صفحهٔ اصلی گشت‌و‌گذار راهنما
ثبت نام ورود
AFS
/
xdr-terraform-modules
2
0
انشعاب 0
پرونده‌ها مشکلات 0 درخواست واکشی 0 ویکی
درخت: 842895b4b6
شاخه‌ها تگ‌ها
xdr-terraform-m...
/
base
/
codebuild_ecr_base
/
s3.tf

s3.tf 919 B
تاريخچه خام

12345678910111213141516171819202122232425262728293031323334 
  1. #S3 bucket for codebuild output
    2. 

  2. resource "aws_s3_bucket" "artifacts" {
    3. 

  3.   bucket        = "xdr-codebuild-artifacts"
    4. 

  4.   force_destroy = true
    5. 

  5.   acl           = "private"
    6. 

  6. 

  7.   server_side_encryption_configuration {
    8. 

  8.     rule {
    9. 

  9.       apply_server_side_encryption_by_default {
    10. 

  10.         kms_master_key_id = aws_kms_key.s3_codebuild_artifacts.arn
    11. 

  11.         sse_algorithm     = "aws:kms"
    12. 

  12.       }
    13. 

  13.     }
    14. 

  14.   }
    15. 

  15. }
    16. 

  16. 

  17. resource "aws_s3_bucket_policy" "artifacts" {
    18. 

  18.   bucket = aws_s3_bucket.artifacts.id
    19. 

  19.   policy = data.aws_iam_policy_document.artifacts.json
    20. 

  20. }
    21. 

  21. 

  22. data "aws_iam_policy_document" "artifacts" {
    23. 

  23.   statement {
    24. 

  24.     sid = "AllowS3Access"
    25. 

  25.     actions = [ "s3:GetObject", "s3:GetObjectVersion" ]
    26. 

  26.     effect = "Allow"
    27. 

  27.     resources = [ "${aws_s3_bucket.artifacts.arn}/*" ]
    28. 

  28.     principals {
    29. 

  29.       type = "AWS"
    30. 

  30.       identifiers = [ for a in var.responsible_accounts[var.environment]: "arn:${var.aws_partition}:iam::${a}:root" ]
    31. 

  31.     }
    32. 

  32.   }
    33. 

  33. }
    34. 

  34.