S3 infra cleanup

2026-04-26 01:53:14 -07:00
parent 074139e0dd
commit 62d4129b73
7 changed files with 0 additions and 238 deletions
--- a/.gitea/workflows/sec-lint-s3.yaml
+++ b/.gitea/workflows/sec-lint-s3.yaml
@@ -1,19 +0,0 @@
-name: Secops Linting and Safety Checks
-on:
-  push:
-    branches:
-      - master
-
-
-
-jobs:
-  checkov-scan-s3:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout repo code
-        uses: actions/checkout@v4
-      - name: Scan S3 Terraform with Checkov
-        uses: bridgecrewio/checkov-action@master
-        with:
-          directory: infra/s3/
-          framework: terraform
--- a/infra/s3/Makefile
+++ b/infra/s3/Makefile
@@ -1,24 +0,0 @@
-plan=out.plan
-
-SHELL := /bin/bash
-
-$(plan):
-	source ../secrets/set-env.sh && terraform plan -input=false -out $(plan)
-
-push: build
-	source ../secrets/set-env.sh && terraform apply $(plan)
-
-refresh:
-	source ../secrets/set-env.sh && terraform apply -refresh-only
-
-test:
-	terraform validate
-
-
-rip:
-	source ../secrets/set-env.sh && terraform destroy
-
-clean:
-	rm -f $(plan)
-
-.PHONY: test build clean push rip
--- a/infra/s3/backend.tf
+++ b/infra/s3/backend.tf
@@ -1,24 +0,0 @@
-terraform {
-  required_version = ">= 0.13"
-  backend "s3" {
-      bucket  = "project-athens"
-      key     = "infra/s3/state/build.tfstate"
-      region  = "us-west-1"
-      encrypt = true
-  }
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = "4.13.0"
-    }
-  }
-}
-
-# Base config for using AWS features w/ Terraform
-provider "aws" {
-  access_key = var.aws_key
-  secret_key = var.aws_secret
-  region = var.aws_region
-  max_retries = 1
-}
-
--- a/infra/s3/input-vars.tf
+++ b/infra/s3/input-vars.tf
@@ -1,93 +0,0 @@
-# All variables that are used in various places go here
-
-######################### General provider specific values
-
-variable "aws_key" {
-	description = "Access Key for AWS operations"
-	type = string
-	sensitive = true
-}
-
-variable "aws_secret" {
-	description = "Secret Key for AWS operations"
-	type = string
-	sensitive = true
-}
-
-variable "aws_region" {
-	description = "Region where the VPC is located"
-	type = string
-	sensitive = true
-}
-
-variable "vpc_id" {
-  description = "Project Athens VPC ID"
-  type = string
-}
-
-######################### Alpha Cluster variables
-
-variable "athens_prefix" {
-	description = "Prefix for all things in alpha cluster"
-	type = string
-	default = "athens"
-}
-
-######################### Nginx reverse proxy vars
-
-
-# Yes these buckets _could_ be public but where's the fun in that :x
-variable "shockrah_xyz_s3_access_key_id" {
-  description = "Acess key for reading public s3 buckets"
-  type        = string
-  sensitive   = true
-}
-
-variable "shockrah_xyz_s3_secret_key" {
-  description = "Secret key for reading public s3 buckets"
-  type        = string
-  sensitive   = true
-}
-
-variable "nginx_port" {
-  description = "Port for shockrah.xyz"
-  type        = number
-  default     = 80
-}
-
-######################### Nginx reverse proxy vars
-
-variable "shockrah_xyz_bucket" {
-  description = "S3 bucket name"
-  type        = string
-  default     = "shockrah_xyz"
-}
-
-variable "resume_shockrah_xyz_bucket" {
-  description = "S3 bucket name"
-  type        = string
-  default     = "resume_shockrah_xyz"
-}
-
-variable "temper" {
-  type = object({
-    cert_arn = string
-  })
-}
-
-variable "sg" {
-  type = object({
-    base_ecs        = string
-    ecs_web_ingress = string
-    lb_health_check = string
-  })
-}
-
-variable "alpha" {
-  type = object({
-    dns  = string
-    zone = string
-  })
-}
-
-
--- a/infra/s3/local.tf
+++ b/infra/s3/local.tf
@@ -1,8 +0,0 @@
-locals {
-  buckets = [
-    "shockrah.xyz",
-    "resume.shockrah.xyz",
-    "temper.tv"
-  ]
-}
-
--- a/infra/s3/s3.tf
+++ b/infra/s3/s3.tf
@@ -1,17 +0,0 @@
-resource "aws_s3_bucket" "static-content" {
-  for_each = {
-    for idx, record in local.buckets:
-      idx => record
-  }
-  
-  bucket = each.value
-
-  tags = {
-    Name = each.value
-    Description = "Static content"
-  }
-}
-
-
-
-
--- a/infra/s3/website-config.tf
+++ b/infra/s3/website-config.tf
@@ -1,53 +0,0 @@
-##################################################################
-# Below are the acl components for each bucket to make them public
-##################################################################
-
-# TODO: ensure proper dependency chaining to the buckets that these
-# blocks require to be in place _before_ they come up
-
-# Enables website configuration
-resource "aws_s3_bucket_website_configuration" "site" {
-  for_each = aws_s3_bucket.static-content
-  bucket = each.value.bucket
-  index_document {
-    suffix = "index.html"
-  }
-
-  error_document {
-    key = "404.html"
-  }
-}
-
-# Set block public access to false
-resource "aws_s3_bucket_public_access_block" "site" {
-  for_each = aws_s3_bucket.static-content
-  bucket = each.value.bucket
-
-  block_public_acls   = false
-  block_public_policy = false
-  ignore_public_acls  = false
-  restrict_public_buckets = false
-}
-# Set a policy on the bucket to allow reads from anywhere
-resource "aws_s3_bucket_policy" "site" {
-  for_each = aws_s3_bucket.static-content
-  bucket = each.value.bucket
-  policy = jsonencode({
-    Version = "2012-10-17"
-    Statement = [
-      {
-        Sid = "PublicReadGetObject"
-        Effect = "Allow"
-        Principal = "*"
-        Action = "s3:GetObject"
-        Resource = [
-          "arn:aws:s3:::${each.value.bucket}",
-          "arn:aws:s3:::${each.value.bucket}/*",
-        ]
-      }
-    ]
-  })
-}
-
-
-