"
|
|
]
|
|
resources = ["arn:aws:s3:::mareshq-strapi-uploads-live"]
|
|
}
|
|
}
|