56 lines
No EOL
1.4 KiB
HCL
56 lines
No EOL
1.4 KiB
HCL
# Create a user first
|
|
resource "minio_iam_user" "service_users" {
|
|
for_each = local.services_s3
|
|
name = each.key
|
|
}
|
|
|
|
resource "minio_accesskey" "service_access_keys" {
|
|
for_each = local.services_s3
|
|
user = minio_iam_user.service_users[each.key].name
|
|
}
|
|
|
|
resource "minio_s3_bucket" "service_buckets" {
|
|
for_each = local.buckets_s3
|
|
bucket = replace("${each.key}.serguzim.me", "_", "-")
|
|
lifecycle {
|
|
prevent_destroy = true
|
|
}
|
|
}
|
|
|
|
resource "minio_iam_policy" "service_bucket_policies" {
|
|
for_each = local.buckets_s3
|
|
name = each.key
|
|
policy = jsonencode({
|
|
Version = "2012-10-17",
|
|
Statement = [
|
|
{
|
|
Sid = "${each.key} statement"
|
|
Effect = "Allow",
|
|
Action = ["s3:*"],
|
|
Principal = "*",
|
|
Resource = "${minio_s3_bucket.service_buckets[each.key].arn}/*"
|
|
}
|
|
]
|
|
})
|
|
}
|
|
|
|
resource "minio_iam_user_policy_attachment" "service_bucket_policy_attachments" {
|
|
for_each = local.buckets_s3
|
|
user_name = minio_iam_user.service_users[each.value].id
|
|
policy_name = minio_iam_policy.service_bucket_policies[each.key].id
|
|
}
|
|
|
|
//resource "minio_iam_service_account" "service_accounts" {
|
|
// for_each = minio_iam_user.service_users
|
|
// target_user = each.value.name
|
|
// policy = jsonencode({
|
|
// Version = "2012-10-17",
|
|
// Statement = [{
|
|
// Action = [
|
|
// "s3:*",
|
|
// ],
|
|
// "Effect": "Allow",
|
|
// "Resource": []
|
|
// }]
|
|
// })
|
|
//} |