junte/Model
1
0
Fork 0
mirror of https://github.com/Hestia-Homes/Model.git synced 2026-06-08 11:17:27 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Updated buckets to generate iam users and separate between lambda and frontend

Browse source
This commit is contained in:
Khalim Conn-Kowlessar 2023-07-13 19:36:56 +01:00
parent 88eb5ee91f
commit a62c9afa45
2 changed files with 46 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

39
infrastructure/terraform/modules/s3_presignable_bucket/main.tf
View file

@ -15,8 +15,35 @@ resource "aws_s3_bucket" "bucket" {
}
}
resource "aws_iam_role" "role" {
name = "s3_presign_role"
resource "aws_iam_user" "presign_frontend_user" {
name = "presign_frontend_user-${var.environment}"
path = "/system/"
}
resource "aws_iam_access_key" "presign_frontend_user_access_key" {
user = aws_iam_user.presign_frontend_user.name
}
resource "aws_secretsmanager_secret" "presign_frontend_user_access_key" {
name = "${var.environment}/presign_frontend/access_key"
}
resource "aws_secretsmanager_secret_version" "presign_frontend_user_access_key" {
secret_id = aws_secretsmanager_secret.presign_frontend_user_access_key.id
secret_string = aws_iam_access_key.presign_frontend_user_access_key.id
}
resource "aws_secretsmanager_secret" "presign_frontend_user_secret_key" {
name = "${var.environment}/presign_frontend/secret_key"
}
resource "aws_secretsmanager_secret_version" "presign_frontend_user_secret_key" {
secret_id = aws_secretsmanager_secret.presign_frontend_user_secret_key.id
secret_string = aws_iam_access_key.presign_frontend_user_access_key.secret
}
resource "aws_iam_role" "presign_frontend_role" {
name = "presign_frontend_role-${var.environment}"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
@ -24,7 +51,7 @@ resource "aws_iam_role" "role" {
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "lambda.amazonaws.com"
"Service": "ec2.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
@ -34,9 +61,9 @@ resource "aws_iam_role" "role" {
EOF
}
resource "aws_iam_role_policy" "policy" {
name = "s3_presign_policy"
role = aws_iam_role.role.id
resource "aws_iam_role_policy" "presign_frontend_policy" {
name = "presign_frontend_policy-${var.environment}"
role = aws_iam_role.presign_frontend_role.id
policy = <<EOF
{

16
infrastructure/terraform/modules/s3_presignable_bucket/outputs.tf
View file

@ -3,7 +3,17 @@ output "bucket_name" {
value = aws_s3_bucket.bucket.bucket
}
output "role_arn" {
description = "The ARN of the IAM role"
value = aws_iam_role.role.arn
output "presign_frontend_role_arn" {
description = "The ARN of the frontend IAM role"
value = aws_iam_role.presign_frontend_role.arn
}
output "presign_frontend_access_key_secret_name" {
description = "The name of the access key secret in AWS Secrets Manager for the frontend user"
value = aws_secretsmanager_secret.presign_frontend_user_access_key.name
}
output "presign_frontend_secret_key_secret_name" {
description = "The name of the secret key secret in AWS Secrets Manager for the frontend user"
value = aws_secretsmanager_secret.presign_frontend_user_secret_key.name
}