~repos /website
git clone https://pyrossh.dev/repos/website.git
木 Personal website of pyrossh. Built with astrojs, shiki, vite.
49801ad9
—
pyrossh 1 month ago
add read only user
- infra/main.tf +41 -0
infra/main.tf
CHANGED
|
@@ -272,3 +272,44 @@ resource "aws_route53_record" "a_record_domain" {
|
|
|
272
272
|
evaluate_target_health = false #
|
|
273
273
|
}
|
|
274
274
|
}
|
|
275
|
+
|
|
276
|
+
|
|
277
|
+
resource "aws_iam_user" "repos_bucket_read_user" {
|
|
278
|
+
name = "repos_bucket_read_user"
|
|
279
|
+
path = "/"
|
|
280
|
+
}
|
|
281
|
+
|
|
282
|
+
data "aws_iam_policy_document" "repos_bucket_read_policy" {
|
|
283
|
+
statement {
|
|
284
|
+
actions = [
|
|
285
|
+
"s3:GetObject",
|
|
286
|
+
"s3:ListBucket"
|
|
287
|
+
]
|
|
288
|
+
resources = [
|
|
289
|
+
aws_s3_bucket.repos_bucket.arn,
|
|
290
|
+
"${aws_s3_bucket.repos_bucket.arn}/*",
|
|
291
|
+
]
|
|
292
|
+
}
|
|
293
|
+
}
|
|
294
|
+
|
|
295
|
+
resource "aws_iam_policy" "repos_bucket_read_policy" {
|
|
296
|
+
name = "repos_bucket_read_policy"
|
|
297
|
+
policy = data.aws_iam_policy_document.repos_bucket_read_policy.json
|
|
298
|
+
}
|
|
299
|
+
|
|
300
|
+
resource "aws_iam_user_policy_attachment" "repos_bucket_read_attachment" {
|
|
301
|
+
user = aws_iam_user.repos_bucket_read_user.name
|
|
302
|
+
policy_arn = aws_iam_policy.repos_bucket_read_policy.arn
|
|
303
|
+
}
|
|
304
|
+
|
|
305
|
+
resource "aws_iam_access_key" "repos_bucket_read_key" {
|
|
306
|
+
user = aws_iam_user.repos_bucket_read_user.name
|
|
307
|
+
}
|
|
308
|
+
|
|
309
|
+
output "aws_access_key_id" {
|
|
310
|
+
value = aws_iam_access_key.repos_bucket_read_key.id
|
|
311
|
+
}
|
|
312
|
+
|
|
313
|
+
output "aws_secret_access_key" {
|
|
314
|
+
value = aws_iam_access_key.repos_bucket_read_key.secret
|
|
315
|
+
}
|