From e24fcdb3c72c83dd20521bac8b2c29847ed67865 Mon Sep 17 00:00:00 2001 From: clarkzjw Date: Sat, 10 Dec 2022 19:58:26 -0800 Subject: infra: create s3 bucket --- jinwei.me/infra/outputs.tf | 7 ++++++ jinwei.me/infra/s3.tf | 58 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 65 insertions(+) create mode 100644 jinwei.me/infra/s3.tf diff --git a/jinwei.me/infra/outputs.tf b/jinwei.me/infra/outputs.tf index 3537e02..4619f5f 100644 --- a/jinwei.me/infra/outputs.tf +++ b/jinwei.me/infra/outputs.tf @@ -27,3 +27,10 @@ output "instance" { private_ip = aws_instance.jinwei_me.private_ip } } + +output "s3" { + description = "S3 bucket for wordpress" + value = { + bucket_domain_name = aws_s3_bucket.main.bucket_domain_name + } +} diff --git a/jinwei.me/infra/s3.tf b/jinwei.me/infra/s3.tf new file mode 100644 index 0000000..5626390 --- /dev/null +++ b/jinwei.me/infra/s3.tf @@ -0,0 +1,58 @@ +resource "random_id" "s3_bucket_suffix" { + byte_length = 4 +} + +resource "aws_s3_bucket" "main" { + bucket = "${var.name}-${random_id.s3_bucket_suffix.hex}" +} + +resource "aws_s3_bucket_public_access_block" "main" { + bucket = aws_s3_bucket.main.id + + # https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html + block_public_acls = false + ignore_public_acls = true + block_public_policy = true + restrict_public_buckets = true +} + +#resource "aws_s3_bucket_policy" "main" { +# bucket = aws_s3_bucket.main.id +# policy = data.aws_iam_policy_document.bucket_policy.json +#} + +#data "aws_iam_policy_document" "bucket_policy" { +# # Allow CloudFront to read from the bucket +# statement { +# principals { +# type = "Service" +# identifiers = [ +# "cloudfront.amazonaws.com" +# ] +# } +# actions = [ +# "s3:GetObject" +# ] +# resources = [ +# "${aws_s3_bucket.main.arn}/*", +# ] +# condition { +# test = "StringEquals" +# variable = "AWS:SourceArn" +# values = [aws_cloudfront_distribution.main.arn] +# } +# } +#} + +#resource "aws_ssm_parameter" "s3_bucket" { +# name = "/${local.name}/s3_bucket" +# type = "String" +# value = aws_s3_bucket.main.bucket +#} + +resource "aws_s3_object" "healthcheck" { + bucket = aws_s3_bucket.main.id + key = "healthcheck" + content = "OK" + content_type = "text/plain" +} -- cgit v1.2.3