50 lines
1.0 KiB
HCL
50 lines
1.0 KiB
HCL
resource "aws_s3_bucket" "bucket" {
|
|
bucket = var.BUCKET_NAME
|
|
|
|
tags = {
|
|
Name = var.BUCKET_NAME
|
|
Environment = var.ENVIRONMENT
|
|
}
|
|
}
|
|
|
|
resource "aws_s3_bucket_versioning" "versioning" {
|
|
bucket = aws_s3_bucket.bucket.id
|
|
|
|
versioning_configuration {
|
|
status = var.ENCRYPTED
|
|
}
|
|
}
|
|
|
|
resource "aws_s3_bucket_public_access_block" "block_public" {
|
|
bucket = aws_s3_bucket.bucket.id
|
|
|
|
block_public_acls = true
|
|
block_public_policy = true
|
|
ignore_public_acls = true
|
|
restrict_public_buckets = true
|
|
}
|
|
|
|
data "aws_iam_policy_document" "bucket_policy" {
|
|
statement {
|
|
sid = "AllowUserReadAccess"
|
|
effect = "Allow"
|
|
|
|
principals {
|
|
type = "AWS"
|
|
identifiers = ["arn:aws:iam::848173547540:user/dummy_user"]
|
|
}
|
|
|
|
actions = [
|
|
"s3:GetObject"
|
|
]
|
|
|
|
resources = [
|
|
"${aws_s3_bucket.bucket.arn}/*"
|
|
]
|
|
}
|
|
}
|
|
|
|
resource "aws_s3_bucket_policy" "bucket_policy" {
|
|
bucket = aws_s3_bucket.bucket.id
|
|
policy = data.aws_iam_policy_document.bucket_policy.json
|
|
} |