zo/GenderDysphoria.fyi
1
0
Fork 0
mirror of https://github.com/GenderDysphoria/GenderDysphoria.fyi.git synced 2025-01-31 15:26:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
GenderDysphoria.fyi/terraform/src.tf

123 lines
2.4 KiB
Terraform
Raw Normal View History

Adding terraform config This currently just redirects to the old bible, but at least everything is up and running
2020-02-13 09:46:46 -08:00
# -----------------------------------------------------------------------------------------------------------
# IAM User for Uploading
resource "aws_iam_user" "s3" {
name = "${var.site}-s3"
path = "/${var.site}/"
tags = {
Site = var.site
Category = "S3"
}
}
# resource "aws_iam_user_policy" "s3" {
# name = "test"
# user = "${aws_iam_user.s3.name}"
# policy = <<EOF
# {
# "Version": "2012-10-17",
# "Statement": [
# {
# "Effect": "Allow",
# "Action": "s3:*",
# "Resource": "*"
# }
# ]
# }
# EOF
# }
# This writes the s3 access key and secret to the terraform state file
resource "aws_iam_access_key" "s3" {
user = aws_iam_user.s3.name
}
# output s3_access {
# description = "S3 Upload User AccessKey"
# value = "${aws_iam_access_key.s3.id}"
# }
# output s3_secret {
# description = "S3 Upload User Secret"
# value = "${aws_iam_access_key.s3.secret}"
# }
# -----------------------------------------------------------------------------------------------------------
# Site Source Code
resource "aws_s3_bucket" "src" {
bucket = var.domain
acl = "public-read"
website {
index_document = "index.html"
error_document = "404.html"
}
tags = {
Name = "Site Source"
Site = var.site
}
}
resource "aws_s3_bucket_policy" "src" {
bucket = aws_s3_bucket.src.bucket
policy = <<POLICY
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "${aws_iam_user.s3.arn}"
},
"Action": "s3:ListBucket",
"Resource": "${aws_s3_bucket.src.arn}"
},
{
"Effect": "Allow",
"Principal": {
"AWS": "${aws_iam_user.s3.arn}"
},
"Action": [
"s3:PutObject",
"s3:PutObjectAcl",
"s3:GetObject",
"s3:GetObjectAcl",
"s3:DeleteObject",
"s3:ListMultipartUploadParts",
"s3:AbortMultipartUpload"
],
"Resource": "${aws_s3_bucket.src.arn}/*"
},
{
"Sid": "PublicReadGetObject",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "${aws_s3_bucket.src.arn}/*"
}
]
}
POLICY
}
# resource "aws_s3_bucket" "redirect" {
# bucket = "www.${var.domain}"
# acl = "public-read"
# website {
# redirect_all_requests_to = var.domain
# }
# tags = {
# Name = "Redirect"
# Site = var.site
# }
# }
Reference in New Issue Copy Permalink