sa_8001/dsk-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
dsk-iac/terraform/buckets/permissions.tf

73 lines
2.0 KiB
HCL
Raw Permalink Blame History

resource "aws_s3_bucket_ownership_controls" "ownership" {
for_each = var.buckets
bucket = aws_s3_bucket.bucket[each.key].id
rule {
object_ownership = each.value.object_ownership
}
}
resource "aws_s3_bucket_public_access_block" "public_access_block" {
for_each = {for bucket, value in var.buckets : bucket => value if value.public_access == true}
bucket = aws_s3_bucket.bucket[each.key].id
block_public_acls = false
block_public_policy = false
ignore_public_acls = false
restrict_public_buckets = false
}
resource "aws_s3_bucket_public_access_block" "private_access_block" {
for_each = {for bucket, value in var.buckets : bucket => value if value.public_access == false}
bucket = aws_s3_bucket.bucket[each.key].id
block_public_acls = true
block_public_policy = true
ignore_public_acls = true
restrict_public_buckets = true
}
resource "aws_s3_bucket_acl" "public_acl" {
for_each = {for bucket, value in var.buckets : bucket => value if value.public_access == true}
depends_on = [
aws_s3_bucket_ownership_controls.ownership,
aws_s3_bucket_public_access_block.public_access_block
]
bucket = aws_s3_bucket.bucket[each.key].id
acl = "public-read"
}
resource "aws_s3_bucket_acl" "private_acl" {
for_each = {for bucket, value in var.buckets : bucket => value if value.public_access == false}
depends_on = [
aws_s3_bucket_ownership_controls.ownership,
aws_s3_bucket_public_access_block.private_access_block
]
bucket = aws_s3_bucket.bucket[each.key].id
acl = "private"
}
resource "aws_s3_bucket_policy" "policy" {
for_each = {for bucket, value in var.buckets : bucket => value if value.public_access == true}
bucket = aws_s3_bucket.bucket[each.key].id
policy = jsonencode({
Version = "2012-10-17",
Statement = [
{
Action = ["s3:GetObject"],
Effect = "Allow",
Resource = ["${aws_s3_bucket.bucket[each.key].arn}/*"],
Principal = "*"
}
]
})
}
Reference in New Issue View Git Blame Copy Permalink