Jafner/Jafner.net
1
0
Fork 0
Code Issues 16 Pull Requests Actions Packages Projects Releases Wiki Activity
272a8eb36c
Jafner.net/homelab/sellswords/aws/aws.tf

84 lines
1.9 KiB
Terraform
Raw Normal View History

Init k3s cluster with Terraform-provisioned AWS S3 bucket for Jafner.dev - Add Terraform statefiles to gitignore - Add *.secret.yml to gitignore for k8s secrets manifests - Init the "sellswords" directory for Terraform code interacting with public cloud providers. - Provision S3 bucket "Jafner-dev" to store static site files. - Describe CORS and access policies to apply to the bucket. - Throw in a budget to prevent nasty surprises. - Init "silver-hand" directory for Kubernetes manifests to be used with the local K3s cluster. - Datashim manifest to facilitate abstracted interaction with S3 bucket. - Kubernetes-dashboard to visualize cluster state. - Jafner-dev to serve contents of S3 bucket.
2024-08-07 16:23:20 -07:00
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 5.0"
}
}
}
provider "aws" {
region = "us-west-2"
shared_config_files = ["/home/joey/.tf/aws_conf"]
shared_credentials_files = ["/home/joey/.tf/aws_cred"]
profile = "default"
}
resource "aws_s3_bucket" "jafner-dev" {
bucket = "jafner-dev"
tags = {
Name = "Jafner.dev"
Environment = "Prod"
}
}
resource "aws_s3_bucket_ownership_controls" "jafner-dev" {
bucket = aws_s3_bucket.jafner-dev.id
rule {
object_ownership = "BucketOwnerPreferred"
}
}
resource "aws_s3_bucket_acl" "jafner-dev" {
depends_on = [aws_s3_bucket_ownership_controls.jafner-dev]
bucket = aws_s3_bucket.jafner-dev.id
acl = "private"
}
resource "aws_s3_bucket_cors_configuration" "jafner-dev" {
bucket = aws_s3_bucket.jafner-dev.id
cors_rule {
allowed_methods = ["GET"]
allowed_origins = ["*"]
}
}
data "aws_iam_policy_document" "Custom_S3BucketFullControl_jafner-dev" {
version = "2012-10-17"
statement {
effect = "Allow"
actions = [
"s3:*",
"s3-object-lambda:*"
]
resources = [
"arn:aws:s3:::jafner-dev"
]
}
}
data "aws_iam_policy_document" "Custom_S3ReadBucket_jafner-dev" {
statement {
effect = "Allow"
actions = [
"s3:Get*",
"s3:List*",
"s3:Describe*",
"s3-object-lambda:Get*",
"se-object-lambda:List*"
]
resources = [
"arn:aws:s3:::jafner-dev"
]
}
}
resource "aws_budgets_budget" "dont-bankrupt-me" {
name = "budget"
budget_type = "COST"
limit_amount = "30.00"
limit_unit = "USD"
time_unit = "MONTHLY"
time_period_start = "2024-08-01_00:01"
}
Reference in New Issue Copy Permalink