50 lines
1.3 KiB
HCL
50 lines
1.3 KiB
HCL
resource "aws_s3_bucket_ownership_controls" "ownership" {
|
|
for_each = var.buckets
|
|
|
|
bucket = aws_s3_bucket.bucket[each.key].id
|
|
|
|
rule {
|
|
object_ownership = each.value.object_ownership
|
|
}
|
|
}
|
|
|
|
resource "aws_s3_bucket_public_access_block" "public_access_block" {
|
|
for_each = {for bucket, value in var.buckets : bucket => value if value.public_access == true}
|
|
|
|
bucket = aws_s3_bucket.bucket[each.key].id
|
|
|
|
block_public_acls = false
|
|
block_public_policy = false
|
|
ignore_public_acls = false
|
|
restrict_public_buckets = false
|
|
}
|
|
|
|
resource "aws_s3_bucket_acl" "acl" {
|
|
for_each = {for bucket, value in var.buckets : bucket => value if value.public_access == true}
|
|
|
|
depends_on = [
|
|
aws_s3_bucket_ownership_controls.ownership,
|
|
aws_s3_bucket_public_access_block.public_access_block
|
|
]
|
|
|
|
bucket = aws_s3_bucket.bucket[each.key].id
|
|
acl = "public-read"
|
|
}
|
|
|
|
resource "aws_s3_bucket_policy" "policy" {
|
|
for_each = {for bucket, value in var.buckets : bucket => value if value.public_access == true}
|
|
|
|
bucket = aws_s3_bucket.bucket[each.key].id
|
|
|
|
policy = jsonencode({
|
|
Version = "2012-10-17",
|
|
Statement = [
|
|
{
|
|
Action = ["s3:GetObject"],
|
|
Effect = "Allow",
|
|
Resource = ["${aws_s3_bucket.bucket[each.key].arn}/*"],
|
|
Principal = "*"
|
|
}
|
|
]
|
|
})
|
|
} |