From 43b490ed22aa0d8fcf2eb5de17a943d44069cef1 Mon Sep 17 00:00:00 2001 From: Debakel Orakel Date: Sat, 31 Aug 2024 19:02:01 +0200 Subject: [PATCH] Support creating buckets on aws --- aws_bucket/main.tf | 60 +++++++++++++++++++++++++++++++++++++++++ aws_bucket/outputs.tf | 8 ++++++ aws_bucket/providers.tf | 9 +++++++ aws_bucket/variables.tf | 18 +++++++++++++ 4 files changed, 95 insertions(+) create mode 100644 aws_bucket/main.tf create mode 100644 aws_bucket/outputs.tf create mode 100644 aws_bucket/providers.tf create mode 100644 aws_bucket/variables.tf diff --git a/aws_bucket/main.tf b/aws_bucket/main.tf new file mode 100644 index 0000000..e9c2eb5 --- /dev/null +++ b/aws_bucket/main.tf @@ -0,0 +1,60 @@ +## ----- locals ---------------------------------------------------------------- + +locals { + create_user = var.user_name == "" ? true : false + bucket_name = var.bucket_prefix == "" ? var.bucket_name : format("%s-%s", var.bucket_prefix, var.bucket_name) + user_name = var.user_name == "" ? local.bucket_name : var.user_name +} + +## ----- bucket user ----------------------------------------------------------- + +module "user" { + source = "../aws_user" + count = local.create_user ? 1 : 0 + + user_name = local.user_name + path = "/bucket-users/" +} + +data "aws_iam_user" "bucket" { + count = local.create_user ? 0 : 1 + + user_name = local.user_name +} + +## ----- access control -------------------------------------------------------- + +data "aws_iam_policy_document" "bucket" { + statement { + actions = [ + "s3:ListBucket", + ] + + resources = [ + format("%s", aws_s3_bucket.bucket.arn), + ] + } + statement { + actions = [ + "s3:GetObject", + "s3:PutObject", + "s3:DeleteObject", + ] + + resources = [ + format("%s/*", aws_s3_bucket.bucket.arn), + ] + } +} + +resource "aws_iam_user_policy" "bucket" { + name = local.create_user ? format("%s-access", local.user_name) : format("%s-%s-access", local.user_name, local.bucket_name) + user = local.user_name + policy = data.aws_iam_policy_document.bucket.json +} + +## ----- bucket ---------------------------------------------------------------- + +resource "aws_s3_bucket" "bucket" { + bucket = local.bucket_name +} diff --git a/aws_bucket/outputs.tf b/aws_bucket/outputs.tf new file mode 100644 index 0000000..4b29490 --- /dev/null +++ b/aws_bucket/outputs.tf @@ -0,0 +1,8 @@ +output "user_access_key" { + value = local.create_user ? module.user[0].access_key : null +} + +output "user_secret_key" { + value = local.create_user ? module.user[0].secret_key : null + sensitive = true +} diff --git a/aws_bucket/providers.tf b/aws_bucket/providers.tf new file mode 100644 index 0000000..0b240bc --- /dev/null +++ b/aws_bucket/providers.tf @@ -0,0 +1,9 @@ +terraform { + required_version = ">= 1.9.5" + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 5.65.0" + } + } +} diff --git a/aws_bucket/variables.tf b/aws_bucket/variables.tf new file mode 100644 index 0000000..50de307 --- /dev/null +++ b/aws_bucket/variables.tf @@ -0,0 +1,18 @@ +## ----- general configuration ------------------------------------------------- + +variable "bucket_name" { + description = "Name of the bucket." + type = string +} + +variable "bucket_prefix" { + description = "Prefix for the bucket name." + type = string + default = "tegridy" +} + +variable "user_name" { + description = "If provided no additional user will be created." + type = string + default = "" +}