diff --git a/infra/static-vultr/s3-reader.tf b/infra/static-vultr/s3-reader.tf new file mode 100644 index 0000000..f6cfc34 --- /dev/null +++ b/infra/static-vultr/s3-reader.tf @@ -0,0 +1,51 @@ +locals { + buckets = [ + "shockrah.xyz", + "resume.shockrah", + "temper.tv" + ] +} + +resource aws_iam_user vultr { + name = "vultr" +} + +data aws_iam_policy_document assume { + statement { + actions = [ "sts:AssumeRole" ] + principals { + type = "AWS" + identifiers = [ aws_iam_user.vultr.arn ] + } + } +} + +data aws_iam_policy_document vultr { + statement { + effect = "Allow" + actions = [ + "s3:List*", + "s3:Get*", + "s3:Describe*" + ] + resources = [ "*" ] + } +} + +resource aws_iam_policy vultr { + name = "vultr" + policy = data.aws_iam_policy_document.vultr.json +} + +resource aws_iam_role vultr { + name = "vultr" + assume_role_policy = data.aws_iam_policy_document.assume.json +} + +resource aws_iam_role_policy_attachment vultr { + role = aws_iam_role.vultr.name + policy_arn = aws_iam_policy.vultr.arn +} + + +