首頁 探索 說明
註冊 登入
AFS
/
xdr-terraform-modules
2
0
複刻 0
檔案 問題管理 0 合併請求 0 Wiki
目錄樹: 08b86a9ea0
分支列表 標籤列表
xdr-terraform-m...
/
base
/
codebuild_ecr_base
/
s3.tf

s3.tf 951 B
文件歷史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142 
  1. #S3 bucket for codebuild output
    2. 

  2. resource "aws_s3_bucket" "artifacts" {
    3. 

  3.   bucket        = "xdr-codebuild-artifacts"
    4. 

  4.   force_destroy = true
    5. 

  5.   acl           = "private"
    6. 

  6. 

  7.   server_side_encryption_configuration {
    8. 

  8.     rule {
    9. 

  9.       apply_server_side_encryption_by_default {
    10. 

  10.         kms_master_key_id = aws_kms_key.s3_codebuild_artifacts.arn
    11. 

  11.         sse_algorithm     = "aws:kms"
    12. 

  12.       }
    13. 

  13.     }
    14. 

  14.   }
    15. 

  15. }
    16. 

  16. 

  17. resource "aws_s3_bucket_policy" "artifacts" {
    18. 

  18.   bucket = aws_s3_bucket.artifacts.id
    19. 

  19.   policy =<<POLICY
    20. 

  20. {
    21. 

  21.   "Id": "Policy1532015005972",
    22. 

  22.   "Version": "2012-10-17",
    23. 

  23.   "Statement": [
    24. 

  24.     {
    25. 

  25.       "Sid": "Stmt1532015002611",
    26. 

  26.       "Action": [
    27. 

  27.         "s3:GetObject",
    28. 

  28.         "s3:GetObjectVersion"
    29. 

  29.       ],
    30. 

  30.       "Effect": "Allow",
    31. 

  31.       "Resource": "${aws_s3_bucket.artifacts.arn}/*",
    32. 

  32.       "Principal": {
    33. 

  33.         "AWS": [
    34. 

  34.           "arn:aws-us-gov:iam::738800754746:root",
    35. 

  35.           "arn:aws-us-gov:iam::721817724804:root"
    36. 

  36.         ]
    37. 

  37.       }
    38. 

  38.     }
    39. 

  39.   ]
    40. 

  40. }
    41. 

  41. POLICY
    42. 

  42. }
    43.