diff --git a/infra/s3/Makefile b/infra/s3/Makefile index cb42529..adab9c5 100644 --- a/infra/s3/Makefile +++ b/infra/s3/Makefile @@ -2,7 +2,7 @@ plan=out.plan SHELL := /bin/bash -$(plan): *.tf +$(plan): source ../secrets/set-env.sh && terraform plan -input=false -out $(plan) push: build diff --git a/infra/s3/local.tf b/infra/s3/local.tf index 3c59afd..b446cdf 100644 --- a/infra/s3/local.tf +++ b/infra/s3/local.tf @@ -1,7 +1,8 @@ locals { buckets = [ "shockrah.xyz", - "resume.shockrah.xyz" + "resume.shockrah.xyz", + "temper.tv" ] } diff --git a/infra/s3/website-config.tf b/infra/s3/website-config.tf index cb632a8..8999f2d 100644 --- a/infra/s3/website-config.tf +++ b/infra/s3/website-config.tf @@ -7,8 +7,8 @@ # Enables website configuration resource "aws_s3_bucket_website_configuration" "site" { - for_each = toset(local.buckets) - bucket = each.value + for_each = aws_s3_bucket.static-content + bucket = each.value.bucket index_document { suffix = "index.html" } @@ -20,8 +20,8 @@ resource "aws_s3_bucket_website_configuration" "site" { # Set block public access to false resource "aws_s3_bucket_public_access_block" "site" { - for_each = toset(local.buckets) - bucket = each.value + for_each = aws_s3_bucket.static-content + bucket = each.value.bucket block_public_acls = false block_public_policy = false @@ -30,8 +30,8 @@ resource "aws_s3_bucket_public_access_block" "site" { } # Set a policy on the bucket to allow reads from anywhere resource "aws_s3_bucket_policy" "site" { - for_each = toset(local.buckets) - bucket = each.value + for_each = aws_s3_bucket.static-content + bucket = each.value.bucket policy = jsonencode({ Version = "2012-10-17" Statement = [ @@ -41,8 +41,8 @@ resource "aws_s3_bucket_policy" "site" { Principal = "*" Action = "s3:GetObject" Resource = [ - "arn:aws:s3:::${each.value}", - "arn:aws:s3:::${each.value}/*", + "arn:aws:s3:::${each.value.bucket}", + "arn:aws:s3:::${each.value.bucket}/*", ] } ]