Reader account for vultr host

2024-04-27 17:44:13 -07:00 · 2024-04-27 17:44:13 -07:00 · fb960b2f1f
commit fb960b2f1f
parent 7f26b72190
1 changed files with 51 additions and 0 deletions
--- a/infra/static-vultr/s3-reader.tf
+++ b/infra/static-vultr/s3-reader.tf
@ -0,0 +1,51 @@
+locals {
+  buckets = [
+    "shockrah.xyz",
+    "resume.shockrah",
+    "temper.tv"
+  ]
+}
+
+resource aws_iam_user vultr {
+  name = "vultr"
+}
+
+data aws_iam_policy_document assume {
+  statement {
+    actions = [ "sts:AssumeRole" ]
+    principals {
+      type        = "AWS"
+      identifiers = [ aws_iam_user.vultr.arn ]
+    }
+  }
+}
+
+data aws_iam_policy_document vultr {
+  statement {
+    effect = "Allow"
+    actions = [
+      "s3:List*",
+      "s3:Get*",
+      "s3:Describe*"
+    ]
+    resources = [ "*" ]
+  }
+}
+
+resource aws_iam_policy vultr {
+  name   = "vultr"
+  policy = data.aws_iam_policy_document.vultr.json
+}
+
+resource aws_iam_role vultr {
+  name = "vultr"
+  assume_role_policy = data.aws_iam_policy_document.assume.json
+}
+
+resource aws_iam_role_policy_attachment vultr {
+  role       = aws_iam_role.vultr.name
+  policy_arn = aws_iam_policy.vultr.arn
+}
+
+
+