Getting a UAT site up

2025-01-31 07:16:17 +00:00 · 2020-02-20 14:37:32 -08:00 · 2020-02-20 14:37:32 -08:00 · 0a6bdb2544
commit 0a6bdb2544
parent 6a5d1569eb
1 changed files with 93 additions and 27 deletions
--- a/terraform/src.tf
+++ b/terraform/src.tf
@ -13,23 +13,32 @@ resource "aws_iam_user" "s3" {
  }
 }
-# resource "aws_iam_user_policy" "s3" {
+resource "aws_iam_user_policy" "s3" {
-#   name = "test"
+  name = "test"
-#   user = "${aws_iam_user.s3.name}"
+  user = aws_iam_user.s3.name
-#   policy = <<EOF
+  policy = <<EOF
-# {
+{
-#   "Version": "2012-10-17",
+  "Version": "2012-10-17",
-#   "Statement": [
+  "Statement": [
-#     {
+    {
-#       "Effect": "Allow",
+      "Effect": "Allow",
-#       "Action": "s3:*",
+      "Action": [
-#       "Resource": "*"
+        "cloudfront:CreateInvalidation",
-#     }
+        "cloudfront:GetInvalidation",
-#   ]
+        "s3:PutAccountPublicAccessBlock",
-# }
+        "s3:GetAccountPublicAccessBlock",
-# EOF
+        "s3:ListAllMyBuckets",
-# }
+        "s3:HeadBucket"
      ],
      "Resource": [
        "${aws_cloudfront_distribution.site.arn}"
      ]
    }
  ]
 }
 EOF
 }
 # This writes the s3 access key and secret to the terraform state file
 resource "aws_iam_access_key" "s3" {
@ -64,6 +73,21 @@ resource "aws_s3_bucket" "src" {
  }
 }
 resource "aws_s3_bucket" "uat" {
  bucket = "uat.${var.domain}"
  acl    = "public-read"
  website {
    index_document = "index.html"
    error_document = "404.html"
  }
  tags = {
    Name = "Site Source UAT"
    Site = var.site
  }
 }
 resource "aws_s3_bucket_policy" "src" {
  bucket = aws_s3_bucket.src.bucket
@ -107,16 +131,58 @@ resource "aws_s3_bucket_policy" "src" {
 POLICY
 }
 # resource "aws_s3_bucket" "redirect" {
 #   bucket = "www.${var.domain}"
 #   acl    = "public-read"
-#   website {
+resource "aws_s3_bucket_policy" "uat" {
-#     redirect_all_requests_to = var.domain
+  bucket = aws_s3_bucket.uat.bucket
-#   }
+  policy = <<POLICY
 {
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "${aws_iam_user.s3.arn}"
      },
      "Action": "s3:ListBucket",
      "Resource": "${aws_s3_bucket.uat.arn}"
    },
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "${aws_iam_user.s3.arn}"
      },
      "Action": [
        "s3:PutObject",
        "s3:PutObjectAcl",
        "s3:GetObject",
        "s3:GetObjectAcl",
        "s3:DeleteObject",
        "s3:ListMultipartUploadParts",
        "s3:AbortMultipartUpload"
      ],
      "Resource": "${aws_s3_bucket.uat.arn}/*"
    },
    {
      "Sid": "PublicReadGetObject",
      "Effect": "Allow",
      "Principal": "*",
      "Action": "s3:GetObject",
      "Resource": "${aws_s3_bucket.uat.arn}/*"
    }
  ]
 }
 POLICY
 }
 resource "aws_route53_record" "uat" {
  name    = "uat.${var.domain}"
  zone_id = aws_route53_zone.zone.zone_id
  type    = "A"
  alias {
    name                   = aws_s3_bucket.uat.website_domain
    zone_id                = aws_s3_bucket.uat.hosted_zone_id
    evaluate_target_health = false
  }
 }
 #   tags = {
 #     Name = "Redirect"
 #     Site = var.site
 #   }
 # }