Sha256: bda825c332a6a2c8708ef3c8660c3b934eecfcabc39f47a839a669013b4075b6
Contents?: true
Size: 1.92 KB
Versions: 5
Compression:
Stored size: 1.92 KB
Contents
# AWS provider version is 3.33.0
# https://registry.terraform.io/providers/hashicorp/aws/3.33.0
provider "aws" {
region = "<%= config[:aws_region] %>"
}
resource "aws_kms_key" "docs_kms_key" {
description = "This key is used to encrypt objects in the DocSpring S3 bucket"
deletion_window_in_days = 14
}
# Later versions of aws provider (e.g. 4.8.0) use separate resources for
# aws_s3_bucket_acl and aws_s3_bucket_cors_configuration.
# This will need to be updated in the future.
resource "aws_s3_bucket" "docs_s3_bucket" {
bucket = "<%= config.fetch(:stack_name) %>-<%= config.fetch(:s3_bucket_name) %>"
acl = "private"
server_side_encryption_configuration {
rule {
apply_server_side_encryption_by_default {
kms_master_key_id = aws_kms_key.docs_kms_key.arn
sse_algorithm = "aws:kms"
}
}
}
<%= config[:s3_bucket_cors_rule] %>
}
resource "aws_iam_user" "docspring_s3_user" {
name = "<%= config.fetch(:stack_name) %>-<%= config.fetch(:s3_bucket_name) %>"
}
resource "aws_iam_access_key" "docspring_user_access_key" {
user = aws_iam_user.docspring_s3_user.name
}
resource "aws_iam_user_policy" "docspring_user_s3_policy" {
name = "docspring_user_s3_policy"
user = aws_iam_user.docspring_s3_user.name
policy = jsonencode({
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:PutObjectAcl",
"s3:GetObject",
"s3:GetObjectAcl",
"s3:DeleteObject"
],
"Resource": [
"arn:aws:s3:::<%= config.fetch(:stack_name) %>-<%= config.fetch(:s3_bucket_name) %>/*",
]
},
{
"Effect": "Allow",
"Action": [
"kms:Encrypt",
"kms:Decrypt",
"kms:ReEncrypt*",
"kms:GenerateDataKey*",
"kms:DescribeKey"
],
"Resource": "*"
}
]
})
}
Version data entries
5 entries across 5 versions & 1 rubygems