module "bucket" {
  source = "../s3_bucket"

  bucket_name        = var.bucket_name
  versioning_enabled = true
  retention_days     = 90
}

resource "aws_iam_user" "forgejo_backup" {
  name = "forgejo-backup"
}

resource "aws_iam_access_key" "forgejo_backup" {
  user = aws_iam_user.forgejo_backup.name
}

resource "aws_iam_user_policy" "forgejo_backup" {
  name = "forgejo-backup-s3"
  user = aws_iam_user.forgejo_backup.name

  policy = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Effect = "Allow"
        Action = [
          "s3:PutObject",
          "s3:GetObject",
          "s3:DeleteObject",
          "s3:ListBucket"
        ]
        Resource = [
          module.bucket.bucket_arn,
          "${module.bucket.bucket_arn}/*"
        ]
      }
    ]
  })
}