From 2f463019ab928b5af290f762665f07e0652a9b55 Mon Sep 17 00:00:00 2001 From: Radon Rosborough Date: Sat, 23 Jan 2021 11:29:03 -0800 Subject: [PATCH] Add Terraform outputs and fix bucket policy --- tf/infra.tf | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) diff --git a/tf/infra.tf b/tf/infra.tf index 2ee2ccd..62155ed 100644 --- a/tf/infra.tf +++ b/tf/infra.tf @@ -33,6 +33,10 @@ resource "aws_iam_user" "deploy" { tags = local.tags } +resource "aws_iam_access_key" "deploy" { + user = aws_iam_user.deploy.name +} + data "aws_iam_policy_document" "deploy" { statement { actions = [ @@ -66,12 +70,49 @@ resource "aws_iam_user_policy_attachment" "deploy" { policy_arn = aws_iam_policy.deploy.arn } +data "aws_iam_policy_document" "riju_debs" { + statement { + principals { + type = "*" + identifiers = ["*"] + } + + actions = [ + "s3:ListBucket", + ] + + resources = [ + "arn:aws:s3:::${aws_s3_bucket.riju_debs.bucket}", + ] + } + + statement { + principals { + type = "*" + identifiers = ["*"] + } + + actions = [ + "s3:GetObject", + ] + + resources = [ + "arn:aws:s3:::${aws_s3_bucket.riju_debs.bucket}/*", + ] + } +} + resource "aws_s3_bucket" "riju_debs" { bucket = "${data.external.env.result.S3_BUCKET}-debs" acl = "public-read" tags = local.tags } +resource "aws_s3_bucket_policy" "riju_debs" { + bucket = aws_s3_bucket.riju_debs.id + policy = data.aws_iam_policy_document.riju_debs.json +} + data "aws_ami" "server" { owners = ["self"] @@ -138,3 +179,15 @@ resource "aws_volume_attachment" "data" { volume_id = aws_ebs_volume.data.id instance_id = aws_instance.server.id } + +output "server_ip_address" { + value = aws_instance.server.public_ip +} + +output "deploy_aws_access_key_id" { + value = aws_iam_access_key.deploy.id +} + +output "deploy_aws_secret_access_key" { + value = aws_iam_access_key.deploy.secret +}