Terraform - Buckets 추가

2024-02-01 16:14:05 +09:00
parent f794df086e
commit bbe2b9331b
7 changed files with 165 additions and 0 deletions
--- a/terraform/buckets/permissions.tf
+++ b/terraform/buckets/permissions.tf
@@ -0,0 +1,50 @@
+resource "aws_s3_bucket_ownership_controls" "ownership" {
+  for_each = var.buckets
+
+  bucket = aws_s3_bucket.bucket[each.key].id
+
+  rule {
+    object_ownership = each.value.object_ownership
+  }
+}
+
+resource "aws_s3_bucket_public_access_block" "public_access_block" {
+  for_each = {for bucket, value in var.buckets : bucket => value if value.public_access == true}
+  
+  bucket = aws_s3_bucket.bucket[each.key].id
+
+  block_public_acls       = false
+  block_public_policy     = false
+  ignore_public_acls      = false
+  restrict_public_buckets = false
+}
+
+resource "aws_s3_bucket_acl" "acl" {
+  for_each = {for bucket, value in var.buckets : bucket => value if value.public_access == true}
+
+  depends_on = [
+    aws_s3_bucket_ownership_controls.ownership,
+    aws_s3_bucket_public_access_block.public_access_block
+  ]
+
+  bucket = aws_s3_bucket.bucket[each.key].id
+  acl    = "public-read"
+}
+
+resource "aws_s3_bucket_policy" "policy" {
+  for_each = {for bucket, value in var.buckets : bucket => value if value.public_access == true}
+  
+  bucket = aws_s3_bucket.bucket[each.key].id
+
+  policy = jsonencode({
+    Version = "2012-10-17",
+    Statement = [
+      {
+        Action    = ["s3:GetObject"],
+        Effect    = "Allow",
+        Resource  = ["${aws_s3_bucket.bucket[each.key].arn}/*"],
+        Principal = "*"
+      }
+    ]
+  })
+}