serguzim/infrastructure
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add minio to terraform

Browse source
This commit is contained in:
Tobias Reisinger 2025-06-08 19:33:26 +02:00
parent 4264017641
commit 37a304d161
Signed by: serguzim
GPG key ID: 13AD60C237A28DFE
9 changed files with 130 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

56
modules/services/minio.tf Normal file
View file

@ -0,0 +1,56 @@
# Create a user first
resource "minio_iam_user" "service_users" {
for_each = local.services_s3
name = each.key
}
resource "minio_accesskey" "service_access_keys" {
for_each = local.services_s3
user = minio_iam_user.service_users[each.key].name
}
resource "minio_s3_bucket" "service_buckets" {
for_each = local.buckets_s3
bucket = replace("${each.key}.serguzim.me", "_", "-")
lifecycle {
prevent_destroy = true
}
}
resource "minio_iam_policy" "service_bucket_policies" {
for_each = local.buckets_s3
name = each.key
policy = jsonencode({
Version = "2012-10-17",
Statement = [
{
Sid = "${each.key} statement"
Effect = "Allow",
Action = ["s3:*"],
Principal = "*",
Resource = "${minio_s3_bucket.service_buckets[each.key].arn}/*"
}
]
})
}
resource "minio_iam_user_policy_attachment" "service_bucket_policy_attachments" {
for_each = local.buckets_s3
user_name = minio_iam_user.service_users[each.value].id
policy_name = minio_iam_policy.service_bucket_policies[each.key].id
}
//resource "minio_iam_service_account" "service_accounts" {
// for_each = minio_iam_user.service_users
// target_user = each.value.name
// policy = jsonencode({
// Version = "2012-10-17",
// Statement = [{
// Action = [
// "s3:*",
// ],
// "Effect": "Allow",
// "Resource": []
// }]
// })
//}