Skip to content

Commit

Permalink
Feature/loki s3 resources (#6)
Browse files Browse the repository at this point in the history 
* feat: loki s3 buckets, user, and policy

---------

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
  • Loading branch information
@fernandoataoldotcom @github-actions
fernandoataoldotcom and github-actions[bot] authored Mar 4, 2023
1 parent 1a7d3df commit f08b2fd
Show file tree
Hide file tree
Showing 7 changed files with 86 additions and 28 deletions.
6 changes: 6 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,21 +24,26 @@ This terraform module creates a "parent" zone and multiple subdomain zones under
| Name | Source | Version |
|------|--------|---------|
| <a name="module_common_s3"></a> [common\_s3](#module\_common\_s3) | ./modules/multy-s3-bucket/0.1.0 | n/a |
| <a name="module_loki_s3"></a> [loki\_s3](#module\_loki\_s3) | ./modules/multy-s3-bucket/0.1.0 | n/a |

## Resources

| Name | Type |
|------|------|
| [aws_iam_access_key.certmanager](https://registry.terraform.io/providers/hashicorp/aws/4.55.0/docs/resources/iam_access_key) | resource |
| [aws_iam_access_key.externaldns](https://registry.terraform.io/providers/hashicorp/aws/4.55.0/docs/resources/iam_access_key) | resource |
| [aws_iam_access_key.loki_s3](https://registry.terraform.io/providers/hashicorp/aws/4.55.0/docs/resources/iam_access_key) | resource |
| [aws_iam_access_key.vault_s3](https://registry.terraform.io/providers/hashicorp/aws/4.55.0/docs/resources/iam_access_key) | resource |
| [aws_iam_policy.loki_s3](https://registry.terraform.io/providers/hashicorp/aws/4.55.0/docs/resources/iam_policy) | resource |
| [aws_iam_policy.route53](https://registry.terraform.io/providers/hashicorp/aws/4.55.0/docs/resources/iam_policy) | resource |
| [aws_iam_policy.vault_s3_backup](https://registry.terraform.io/providers/hashicorp/aws/4.55.0/docs/resources/iam_policy) | resource |
| [aws_iam_user.certmanager](https://registry.terraform.io/providers/hashicorp/aws/4.55.0/docs/resources/iam_user) | resource |
| [aws_iam_user.externaldns](https://registry.terraform.io/providers/hashicorp/aws/4.55.0/docs/resources/iam_user) | resource |
| [aws_iam_user.loki_s3](https://registry.terraform.io/providers/hashicorp/aws/4.55.0/docs/resources/iam_user) | resource |
| [aws_iam_user.vault_s3](https://registry.terraform.io/providers/hashicorp/aws/4.55.0/docs/resources/iam_user) | resource |
| [aws_iam_user_policy_attachment.certmanager](https://registry.terraform.io/providers/hashicorp/aws/4.55.0/docs/resources/iam_user_policy_attachment) | resource |
| [aws_iam_user_policy_attachment.externaldns](https://registry.terraform.io/providers/hashicorp/aws/4.55.0/docs/resources/iam_user_policy_attachment) | resource |
| [aws_iam_user_policy_attachment.loki_s3](https://registry.terraform.io/providers/hashicorp/aws/4.55.0/docs/resources/iam_user_policy_attachment) | resource |
| [aws_iam_user_policy_attachment.vault_s3](https://registry.terraform.io/providers/hashicorp/aws/4.55.0/docs/resources/iam_user_policy_attachment) | resource |
| [aws_route53_record.cluster_subdomain_ns_records](https://registry.terraform.io/providers/hashicorp/aws/4.55.0/docs/resources/route53_record) | resource |
| [aws_route53_record.wildcard_for_apps](https://registry.terraform.io/providers/hashicorp/aws/4.55.0/docs/resources/route53_record) | resource |
Expand Down Expand Up @@ -68,5 +73,6 @@ This terraform module creates a "parent" zone and multiple subdomain zones under
|------|-------------|
| <a name="output_certmanager_iam_credentials"></a> [certmanager\_iam\_credentials](#output\_certmanager\_iam\_credentials) | n/a |
| <a name="output_externaldns_iam_credentials"></a> [externaldns\_iam\_credentials](#output\_externaldns\_iam\_credentials) | n/a |
| <a name="output_loki_s3_iam_credentials"></a> [loki\_s3\_iam\_credentials](#output\_loki\_s3\_iam\_credentials) | n/a |
| <a name="output_vault_s3_iam_credentials"></a> [vault\_s3\_iam\_credentials](#output\_vault\_s3\_iam\_credentials) | n/a |
<!-- END_TF_DOCS -->
25 changes: 25 additions & 0 deletions iam-policy-loki-s3.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
resource "aws_iam_policy" "loki_s3" {
provider = aws.clientaccount
for_each = module.loki_s3
name = "loki-s3-${aws_route53_zone.clusters[each.key].name}"
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:ListBucket",
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Effect": "Allow",
"Resource": [
"${module.loki_s3[each.key].primary_s3_bucket_arn}",
"${module.loki_s3[each.key].replica_s3_bucket_arn}/*"
]
}
]
}
EOF
}
22 changes: 22 additions & 0 deletions iam-user-loki-s3.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
resource "aws_iam_user" "loki_s3" {
provider = aws.clientaccount
for_each = aws_route53_zone.clusters
name = "loki-s3-${aws_route53_zone.clusters[each.key].name}"
}

resource "aws_iam_user_policy_attachment" "loki_s3" {
provider = aws.clientaccount
for_each = aws_iam_user.loki_s3
user = each.value.name
policy_arn = aws_iam_policy.loki_s3[each.key].arn
}

resource "aws_iam_access_key" "loki_s3" {
for_each = aws_iam_user.loki_s3
provider = aws.clientaccount
user = each.value.name
}

output "loki_s3_iam_credentials" {
value = { for user, keys in aws_iam_access_key.loki_s3 : user => keys }
}
23 changes: 5 additions & 18 deletions modules/multy-s3-bucket/0.1.0/providers.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,24 +3,11 @@ terraform {
aws = {
source = "hashicorp/aws"
version = "4.55.0"
}
}
}


provider "aws" {
alias = "primaryregion"
region = var.primary_region
assume_role {
role_arn = "arn:aws:iam::${var.company_account_id}:role/OrganizationAccountAccessRole"
}
}

provider "aws" {
alias = "replicaregion"
region = var.backup_region
assume_role {
role_arn = "arn:aws:iam::${var.company_account_id}:role/OrganizationAccountAccessRole"
configuration_aliases = [
aws.primaryregion,
aws.replicaregion
]
}
}
}

1 change: 0 additions & 1 deletion modules/multy-s3-bucket/0.1.0/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,4 +29,3 @@ variable "backup_region" {
type = string
nullable = false
}

28 changes: 28 additions & 0 deletions s3-buckets.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
module "common_s3" {
source = "./modules/multy-s3-bucket/0.1.0"
providers = {
aws.primaryregion = aws.primaryregion
aws.replicaregion = aws.replicaregion
}

bucket_name = local.bucket_name
this_is_development = var.this_is_development
company_account_id = var.company_account_id
primary_region = var.primary_region
backup_region = var.backup_region
}

module "loki_s3" {
source = "./modules/multy-s3-bucket/0.1.0"
providers = {
aws.primaryregion = aws.primaryregion
aws.replicaregion = aws.replicaregion
}
for_each = toset(var.cluster_environments)

bucket_name = "${local.bucket_name}-${each.value}-loki"
this_is_development = var.this_is_development
company_account_id = var.company_account_id
primary_region = var.primary_region
backup_region = var.backup_region
}
9 changes: 0 additions & 9 deletions s3-common.tf
View file

This file was deleted.

0 comments on commit f08b2fd

Please sign in to comment.