mirror of
https://github.com/Noratrieb/vps.git
synced 2026-01-14 16:55:00 +01:00
68 lines
1.5 KiB
HCL
68 lines
1.5 KiB
HCL
resource "aws_s3_bucket" "backups" {
|
|
bucket = "nilstrieb-backups"
|
|
}
|
|
|
|
resource "aws_s3_bucket_lifecycle_configuration" "backups_lifecycle" {
|
|
bucket = aws_s3_bucket.backups.bucket
|
|
rule {
|
|
id = "1-cold"
|
|
|
|
filter {
|
|
prefix = "1/"
|
|
}
|
|
|
|
transition {
|
|
days = 30
|
|
storage_class = "GLACIER_IR"
|
|
}
|
|
|
|
status = "Enabled"
|
|
}
|
|
}
|
|
|
|
resource "aws_iam_user" "backup_uploader" {
|
|
name = "backup-uploader"
|
|
}
|
|
|
|
resource "aws_iam_access_key" "backup_uploader" {
|
|
user = aws_iam_user.backup_uploader.name
|
|
}
|
|
|
|
|
|
resource "aws_iam_group" "backup_uploaders" {
|
|
name = "backup-uploaders"
|
|
}
|
|
|
|
resource "aws_iam_user_group_membership" "backup_uploader" {
|
|
user = aws_iam_user.backup_uploader.name
|
|
groups = [ aws_iam_group.backup_uploaders.name ]
|
|
}
|
|
|
|
resource "aws_iam_group_policy" "upload_backup" {
|
|
name = "nilstrieb-backups-upload"
|
|
group = aws_iam_group.backup_uploaders.name
|
|
policy = jsonencode({
|
|
"Version":"2012-10-17",
|
|
"Statement":[
|
|
{
|
|
"Effect":"Allow",
|
|
"Action":"s3:PutObject",
|
|
"Resource":"arn:aws:s3:::${aws_s3_bucket.backups.bucket}/1/*"
|
|
},
|
|
{
|
|
"Effect":"Deny",
|
|
"Action":"s3:*",
|
|
"NotResource":"arn:aws:s3:::${aws_s3_bucket.backups.bucket}/1/*"
|
|
}
|
|
]
|
|
})
|
|
}
|
|
|
|
|
|
output "backup_access_key_id" {
|
|
value = aws_iam_access_key.backup_uploader.id
|
|
}
|
|
output "backup_access_key_secret" {
|
|
value = aws_iam_access_key.backup_uploader.secret
|
|
sensitive = true
|
|
}
|