From e24fcdb3c72c83dd20521bac8b2c29847ed67865 Mon Sep 17 00:00:00 2001
From: clarkzjw <i@jinwei.me>
Date: Sat, 10 Dec 2022 19:58:26 -0800
Subject: infra: create s3 bucket

---
 jinwei.me/infra/outputs.tf |  7 ++++++
 jinwei.me/infra/s3.tf      | 58 ++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 65 insertions(+)
 create mode 100644 jinwei.me/infra/s3.tf

diff --git a/jinwei.me/infra/outputs.tf b/jinwei.me/infra/outputs.tf
index 3537e02..4619f5f 100644
--- a/jinwei.me/infra/outputs.tf
+++ b/jinwei.me/infra/outputs.tf
@@ -27,3 +27,10 @@ output "instance" {
     private_ip = aws_instance.jinwei_me.private_ip
   }
 }
+
+output "s3" {
+  description = "S3 bucket for wordpress"
+  value = {
+    bucket_domain_name = aws_s3_bucket.main.bucket_domain_name
+  }
+}
diff --git a/jinwei.me/infra/s3.tf b/jinwei.me/infra/s3.tf
new file mode 100644
index 0000000..5626390
--- /dev/null
+++ b/jinwei.me/infra/s3.tf
@@ -0,0 +1,58 @@
+resource "random_id" "s3_bucket_suffix" {
+  byte_length = 4
+}
+
+resource "aws_s3_bucket" "main" {
+  bucket = "${var.name}-${random_id.s3_bucket_suffix.hex}"
+}
+
+resource "aws_s3_bucket_public_access_block" "main" {
+  bucket = aws_s3_bucket.main.id
+
+  # https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html
+  block_public_acls       = false
+  ignore_public_acls      = true
+  block_public_policy     = true
+  restrict_public_buckets = true
+}
+
+#resource "aws_s3_bucket_policy" "main" {
+#  bucket = aws_s3_bucket.main.id
+#  policy = data.aws_iam_policy_document.bucket_policy.json
+#}
+
+#data "aws_iam_policy_document" "bucket_policy" {
+#  # Allow CloudFront to read from the bucket
+#  statement {
+#    principals {
+#      type = "Service"
+#      identifiers = [
+#        "cloudfront.amazonaws.com"
+#      ]
+#    }
+#    actions = [
+#      "s3:GetObject"
+#    ]
+#    resources = [
+#      "${aws_s3_bucket.main.arn}/*",
+#    ]
+#    condition {
+#      test     = "StringEquals"
+#      variable = "AWS:SourceArn"
+#      values   = [aws_cloudfront_distribution.main.arn]
+#    }
+#  }
+#}
+
+#resource "aws_ssm_parameter" "s3_bucket" {
+#  name  = "/${local.name}/s3_bucket"
+#  type  = "String"
+#  value = aws_s3_bucket.main.bucket
+#}
+
+resource "aws_s3_object" "healthcheck" {
+  bucket       = aws_s3_bucket.main.id
+  key          = "healthcheck"
+  content      = "OK"
+  content_type = "text/plain"
+}
-- 
cgit v1.2.3