From 8bc18dcf99681fd41783dfbf4211209707e009ce Mon Sep 17 00:00:00 2001 From: shockrah Date: Sun, 1 Oct 2023 19:17:38 -0700 Subject: [PATCH] New website bucket --- infra/readme | 7 +++++++ infra/s3.tf | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 63 insertions(+) create mode 100644 infra/readme create mode 100644 infra/s3.tf diff --git a/infra/readme b/infra/readme new file mode 100644 index 0000000..cee5fce --- /dev/null +++ b/infra/readme @@ -0,0 +1,7 @@ +Resources Defined Here + +* Route53 Zone +* ACM Certificate +* S3 bucket for website & Terraform state + + diff --git a/infra/s3.tf b/infra/s3.tf new file mode 100644 index 0000000..b3b4ec9 --- /dev/null +++ b/infra/s3.tf @@ -0,0 +1,56 @@ +resource "aws_s3_bucket" "website" { + bucket = "temper.tv" + + tags = { + Name = "temper.tv" + Description = "Static content for temper.tv" + } +} + +############################################################### +# Below are the acl components for the bucket to make it public +############################################################### + +# Enables website configuration +resource "aws_s3_bucket_website_configuration" "site" { + bucket = aws_s3_bucket.website.bucket + index_document { + suffix = "index.html" + } + + error_document { + key = "404.html" + } +} + +# Set block public access to false +resource "aws_s3_bucket_public_access_block" "site" { + bucket = aws_s3_bucket.website.bucket + + block_public_acls = false + block_public_policy = false + ignore_public_acls = false + restrict_public_buckets = false +} + + +# Set a policy on the bucket to allow reads from anywhere +resource "aws_s3_bucket_policy" "site" { + bucket = aws_s3_bucket.website.bucket + policy = jsonencode({ + Version = "2012-10-17" + Statement = [ + { + Sid = "PublicReadGetObject" + Effect = "Allow" + Principal = "*" + Action = "s3:GetObject" + Resource = [ + "arn:aws:s3:::${aws_s3_bucket.website.bucket}", + "arn:aws:s3:::${aws_s3_bucket.website.bucket}/*", + ] + } + ] + }) +} +