aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--jinwei.me/infra/outputs.tf7
-rw-r--r--jinwei.me/infra/s3.tf58
2 files changed, 65 insertions, 0 deletions
diff --git a/jinwei.me/infra/outputs.tf b/jinwei.me/infra/outputs.tf
index 3537e02..4619f5f 100644
--- a/jinwei.me/infra/outputs.tf
+++ b/jinwei.me/infra/outputs.tf
@@ -27,3 +27,10 @@ output "instance" {
27 private_ip = aws_instance.jinwei_me.private_ip 27 private_ip = aws_instance.jinwei_me.private_ip
28 } 28 }
29} 29}
30
31output "s3" {
32 description = "S3 bucket for wordpress"
33 value = {
34 bucket_domain_name = aws_s3_bucket.main.bucket_domain_name
35 }
36}
diff --git a/jinwei.me/infra/s3.tf b/jinwei.me/infra/s3.tf
new file mode 100644
index 0000000..5626390
--- /dev/null
+++ b/jinwei.me/infra/s3.tf
@@ -0,0 +1,58 @@
1resource "random_id" "s3_bucket_suffix" {
2 byte_length = 4
3}
4
5resource "aws_s3_bucket" "main" {
6 bucket = "${var.name}-${random_id.s3_bucket_suffix.hex}"
7}
8
9resource "aws_s3_bucket_public_access_block" "main" {
10 bucket = aws_s3_bucket.main.id
11
12 # https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html
13 block_public_acls = false
14 ignore_public_acls = true
15 block_public_policy = true
16 restrict_public_buckets = true
17}
18
19#resource "aws_s3_bucket_policy" "main" {
20# bucket = aws_s3_bucket.main.id
21# policy = data.aws_iam_policy_document.bucket_policy.json
22#}
23
24#data "aws_iam_policy_document" "bucket_policy" {
25# # Allow CloudFront to read from the bucket
26# statement {
27# principals {
28# type = "Service"
29# identifiers = [
30# "cloudfront.amazonaws.com"
31# ]
32# }
33# actions = [
34# "s3:GetObject"
35# ]
36# resources = [
37# "${aws_s3_bucket.main.arn}/*",
38# ]
39# condition {
40# test = "StringEquals"
41# variable = "AWS:SourceArn"
42# values = [aws_cloudfront_distribution.main.arn]
43# }
44# }
45#}
46
47#resource "aws_ssm_parameter" "s3_bucket" {
48# name = "/${local.name}/s3_bucket"
49# type = "String"
50# value = aws_s3_bucket.main.bucket
51#}
52
53resource "aws_s3_object" "healthcheck" {
54 bucket = aws_s3_bucket.main.id
55 key = "healthcheck"
56 content = "OK"
57 content_type = "text/plain"
58}
Powered by cgit v1.2.3 (git 2.41.0)