Trang chủ Khám phá Trợ giúp
Đăng ký Đăng nhập
AFS
/
xdr-terraform-modules
2
0
Fork 0
Các tập tin Các vấn đề 0 Yêu cầu kéo về 0 Wiki
Tree: 36243dce8c
Branches Tags
xdr-terraform-m...
/
base
/
codebuild_ecr_base
/
s3.tf

s3.tf 1.1 KB
Lịch sử Raw

123456789101112131415161718192021222324252627282930313233343536373839 
  1. #S3 bucket for codebuild output
    2. 

  2. resource "aws_s3_bucket" "artifacts" {
    3. 

  3.   bucket        = "xdr-codebuild-artifacts"
    4. 

  4.   force_destroy = true
    5. 

  5. }
    6. 

  6. 

  7. resource "aws_s3_bucket_acl" "s3_acl_artifacts" {
    8. 

  8.   bucket = aws_s3_bucket.artifacts.id
    9. 

  9.   acl    = "private"
    10. 

  10. }
    11. 

  11. 

  12. resource "aws_s3_bucket_server_side_encryption_configuration" "s3_sse_artifacts" {
    13. 

  13.   bucket = aws_s3_bucket.artifacts.id
    14. 

  14.   
    15. 

  15.   rule {
    16. 

  16.     apply_server_side_encryption_by_default {
    17. 

  17.       kms_master_key_id = aws_kms_key.s3_codebuild_artifacts.arn
    18. 

  18.       sse_algorithm     = "aws:kms"
    19. 

  19.     }
    20. 

  20.   }
    21. 

  21. }
    22. 

  22. 

  23. resource "aws_s3_bucket_policy" "artifacts" {
    24. 

  24.   bucket = aws_s3_bucket.artifacts.id
    25. 

  25.   policy = data.aws_iam_policy_document.artifacts.json
    26. 

  26. }
    27. 

  27. 

  28. data "aws_iam_policy_document" "artifacts" {
    29. 

  29.   statement {
    30. 

  30.     sid       = "AllowS3Access"
    31. 

  31.     actions   = [ "s3:GetObject", "s3:GetObjectVersion" ]
    32. 

  32.     effect    = "Allow"
    33. 

  33.     resources = [ "${aws_s3_bucket.artifacts.arn}/*" ]
    34. 

  34.     principals {
    35. 

  35.       type        = "AWS"
    36. 

  36.       identifiers = sort([ for a in var.responsible_accounts[var.environment]: "arn:${var.aws_partition}:iam::${a}:root" ])
    37. 

  37.     }
    38. 

  38.   }
    39. 

  39. }
    40.