80 lines
1.9 KiB
HCL
80 lines
1.9 KiB
HCL
terraform {
|
|
required_providers {
|
|
aws = {
|
|
source = "hashicorp/aws"
|
|
version = "5.17.0"
|
|
configuration_aliases = [aws.main]
|
|
}
|
|
}
|
|
}
|
|
|
|
|
|
# S3 Bucket
|
|
|
|
resource "aws_s3_bucket" "default" {
|
|
bucket = "${var.project_name}-bucket"
|
|
}
|
|
|
|
resource "aws_s3_bucket_public_access_block" "bucket_public_disabled" {
|
|
bucket = aws_s3_bucket.default.id
|
|
|
|
block_public_acls = false
|
|
block_public_policy = false
|
|
ignore_public_acls = false
|
|
restrict_public_buckets = false
|
|
}
|
|
|
|
resource "aws_s3_bucket_ownership_controls" "s3_bucket_acl_ownership" {
|
|
bucket = aws_s3_bucket.default.id
|
|
rule {
|
|
object_ownership = "BucketOwnerPreferred"
|
|
}
|
|
depends_on = [aws_s3_bucket_public_access_block.bucket_public_disabled]
|
|
}
|
|
|
|
resource "aws_s3_bucket_acl" "default" {
|
|
bucket = aws_s3_bucket.default.id
|
|
acl = "private"
|
|
depends_on = [aws_s3_bucket_ownership_controls.s3_bucket_acl_ownership]
|
|
}
|
|
|
|
resource "aws_s3_bucket_policy" "default" {
|
|
bucket = aws_s3_bucket.default.id
|
|
depends_on = [aws_s3_bucket_public_access_block.bucket_public_disabled]
|
|
policy = <<POLICY
|
|
{
|
|
"Version": "2012-10-17",
|
|
"Statement": [
|
|
{
|
|
"Effect": "Allow",
|
|
"Principal": {
|
|
"AWS": "*"
|
|
},
|
|
"Action": [
|
|
"s3:PutObject",
|
|
"s3:GetObject",
|
|
"s3:DeleteObject",
|
|
"s3:PutObjectAcl",
|
|
"s3:GetObjectAcl",
|
|
"s3:ListBucket"
|
|
],
|
|
"Resource": [
|
|
"${aws_s3_bucket.default.arn}",
|
|
"${aws_s3_bucket.default.arn}/*"
|
|
]
|
|
}
|
|
]
|
|
}
|
|
POLICY
|
|
}
|
|
|
|
resource "aws_s3_bucket_cors_configuration" "default" {
|
|
bucket = aws_s3_bucket.default.bucket
|
|
|
|
cors_rule {
|
|
allowed_headers = ["*"]
|
|
allowed_methods = ["GET", "PUT", "POST", "DELETE", "HEAD"]
|
|
allowed_origins = ["https://${var.project_domain}"]
|
|
}
|
|
}
|